raWrz Skrevet 17. september 2008 Del Skrevet 17. september 2008 (endret) datan min fryser helt avogtil får ikke kjørt noe som helst men jeg lan trykke eks winamp osv :s bare si hvis dere savner noe (det er en acer aspire 5930g med vista 32bit) logger: (jeg har kjørt mbam før og det sletta det den fant..) combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-09-16.05 - simen-pc 2008-09-17 17:19:23.1 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2101 [GMT 2:00] Running from: C:\Users\simen-pc\Desktop\virus\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\simen-pc\AppData\Roaming\.# . ((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 ))))))))))))))))))))))))))))))) . 2008-09-15 22:29 . 2008-09-16 20:35 <DIR> d-------- C:\Users\simen-pc\AppData\Roaming\uTorrent 2008-09-14 12:28 . 2008-09-14 16:32 <DIR> d-------- C:\Users\simen-pc\AppData\Roaming\Winamp 2008-09-14 12:28 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll 2008-09-13 10:45 . 2008-09-13 10:54 <DIR> d-------- C:\Windows\.jagex_cache_32 2008-09-13 10:02 . 2008-09-13 10:30 <DIR> d-------- C:\Windows\System32\Adobe 2008-09-13 03:45 . 2008-09-13 17:45 <DIR> d-------- C:\Program Files\ArtMoney 2008-09-10 19:40 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 19:40 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-10 19:39 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 19:39 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 19:39 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 19:39 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 19:39 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-10 19:39 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 19:39 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-09 23:54 . 2008-09-09 23:54 <DIR> d-------- C:\Users\All Users\Auslogics 2008-09-09 23:54 . 2008-09-09 23:54 <DIR> d-------- C:\ProgramData\Auslogics 2008-09-07 20:50 . 2007-12-13 17:19 55,808 --a------ C:\temp\devcon.exe 2008-09-07 20:49 . 2008-09-07 20:50 <DIR> d-------- C:\temp 2008-09-04 22:45 . 2008-06-26 06:30 3,662,848 --a------ C:\Windows\System32\drivers\NETw5v32.sys 2008-09-04 22:37 . 2008-07-20 17:44 324,120 --a------ C:\Windows\System32\drivers\iaStor.sys 2008-09-04 22:37 . 2006-11-10 09:25 319,456 --a------ C:\Windows\System32\difxapi.dll 2008-08-31 17:57 . 2008-08-31 17:57 250 --a------ C:\Windows\gmer.ini 2008-08-31 16:31 . 2008-08-31 16:32 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-08-31 13:24 . 2008-08-31 13:59 52 --a------ C:\Windows\wb.ini 2008-08-31 13:05 . 2008-08-31 13:15 <DIR> d-------- C:\Users\simen-pc\AppData\Roaming\Stardock 2008-08-31 13:05 . 2008-08-31 13:05 <DIR> d-------- C:\Users\All Users\Stardock 2008-08-31 13:05 . 2008-08-31 13:05 <DIR> d-------- C:\ProgramData\Stardock 2008-08-31 12:26 . 2008-08-31 12:26 23,600 --a------ C:\Windows\System32\drivers\TVICHW32.SYS 2008-08-30 19:31 . 2008-08-30 19:31 3,932,214 --a------ C:\Windows\Invader1280.bmp 2008-08-30 19:30 . 2008-08-31 14:02 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-08-30 01:49 . 2008-02-25 16:28 238,080 --a------ C:\Windows\System32\ITEIO_64.dll 2008-08-30 01:49 . 2008-02-25 16:29 14,544 --a------ C:\Windows\System32\drivers\TVicPort.sys 2008-08-30 01:49 . 2008-02-25 16:29 6,080 --a------ C:\Windows\System32\drivers\zntport.sys 2008-08-30 01:43 . 2008-03-21 13:21 487,424 --a------ C:\Windows\System32\INT15.dll 2008-08-30 01:43 . 2008-03-21 10:48 17,952 --a------ C:\Windows\System32\drivers\int15_64.sys 2008-08-30 01:43 . 2008-03-21 10:48 15,392 --a------ C:\Windows\System32\drivers\int15.sys 2008-08-30 01:25 . 2008-08-30 01:25 <DIR> d-------- C:\Program Files\Marvell 2008-08-30 01:24 . 2008-08-30 01:24 <DIR> d-------- C:\Users\All Users\Broadcom 2008-08-30 01:24 . 2008-08-30 01:24 <DIR> d-------- C:\ProgramData\Broadcom 2008-08-30 01:22 . 2008-08-30 01:22 <DIR> d-------- C:\Windows\System32\nn-NO 2008-08-30 01:22 . 2008-08-30 01:22 <DIR> d-------- C:\Users\All Users\Atheros 2008-08-30 01:22 . 2008-08-30 01:22 <DIR> d-------- C:\ProgramData\Atheros 2008-08-30 01:22 . 2008-08-30 01:22 <DIR> d-------- C:\Program Files\Atheros 2008-08-30 01:22 . 2008-05-19 19:42 912,384 --a------ C:\Windows\System32\athr.sys 2008-08-30 01:22 . 2008-04-07 21:59 393,216 --a------ C:\Windows\System32\athihvs.dll 2008-08-30 01:22 . 2008-04-07 22:00 376,832 --a------ C:\Windows\System32\S64CPA.exe 2008-08-30 01:22 . 2008-05-19 19:41 115,709 --a------ C:\Windows\System32\netathr.inf 2008-08-30 01:22 . 2008-04-07 21:59 53,248 --a------ C:\Windows\System32\athihvui.dll 2008-08-30 01:22 . 2008-05-21 14:23 38,657 --a------ C:\Windows\System32\athrext.cat 2008-08-30 01:19 . 2008-08-30 01:19 <DIR> d-------- C:\Windows\System32\es-MX 2008-08-30 01:19 . 2008-08-30 01:19 <DIR> d-------- C:\Windows\System32\es-AR 2008-08-30 01:19 . 2008-02-12 13:19 233,472 --a------ C:\Windows\System32\BtwRSupport.dll 2008-08-30 01:17 . 2008-08-30 01:27 <DIR> d-------- C:\Windows\Downloaded Installations 2008-08-30 01:17 . 2008-08-30 01:17 <DIR> d-------- C:\Program Files\LITEON 2008-08-30 00:55 . 2008-08-30 00:55 <DIR> d-------- C:\Windows\Options 2008-08-30 00:55 . 2008-03-18 11:36 54,824 --------- C:\Windows\System32\agrsmdel.exe 2008-08-30 00:50 . 2008-08-30 00:50 <DIR> d-------- C:\Windows\BUVC_AP 2008-08-29 15:39 . 2008-08-29 15:39 <DIR> d-------- C:\Windows\TweakVI 2008-08-29 15:39 . 2008-08-29 15:39 0 --a------ C:\Windows\System32\tviresource.val 2008-08-27 17:58 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-08-27 17:58 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-08-27 17:58 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-08-27 17:58 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-27 17:58 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-08-27 17:58 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-08-27 17:58 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-08-27 17:57 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-08-27 17:57 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-26 19:23 . 