DSAS Skrevet 13. oktober 2008 Del Skrevet 13. oktober 2008 (endret) Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.28Database versjon: 1266 Windows 6.0.6001 Service Pack 1 13.10.2008 18:39:37 mbam-log-2008-10-13 (18-39-37).txt Skanntype: Rask Skann Objekter skannet: 47381 Tid tilbakelagt: 2 minute(s), 50 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 3 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bags Else Hole Lite (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\ProgramData\bolt file four.q9o6w (Trojan.Agent) -> Quarantined and deleted successfully. ComboFix 08-10-12.01 - Karsten 2008-10-13 18:43:40.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2185 [GMT 2:00] Running from: C:\Users\Karsten\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\DRV\TVtuner\Liteon\Resources\_desktop.ini . ((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 ))))))))))))))))))))))))))))))) . 2008-10-13 18:33 . 2008-10-13 18:33 <DIR> d-------- C:\Users\Karsten\AppData\Roaming\Malwarebytes 2008-10-13 18:33 . 2008-10-13 18:33 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-10-13 18:33 . 2008-10-13 18:33 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-10-13 18:33 . 2008-10-13 18:33 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-13 18:33 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-13 18:33 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-02 17:55 . 2008-10-02 17:55 <DIR> d-------- C:\Users\Karsten\AppData\Roaming\CleanMyPC Software 2008-10-02 17:54 . 2008-10-13 18:00 <DIR> d-a------ C:\Users\All Users\TEMP 2008-10-02 17:54 . 2008-10-13 18:00 <DIR> d-a------ C:\ProgramData\TEMP 2008-10-02 17:54 . 2008-10-02 17:54 <DIR> d-------- C:\Program Files\CleanMyPC 2008-10-02 09:01 . 2008-10-02 09:01 <DIR> d-------- C:\Program Files\Digeus 2008-10-02 08:55 . 2008-