2008-06-24 13:45 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll 2008-08-26 19:23 . 2008-06-23 17:36 773,120 --a------ C:\Windows\System32\NEROINSTAEC43759.DB 2008-08-23 21:49 . 2008-08-25 20:09 69 --a------ C:\Windows\NeroDigital.ini 2008-08-23 19:18 . 2008-08-23 19:18 <DIR> d-------- C:\Users\All Users\NtiDvdCopy 2008-08-23 19:18 . 2008-08-23 19:18 <DIR> d-------- C:\ProgramData\NtiDvdCopy 2008-08-23 14:16 . 2008-08-23 14:16 <DIR> d-------- C:\Users\All Users\LightScribe 2008-08-23 14:16 . 2008-08-23 14:16 <DIR> d-------- C:\ProgramData\LightScribe 2008-08-23 13:23 . 2008-08-23 13:23 <DIR> d-------- C:\Users\simen-pc\AppData\Roaming\Nero 2008-08-23 13:20 . 2008-08-26 19:23 <DIR> d-------- C:\Users\All Users\Nero 2008-08-23 13:20 . 2008-08-26 19:23 <DIR> d-------- C:\ProgramData\Nero 2008-08-23 13:20 . 2008-08-26 19:23 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-08-20 20:49 . 2007-12-03 02:10 644,400 --a------ C:\Windows\System32\MSCOMCT2.OCX 2008-08-20 18:49 . 2008-08-20 18:49 <DIR> d-------- C:\Users\simen-pc\AppData\Roaming\Canneverbe_Limited 2008-08-20 18:47 . 2008-08-20 18:47 716,272 --a------ C:\Windows\System32\drivers\sptd.sys 2008-08-17 18:05 . 44,504 C:\Windows\System32\drivers\SonyFanC.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-17 13:58 49,660 ----a-w C:\Users\All Users\nvModes.dat 2008-09-17 13:58 49,660 ----a-w C:\ProgramData\nvModes.dat 2008-09-14 13:23 --------- d-----w C:\Users\simen-pc\AppData\Roaming\LimeWire 2008-09-10 18:49 --------- d-----w C:\Users\simen-pc\AppData\Roaming\IObit 2008-09-10 17:42 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-10 17:41 --------- d-----w C:\Program Files\Microsoft Works 2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-09-04 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-04 20:37 --------- d-----w C:\Program Files\Intel 2008-09-03 15:34 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Auslogics 2008-08-31 09:00 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-08-31 09:00 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-08-30 08:44 --------- d-----w C:\Program Files\Acer 2008-08-29 23:44 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-26 17:20 --------- d-----w C:\Users\simen-pc\AppData\Roaming\CyberLink 2008-08-26 17:16 --------- d-----w C:\Program Files\Comodo 2008-08-25 16:21 --------- d-----w C:\Program Files\Common Files\Steam 2008-08-24 13:35 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-08-23 20:20 --------- d-----w C:\ProgramData\CyberLink 2008-08-20 17:46 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-08-15 17:51 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Intel 2008-08-13 21:43 86,016 ----a-w C:\Windows\System32\OpenAL32.dll 2008-08-13 21:43 262,144 ----a-w C:\Windows\System32\wrap_oal.dll 2008-08-13 16:23 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-08-13 12:21 22,328 ----a-w C:\Users\simen-pc\AppData\Roaming\PnkBstrK.sys 2008-08-13 07:58 682,280 ----a-w C:\Windows\System32\pbsvc.exe 2008-08-12 18:55 --------- d-----w C:\Program Files\Windows Mail 2008-08-12 10:33 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-08-10 06:39 --------- d-----w C:\ProgramData\comodo 2008-08-10 06:28 262,144 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll 2008-08-10 06:28 249,592 ----a-w C:\Windows\System32\cssdll32.dll 2008-08-10 06:27 85,008 ----a-w C:\Windows\system32\drivers\cmdguard.sys 2008-08-10 06:27 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp.sys 2008-08-10 06:27 143,104 ----a-w C:\Windows\System32\guard32.dll 2008-08-10 06:27 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Comodo 2008-08-10 06:23 --------- d-----w C:\ProgramData\Avira 2008-08-10 06:23 --------- d-----w C:\Program Files\Avira 2008-08-10 06:20 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Malwarebytes 2008-08-10 06:20 --------- d-----w C:\ProgramData\Malwarebytes 2008-08-04 21:28 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-08-03 13:52 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-02 14:15 --------- d-----w C:\Program Files\Common Files\Logitech 2008-08-02 14:15 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-08-02 14:12 130,208 ------r C:\Windows\bwUnin-8.1.1.87-8876480SL.exe 2008-08-01 18:04 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Ventrilo 2008-08-01 17:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-01 14:20 --------- d-----w C:\ProgramData\NVIDIA 2008-08-01 14:06 --------- d-----w C:\ProgramData\Roaming 2008-08-01 14:05 --------- d-----w C:\ProgramData\Intel 2008-08-01 14:05 --------- d-----w C:\Program Files\Common Files\Intel 2008-08-01 14:05 --------- d-----w C:\Program Files\Cisco 2008-07-31 09:25 --------- d-----w C:\Program Files\Acer GameZone 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-29 16:05 453,152 ----a-w C:\Windows\System32\nvuninst.exe 2008-07-29 13:36 --------- d-----w C:\Program Files\Java 2008-07-29 13:34 --------- d-----w C:\Program Files\Common Files\Java 2008-07-27 08:21 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-07-26 20:10 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-07-26 09:55 --------- d-----w C:\ProgramData\McAfee 2008-07-26 09:45 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Logitech 2008-07-26 09:43 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-07-26 09:42 --------- d-----w C:\ProgramData\Logitech 2008-07-26 09:41 --------- d-----w C:\ProgramData\LogiShrd 2008-07-26 07:56 28,728 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-07-26 07:56 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-07-26 06:39 --------- d-----w C:\ProgramData\SiteAdvisor 2008-07-25 19:10 --------- d-----w C:\Program Files\Windows Live 2008-07-25 19:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-25 19:06 --------- d-----w C:\ProgramData\WLInstaller 2008-07-25 16:40 --------- d-----w C:\Program Files\Acer Arcade Deluxe 2008-07-25 16:38 --------- d-----w C:\Users\simen-pc\AppData\Roaming\eSobi 2008-07-25 16:32 --------- d-----w C:\ProgramData\eSobi 2008-07-25 16:28 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Yahoo! 2008-07-25 16:26 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Acer 2008-07-25 16:25 --------- d-----w C:\Users\simen-pc\AppData\Roaming\InstallShield 2008-07-25 16:24 --------- d-----w C:\Program Files\WIDCOMM 2008-07-25 16:20 315,392 ----a-w C:\Windows\HideWin.exe 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Start-meny 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Skrivebord 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Programdata 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Maler 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Favoritter 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Dokumenter 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "COMODO Firewall Pro"="D:\comodo\Firewall\cfp.exe" [2008-08-10 1655552] "WinampAgent"="D:\Winamp\winampa.exe" [2008-08-04 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "DisableStartupSound"= 1 (0x1) "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\Windows\system32\guard32.dll ,wbsys.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent] --------- 2008-04-10 16:30 147456 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] --------- 2008-04-10 16:30 167936 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-07-25 21:01 13535776 C:\Windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-07-25 21:01 92704 C:\Windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2008-04-18 15:18 167936 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI] --a------ 2007-10-23 10:56 200704 C:\Windows\PLFSetI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] --a------ 2008-01-29 09:03 303104 C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-21 04:23 1008184 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3674861047-2769230683-1661959226-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{24E63513-DAAC-4D37-9D83-29B5A92E459D}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{7AED87CD-4B74-40D9-8F3C-EC7AB15B2630}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{ECA91F1B-CC7A-4943-9931-A76CAFA1B602}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{BA18008D-E16C-42F4-8CCE-C5D21F6DA1B0}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0D970239-AEED-4ED9-A692-8560E3B2F592}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{56C39839-00F8-41AC-867A-3ABBCEAB6FDC}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{86A08C7E-D889-4260-8311-437FDB46539B}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "{18090F9C-55F9-4CB0-A408-3C3349F45CA2}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C825ED8C-3DEB-4C7E-B11F-4D3AAC827D7F}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{4D2634A3-2486-4877-BDD7-5C5B2E47DAE7}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{50C3FAC2-286D-45AC-BEA2-C2FBD186B63F}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{ECEE9B7C-7EBA-438F-A2BA-41F80FB9FA4E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{81CA01EC-55E8-4114-9473-C9D4C6D65422}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader.exe"= UDP:C:\users\simen-pc\downloads\wow-engb-installer-downloader.exe:wow-engb-installer-downloader.exe "UDP Query User{FABCE0DA-EB53-4834-8086-21851F001DAA}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader.exe"= TCP:C:\users\simen-pc\downloads\wow-engb-installer-downloader.exe:wow-engb-installer-downloader.exe "TCP Query User{6CF8DE6F-AFA3-4961-851C-258E1417E08A}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader(2).exe"= UDP:C:\users\simen-pc\downloads\wow-engb-installer-downloader(2).exe:wow-engb-installer-downloader(2).exe "UDP Query User{F57C8F24-6EF8-4D2B-B36C-8B00BDEC30DE}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader(2).exe"= TCP:C:\users\simen-pc\downloads\wow-engb-installer-downloader(2).exe:wow-engb-installer-downloader(2).exe "{83EFDF1A-D8AD-4D8C-AC8A-EF56CCBC19A9}"= UDP:3724:blizzard "{C00F355D-0A52-4A3B-81A4-E563A00D43EF}"= UDP:6112:blizzard "{9B7F0867-74E3-49D9-8E70-D93E061F847B}"= UDP:6881:blizzard "{F21512C3-B187-4B34-BB19-0F6FED421266}"= UDP:6999:blizzard "TCP Query User{5D1C18CB-F1FE-4CB2-8070-5BC1CD7DCBFF}D:\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= UDP:D:\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader "UDP Query User{67D01CCF-B346-4A88-A032-7DF2C365BC81}D:\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= TCP:D:\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader "{87562EE6-5A5A-49E9-A1B4-0D90E700B8DC}"= UDP:D:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{918A8795-A104-44B7-8072-4C0D1445D576}"= TCP:D:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{5DD1352D-29BA-4921-BD95-DCC90B5EA34D}"= UDP:D:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{D5D6C3C3-ED8C-41A6-9CF8-C1883BD2930F}"= TCP:D:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{2EB5ABDF-A671-4345-9B59-476607DE1D56}"= UDP:D:\Battlefield2\BF2.exe:Battlefield 2 "{6FF7BE07-B3E8-4ECD-B7C1-3D6A75DD46C2}"= TCP:D:\Battlefield2\BF2.exe:Battlefield 2 "{690F46B1-822D-447D-9B3F-8964F62532F8}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{F3598AB3-23B2-41E0-A819-D14EA817F9A4}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{B424DB3E-5B31-49EF-852B-F99FE4B0D8CF}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{697C0ACE-CD80-4195-BC53-4427C3C83A76}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{6363B064-1769-45E0-9B8F-B4148EFB239F}D:\\limewire\\limewire.exe"= UDP:D:\limewire\limewire.exe:LimeWire "UDP Query User{FE055103-0A8B-4EF6-9F6B-BBACAA9A7E59}D:\\limewire\\limewire.exe"= TCP:D:\limewire\limewire.exe:LimeWire "TCP Query User{BA0BE369-C221-44FF-9D8F-FE2C7C6C3245}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader(3).exe"= Disabled:UDP:C:\users\simen-pc\downloads\wow-engb-installer-downloader(3).exe:wow-engb-installer-downloader(3).exe "UDP Query User{654C4119-55DC-4B57-8D85-5A9D5373826F}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader(3).exe"= Disabled:TCP:C:\users\simen-pc\downloads\wow-engb-installer-downloader(3).exe:wow-engb-installer-downloader(3).exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "D:\\BitTorrent\\bittorrent.exe"= D:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-08-10 85008] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-08-10 25104] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 15:01 61424] R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-04-03 43552] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240] S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2007-12-16 75776] S4 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S4 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 NMSAccessU;NMSAccessU;D:\CDBurnerXP\NMSAccessU.exe [ ] S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] S4 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-25 87288] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - Notify-AWinNotifyVitaKey MC3000 - (no file) Notify-WB - (no file) MSConfigStartUp-LManager - C:\PROGRA~1\LAUNCH~1\LManager.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\simen-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0xsj1feo.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.hardware.no FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll FF -: plugin - D:\firefox\plugins\np32dsw.dll FF -: plugin - D:\firefox\plugins\npnul32.dll FF -: plugin - D:\firefox\plugins\nppdf32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-17 17:22:54 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\system32\winlogon.exe -> C:\Windows\system32\guard32.dll PROCESS: C:\Windows\system32\lsass.exe -> C:\Windows\system32\guard32.dll . Completion time: 2008-09-17 17:24:47 ComboFix-quarantined-files.txt 2008-09-17 15:24:43 Pre-Run: 104,840,622,080 byte ledig Post-Run: 104,822,415,360 byte ledig 352 --- E O F --- 2008-09-10 17:43:58 hijak this: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:25:54, on 17.09.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\comodo\Firewall\cfp.exe D:\Winamp\winampa.exe D:\Winamp\winamp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe D:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\comodo\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} (Comodo AV Scanner ActiveX) - http://www.personalfirewall.comodo.com/sca...doAVScanner.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file) O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll ,wbsys.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\comodo\Firewall\cmdagent.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Stardock WindowBlinds (WindowBlinds) - Unknown owner - D:\alienware\Stardock\MyColors\VistaSrv.exe (file missing) -- End of file - 6134 bytes Endret 17. september 2008 av Submit Lenke til kommentar
Bruker-158599 Skrevet 19. september 2008 Del Skrevet 19. september 2008 datan min fryser helt avogtil får ikke kjørt noe som helst men jeg lan trykke eks winamp osv :s bare si hvis dere savner noe (det er en acer aspire 5930g med vista 32bit) logger: (jeg har kjørt mbam før og det sletta det den fant..) combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-09-16.05 - simen-pc 2008-09-17 17:19:23.1 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2101 [GMT 2:00] Running from: C:\Users\simen-pc\Desktop\virus\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\simen-pc\AppData\Roaming\.# . ((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 ))))))))))))))))))))))))))))))) . 2008-09-15 22:29 . 2008-09-16 20:35 <DIR> d-------- C:\Users\simen-pc\AppData\Roaming\uTorrent 2008-09-14 12:28 . 2008-09-14 16:32 <DIR> d-------- C:\Users\simen-pc\AppData\Roaming\Winamp 2008-09-14 12:28 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll 2008-09-13 10:45 . 2008-09-13 10:54 <DIR> d-------- C:\Windows\.jagex_cache_32 2008-09-13 10:02 . 2008-09-13 10:30 <DIR> d-------- C:\Windows\System32\Adobe 2008-09-13 03:45 . 2008-09-13 17:45 <DIR> d-------- C:\Program Files\ArtMoney 2008-09-10 19:40 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 19:40 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-10 19:39 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 19:39 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 19:39 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 19:39 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 19:39 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-10 19:39 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 19:39 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-09 23:54 . 2008-09-09 23:54 <DIR> d-------- C:\Users\All Users\Auslogics 2008-09-09 23:54 . 2008-09-09 23:54 <DIR> d-------- C:\ProgramData\Auslogics 2008-09-07 20:50 . 2007-12-13 17:19 55,808 --a------ C:\temp\devcon.exe 2008-09-07 20:49 . 2008-09-07 20:50 <DIR> d-------- C:\temp 2008-09-04 22:45 . 2008-06-26 06:30 3,662,848 --a------ C:\Windows\System32\drivers\NETw5v32.sys 2008-09-04 22:37 . 2008-07-20 17:44 324,120 --a------ C:\Windows\System32\drivers\iaStor.sys 2008-09-04 22:37 . 2006-11-10 09:25 319,456 --a------ C:\Windows\System32\difxapi.dll 2008-08-31 17:57 . 2008-08-31 17:57 250 --a------ C:\Windows\gmer.ini 2008-08-31 16:31 . 2008-08-31 16:32 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-08-31 13:24 . 2008-08-31 13:59 52 --a------ C:\Windows\wb.ini 2008-08-31 13:05 . 2008-08-31 13:15 <DIR> d-------- C:\Users\simen-pc\AppData\Roaming\Stardock 2008-08-31 13:05 . 2008-08-31 13:05 <DIR> d-------- C:\Users\All Users\Stardock 2008-08-31 13:05 . 2008-08-31 13:05 <DIR> d-------- C:\ProgramData\Stardock 2008-08-31 12:26 . 2008-08-31 12:26 23,600 --a------ C:\Windows\System32\drivers\TVICHW32.SYS 2008-08-30 19:31 . 2008-08-30 19:31 3,932,214 --a------ C:\Windows\Invader1280.bmp 2008-08-30 19:30 . 2008-08-31 14:02 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-08-30 01:49 . 2008-02-25 16:28 238,080 --a------ C:\Windows\System32\ITEIO_64.dll 2008-08-30 01:49 . 2008-02-25 16:29 14,544 --a------ C:\Windows\System32\drivers\TVicPort.sys 2008-08-30 01:49 . 2008-02-25 16:29 6,080 --a------ C:\Windows\System32\drivers\zntport.sys 2008-08-30 01:43 . 2008-03-21 13:21 487,424 --a------ C:\Windows\System32\INT15.dll 2008-08-30 01:43 . 2008-03-21 10:48 17,952 --a------ C:\Windows\System32\drivers\int15_64.sys 2008-08-30 01:43 . 2008-03-21 10:48 15,392 --a------ C:\Windows\System32\drivers\int15.sys 2008-08-30 01:25 . 2008-08-30 01:25 <DIR> d-------- C:\Program Files\Marvell 2008-08-30 01:24 . 2008-08-30 01:24 <DIR> d-------- C:\Users\All Users\Broadcom 2008-08-30 01:24 . 2008-08-30 01:24 <DIR> d-------- C:\ProgramData\Broadcom 2008-08-30 01:22 . 2008-08-30 01:22 <DIR> d-------- C:\Windows\System32\nn-NO 2008-08-30 01:22 . 2008-08-30 01:22 <DIR> d-------- C:\Users\All Users\Atheros 2008-08-30 01:22 . 2008-08-30 01:22 <DIR> d-------- C:\ProgramData\Atheros 2008-08-30 01:22 . 2008-08-30 01:22 <DIR> d-------- C:\Program Files\Atheros 2008-08-30 01:22 . 2008-05-19 19:42 912,384 --a------ C:\Windows\System32\athr.sys 2008-08-30 01:22 . 2008-04-07 21:59 393,216 --a------ C:\Windows\System32\athihvs.dll 2008-08-30 01:22 . 2008-04-07 22:00 376,832 --a------ C:\Windows\System32\S64CPA.exe 2008-08-30 01:22 . 2008-05-19 19:41 115,709 --a------ C:\Windows\System32\netathr.inf 2008-08-30 01:22 . 2008-04-07 21:59 53,248 --a------ C:\Windows\System32\athihvui.dll 2008-08-30 01:22 . 2008-05-21 14:23 38,657 --a------ C:\Windows\System32\athrext.cat 2008-08-30 01:19 . 2008-08-30 01:19 <DIR> d-------- C:\Windows\System32\es-MX 2008-08-30 01:19 . 2008-08-30 01:19 <DIR> d-------- C:\Windows\System32\es-AR 2008-08-30 01:19 . 2008-02-12 13:19 233,472 --a------ C:\Windows\System32\BtwRSupport.dll 2008-08-30 01:17 . 2008-08-30 01:27 <DIR> d-------- C:\Windows\Downloaded Installations 2008-08-30 01:17 . 2008-08-30 01:17 <DIR> d-------- C:\Program Files\LITEON 2008-08-30 00:55 . 2008-08-30 00:55 <DIR> d-------- C:\Windows\Options 2008-08-30 00:55 . 2008-03-18 11:36 54,824 --------- C:\Windows\System32\agrsmdel.exe 2008-08-30 00:50 . 2008-08-30 00:50 <DIR> d-------- C:\Windows\BUVC_AP 2008-08-29 15:39 . 2008-08-29 15:39 <DIR> d-------- C:\Windows\TweakVI 2008-08-29 15:39 . 2008-08-29 15:39 0 --a------ C:\Windows\System32\tviresource.val 2008-08-27 17:58 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-08-27 17:58 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-08-27 17:58 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-08-27 17:58 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-27 17:58 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-08-27 17:58 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-08-27 17:58 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-08-27 17:57 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-08-27 17:57 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-26 19:23 . 2008-06-24 13:45 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll 2008-08-26 19:23 . 2008-06-23 17:36 773,120 --a------ C:\Windows\System32\NEROINSTAEC43759.DB 2008-08-23 21:49 . 2008-08-25 20:09 69 --a------ C:\Windows\NeroDigital.ini 2008-08-23 19:18 . 2008-08-23 19:18 <DIR> d-------- C:\Users\All Users\NtiDvdCopy 2008-08-23 19:18 . 2008-08-23 19:18 <DIR> d-------- C:\ProgramData\NtiDvdCopy 2008-08-23 14:16 . 2008-08-23 14:16 <DIR> d-------- C:\Users\All Users\LightScribe 2008-08-23 14:16 . 2008-08-23 14:16 <DIR> d-------- C:\ProgramData\LightScribe 2008-08-23 13:23 . 2008-08-23 13:23 <DIR> d-------- C:\Users\simen-pc\AppData\Roaming\Nero 2008-08-23 13:20 . 2008-08-26 19:23 <DIR> d-------- C:\Users\All Users\Nero 2008-08-23 13:20 . 2008-08-26 19:23 <DIR> d-------- C:\ProgramData\Nero 2008-08-23 13:20 . 2008-08-26 19:23 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-08-20 20:49 . 2007-12-03 02:10 644,400 --a------ C:\Windows\System32\MSCOMCT2.OCX 2008-08-20 18:49 . 2008-08-20 18:49 <DIR> d-------- C:\Users\simen-pc\AppData\Roaming\Canneverbe_Limited 2008-08-20 18:47 . 2008-08-20 18:47 716,272 --a------ C:\Windows\System32\drivers\sptd.sys 2008-08-17 18:05 . 44,504 C:\Windows\System32\drivers\SonyFanC.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-17 13:58 49,660 ----a-w C:\Users\All Users\nvModes.dat 2008-09-17 13:58 49,660 ----a-w C:\ProgramData\nvModes.dat 2008-09-14 13:23 --------- d-----w C:\Users\simen-pc\AppData\Roaming\LimeWire 2008-09-10 18:49 --------- d-----w C:\Users\simen-pc\AppData\Roaming\IObit 2008-09-10 17:42 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-10 17:41 --------- d-----w C:\Program Files\Microsoft Works 2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-09-04 20:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-04 20:37 --------- d-----w C:\Program Files\Intel 2008-09-03 15:34 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Auslogics 2008-08-31 09:00 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-08-31 09:00 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-08-30 08:44 --------- d-----w C:\Program Files\Acer 2008-08-29 23:44 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-26 17:20 --------- d-----w C:\Users\simen-pc\AppData\Roaming\CyberLink 2008-08-26 17:16 --------- d-----w C:\Program Files\Comodo 2008-08-25 16:21 --------- d-----w C:\Program Files\Common Files\Steam 2008-08-24 13:35 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-08-23 20:20 --------- d-----w C:\ProgramData\CyberLink 2008-08-20 17:46 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-08-15 17:51 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Intel 2008-08-13 21:43 86,016 ----a-w C:\Windows\System32\OpenAL32.dll 2008-08-13 21:43 262,144 ----a-w C:\Windows\System32\wrap_oal.dll 2008-08-13 16:23 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-08-13 12:21 22,328 ----a-w C:\Users\simen-pc\AppData\Roaming\PnkBstrK.sys 2008-08-13 07:58 682,280 ----a-w C:\Windows\System32\pbsvc.exe 2008-08-12 18:55 --------- d-----w C:\Program Files\Windows Mail 2008-08-12 10:33 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-08-10 06:39 --------- d-----w C:\ProgramData\comodo 2008-08-10 06:28 262,144 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll 2008-08-10 06:28 249,592 ----a-w C:\Windows\System32\cssdll32.dll 2008-08-10 06:27 85,008 ----a-w C:\Windows\system32\drivers\cmdguard.sys 2008-08-10 06:27 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp.sys 2008-08-10 06:27 143,104 ----a-w C:\Windows\System32\guard32.dll 2008-08-10 06:27 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Comodo 2008-08-10 06:23 --------- d-----w C:\ProgramData\Avira 2008-08-10 06:23 --------- d-----w C:\Program Files\Avira 2008-08-10 06:20 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Malwarebytes 2008-08-10 06:20 --------- d-----w C:\ProgramData\Malwarebytes 2008-08-04 21:28 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-08-03 13:52 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-02 14:15 --------- d-----w C:\Program Files\Common Files\Logitech 2008-08-02 14:15 --------- d-----w C:\Program Files\Common Files\Logishrd 2008-08-02 14:12 130,208 ------r C:\Windows\bwUnin-8.1.1.87-8876480SL.exe 2008-08-01 18:04 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Ventrilo 2008-08-01 17:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-01 14:20 --------- d-----w C:\ProgramData\NVIDIA 2008-08-01 14:06 --------- d-----w C:\ProgramData\Roaming 2008-08-01 14:05 --------- d-----w C:\ProgramData\Intel 2008-08-01 14:05 --------- d-----w C:\Program Files\Common Files\Intel 2008-08-01 14:05 --------- d-----w C:\Program Files\Cisco 2008-07-31 09:25 --------- d-----w C:\Program Files\Acer GameZone 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-29 16:05 453,152 ----a-w C:\Windows\System32\nvuninst.exe 2008-07-29 13:36 --------- d-----w C:\Program Files\Java 2008-07-29 13:34 --------- d-----w C:\Program Files\Common Files\Java 2008-07-27 08:21 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-07-26 20:10 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-07-26 09:55 --------- d-----w C:\ProgramData\McAfee 2008-07-26 09:45 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Logitech 2008-07-26 09:43 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2008-07-26 09:42 --------- d-----w C:\ProgramData\Logitech 2008-07-26 09:41 --------- d-----w C:\ProgramData\LogiShrd 2008-07-26 07:56 28,728 ----a-w C:\Windows\system32\drivers\msahci.sys 2008-07-26 07:56 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-07-26 06:39 --------- d-----w C:\ProgramData\SiteAdvisor 2008-07-25 19:10 --------- d-----w C:\Program Files\Windows Live 2008-07-25 19:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-25 19:06 --------- d-----w C:\ProgramData\WLInstaller 2008-07-25 16:40 --------- d-----w C:\Program Files\Acer Arcade Deluxe 2008-07-25 16:38 --------- d-----w C:\Users\simen-pc\AppData\Roaming\eSobi 2008-07-25 16:32 --------- d-----w C:\ProgramData\eSobi 2008-07-25 16:28 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Yahoo! 2008-07-25 16:26 --------- d-----w C:\Users\simen-pc\AppData\Roaming\Acer 2008-07-25 16:25 --------- d-----w C:\Users\simen-pc\AppData\Roaming\InstallShield 2008-07-25 16:24 --------- d-----w C:\Program Files\WIDCOMM 2008-07-25 16:20 315,392 ----a-w C:\Windows\HideWin.exe 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Start-meny 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Skrivebord 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Programdata 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Maler 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Favoritter 2008-07-25 16:07 --------- d-sh--w C:\ProgramData\Dokumenter 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-03-04 23:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "COMODO Firewall Pro"="D:\comodo\Firewall\cfp.exe" [2008-08-10 1655552] "WinampAgent"="D:\Winamp\winampa.exe" [2008-08-04 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "DisableStartupSound"= 1 (0x1) "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\Windows\system32\guard32.dll ,wbsys.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent] --------- 2008-04-10 16:30 147456 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] --------- 2008-04-10 16:30 167936 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-07-25 21:01 13535776 C:\Windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-07-25 21:01 92704 C:\Windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2008-04-18 15:18 167936 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI] --a------ 2007-10-23 10:56 200704 C:\Windows\PLFSetI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] --a------ 2008-01-29 09:03 303104 C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-21 04:23 1008184 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3674861047-2769230683-1661959226-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{360331AF-0526-4036-8C9C-082A9741303E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A60AD18A-2C14-44CC-BD60-C6C11FC66FEC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{24E63513-DAAC-4D37-9D83-29B5A92E459D}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{7AED87CD-4B74-40D9-8F3C-EC7AB15B2630}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{ECA91F1B-CC7A-4943-9931-A76CAFA1B602}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe "{BA18008D-E16C-42F4-8CCE-C5D21F6DA1B0}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe "{0D970239-AEED-4ED9-A692-8560E3B2F592}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{56C39839-00F8-41AC-867A-3ABBCEAB6FDC}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe "{86A08C7E-D889-4260-8311-437FDB46539B}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "{18090F9C-55F9-4CB0-A408-3C3349F45CA2}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C825ED8C-3DEB-4C7E-B11F-4D3AAC827D7F}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie "{4D2634A3-2486-4877-BDD7-5C5B2E47DAE7}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program "{50C3FAC2-286D-45AC-BEA2-C2FBD186B63F}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia "{ECEE9B7C-7EBA-438F-A2BA-41F80FB9FA4E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{81CA01EC-55E8-4114-9473-C9D4C6D65422}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader.exe"= UDP:C:\users\simen-pc\downloads\wow-engb-installer-downloader.exe:wow-engb-installer-downloader.exe "UDP Query User{FABCE0DA-EB53-4834-8086-21851F001DAA}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader.exe"= TCP:C:\users\simen-pc\downloads\wow-engb-installer-downloader.exe:wow-engb-installer-downloader.exe "TCP Query User{6CF8DE6F-AFA3-4961-851C-258E1417E08A}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader(2).exe"= UDP:C:\users\simen-pc\downloads\wow-engb-installer-downloader(2).exe:wow-engb-installer-downloader(2).exe "UDP Query User{F57C8F24-6EF8-4D2B-B36C-8B00BDEC30DE}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader(2).exe"= TCP:C:\users\simen-pc\downloads\wow-engb-installer-downloader(2).exe:wow-engb-installer-downloader(2).exe "{83EFDF1A-D8AD-4D8C-AC8A-EF56CCBC19A9}"= UDP:3724:blizzard "{C00F355D-0A52-4A3B-81A4-E563A00D43EF}"= UDP:6112:blizzard "{9B7F0867-74E3-49D9-8E70-D93E061F847B}"= UDP:6881:blizzard "{F21512C3-B187-4B34-BB19-0F6FED421266}"= UDP:6999:blizzard "TCP Query User{5D1C18CB-F1FE-4CB2-8070-5BC1CD7DCBFF}D:\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= UDP:D:\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader "UDP Query User{67D01CCF-B346-4A88-A032-7DF2C365BC81}D:\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= TCP:D:\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader "{87562EE6-5A5A-49E9-A1B4-0D90E700B8DC}"= UDP:D:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{918A8795-A104-44B7-8072-4C0D1445D576}"= TCP:D:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{5DD1352D-29BA-4921-BD95-DCC90B5EA34D}"= UDP:D:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{D5D6C3C3-ED8C-41A6-9CF8-C1883BD2930F}"= TCP:D:\logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{2EB5ABDF-A671-4345-9B59-476607DE1D56}"= UDP:D:\Battlefield2\BF2.exe:Battlefield 2 "{6FF7BE07-B3E8-4ECD-B7C1-3D6A75DD46C2}"= TCP:D:\Battlefield2\BF2.exe:Battlefield 2 "{690F46B1-822D-447D-9B3F-8964F62532F8}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{F3598AB3-23B2-41E0-A819-D14EA817F9A4}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{B424DB3E-5B31-49EF-852B-F99FE4B0D8CF}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{697C0ACE-CD80-4195-BC53-4427C3C83A76}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{6363B064-1769-45E0-9B8F-B4148EFB239F}D:\\limewire\\limewire.exe"= UDP:D:\limewire\limewire.exe:LimeWire "UDP Query User{FE055103-0A8B-4EF6-9F6B-BBACAA9A7E59}D:\\limewire\\limewire.exe"= TCP:D:\limewire\limewire.exe:LimeWire "TCP Query User{BA0BE369-C221-44FF-9D8F-FE2C7C6C3245}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader(3).exe"= Disabled:UDP:C:\users\simen-pc\downloads\wow-engb-installer-downloader(3).exe:wow-engb-installer-downloader(3).exe "UDP Query User{654C4119-55DC-4B57-8D85-5A9D5373826F}C:\\users\\simen-pc\\downloads\\wow-engb-installer-downloader(3).exe"= Disabled:TCP:C:\users\simen-pc\downloads\wow-engb-installer-downloader(3).exe:wow-engb-installer-downloader(3).exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "D:\\BitTorrent\\bittorrent.exe"= D:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-08-10 85008] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-08-10 25104] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 15:01 61424] R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576] R2 NTIPPKernel;NTIPPKernel;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368] R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-04-03 43552] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240] S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2007-12-16 75776] S4 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S4 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 NMSAccessU;NMSAccessU;D:\CDBurnerXP\NMSAccessU.exe [ ] S4 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424] S4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072] S4 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-25 87288] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - Notify-AWinNotifyVitaKey MC3000 - (no file) Notify-WB - (no file) MSConfigStartUp-LManager - C:\PROGRA~1\LAUNCH~1\LManager.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\simen-pc\AppData\Roaming\Mozilla\Firefox\Profiles\0xsj1feo.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.hardware.no FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll FF -: plugin - D:\firefox\plugins\np32dsw.dll FF -: plugin - D:\firefox\plugins\npnul32.dll FF -: plugin - D:\firefox\plugins\nppdf32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-17 17:22:54 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\system32\winlogon.exe -> C:\Windows\system32\guard32.dll PROCESS: C:\Windows\system32\lsass.exe -> C:\Windows\system32\guard32.dll . Completion time: 2008-09-17 17:24:47 ComboFix-quarantined-files.txt 2008-09-17 15:24:43 Pre-Run: 104,840,622,080 byte ledig Post-Run: 104,822,415,360 byte ledig 352 --- E O F --- 2008-09-10 17:43:58 hijak this: Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:25:54, on 17.09.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\comodo\Firewall\cfp.exe D:\Winamp\winampa.exe D:\Winamp\winamp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe D:\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\comodo\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} (Comodo AV Scanner ActiveX) - http://www.personalfirewall.comodo.com/sca...doAVScanner.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file) O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll ,wbsys.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\comodo\Firewall\cmdagent.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: Stardock WindowBlinds (WindowBlinds) - Unknown owner - D:\alienware\Stardock\MyColors\VistaSrv.exe (file missing) -- End of file - 6134 bytes det at pcen fryser kan være at det er noe som bruker for mye cpu, det kan være virus også, men hvis du har kjørt combofix kan det være fjerna. Jeg vet at SNIPPSAT kan hjelpe det hvis det har noe med cpu og gjøre. bruker du avira? du har vel brannmur også? kan du ikke laste ned superantispyware og mbam å poste logg? http://www.superantispyware.com/?tag=GOOGLE-SUPERANTISPYWARE http://www.download.com/Malwarebytes-Anti-...4-10804572.html se på denne siden å se om det er noe du ikke burde ha på datan din, men vær forsiktig! http://hjt.networktechs.com/parse.php?log=517655 uansett last ned mbam og superantispyware, å scann med de. du kan også laste ned ccleaner last ned den siste versjonen å søk etter feil og rens datan. gå på avansert og ta bort krysset ved "bare slett midlertidligere filer som er eldre enn 48timer" http://www.filehippo.com/download_ccleaner/ vet ikke om du kan fjerna combofix enda, men hvis du vil så kan du skrive combofix /u i kjør vinduet, legg merke til mellomromet mellom x og u. Lenke til kommentar
raWrz Skrevet 19. september 2008 Forfatter Del Skrevet 19. september 2008 (endret) mbam har jeg kjørt og den fjærna 10 ting men det samma skjedde bruker avira og COMODO ccleaner bruker jeg ofte:) Endret 19. september 2008 av Submit Lenke til kommentar
snippsat Skrevet 19. september 2008 Del Skrevet 19. september 2008 (endret) Loggene ser greie ut. --- Hd Tune Start->kjør->cmd CHKDSK /F CHKDSK /R --- ccleaner bruker jeg ofte Husk kjør register renser og. --- Defragmering. Auslogics Disk Defrag + Free Registry Defrag --- Process explorer følg med på forbruk av cpu. --- Test minne fordi er det dårlig kan det gi feilen du har. Memtest86+ 2.01 --- Du kan gjøre dette. Start->kjør->cmd Skriv dette. sc stop WindowBlinds sc delete WindowBlinds --- Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file) O23 - Service: Stardock WindowBlinds (WindowBlinds) - Unknown owner - D:\alienware\Stardock\MyColors\VistaSrv.exe (file missing) se på denne siden å se om det er noe du ikke burde ha på datan din, men vær forsiktig!http://hjt.networktechs.com/parse.php?log=517655 Denne er ikke til og stole på. Endret 20. september 2008 av SNIPPSAT Lenke til kommentar
raWrz Skrevet 20. september 2008 Forfatter Del Skrevet 20. september 2008 da har jeg gjort mesteparten av det der men får ikke til Start->kjør->cmd CHKDSK /F CHKDSK /R står at det er i bruk av en annen prosess :s Lenke til kommentar
snippsat Skrevet 20. september 2008 Del Skrevet 20. september 2008 (endret) Du skal få dette spørsmålet. Skal kontollers neste gang systemet starter (J/N) Da trykker du J. Restart. Endret 20. september 2008 av SNIPPSAT Lenke til kommentar
raWrz Skrevet 20. september 2008 Forfatter Del Skrevet 20. september 2008 (endret) Du skal få dette spørsmålet. Skal kontollers neste gang systemet starter (J/N) Da trykker du J. Restart. da er det gjort ja skal restarte etter at jeg har gjort ferdig noe i World of Warcraft Endret 20. september 2008 av Submit Lenke til kommentar
Bruker-158599 Skrevet 20. september 2008 Del Skrevet 20. september 2008 Loggene ser greie ut.--- Hd Tune Start->kjør->cmd CHKDSK /F CHKDSK /R --- ccleaner bruker jeg ofte Husk kjør register renser og. --- Defragmering. Auslogics Disk Defrag + Free Registry Defrag --- Process explorer følg med på forbruk av cpu. --- Test minne fordi er det dårlig kan det gi feilen du har. Memtest86+ 2.01 --- Du kan gjøre dette. Start->kjør->cmd Skriv dette. sc stop WindowBlinds sc delete WindowBlinds --- Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file) O23 - Service: Stardock WindowBlinds (WindowBlinds) - Unknown owner - D:\alienware\Stardock\MyColors\VistaSrv.exe (file missing) se på denne siden å se om det er noe du ikke burde ha på datan din, men vær forsiktig!http://hjt.networktechs.com/parse.php?log=517655 Denne er ikke til og stole på. jeg vet det, det er folk som legger inn osv, har ikke brukt den...men skal ikke gi noen andere linken Lenke til kommentar
Micah^^ Skrevet 20. september 2008 Del Skrevet 20. september 2008 Ta kopi av alle personlige filer, logger, osv... Reinstaller! Lykke til. Lenke til kommentar
raWrz Skrevet 20. september 2008 Forfatter Del Skrevet 20. september 2008 hvil heller at det skal fryse og at jeg må skru datan av og på enn reinstalasjon -.- tok den CHKDSK og alt gikk fint men samma frysinga skjedde med en gang jeg skrudde på datan og skulle skrive hadde bare firefox og winamp oppe :s Lenke til kommentar
Bruker-158599 Skrevet 20. september 2008 Del Skrevet 20. september 2008 hvil heller at det skal fryse og at jeg må skru datan av og på enn reinstalasjon -.- tok den CHKDSK og alt gikk fint men samma frysinga skjedde med en gang jeg skrudde på datan og skulle skrive hadde bare firefox og winamp oppe :s kan winamp være problemet? kan du ikke prøve å ikke bruke det å se om det hjelper? Lenke til kommentar
raWrz Skrevet 20. september 2008 Forfatter Del Skrevet 20. september 2008 k skal bruke WMP Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå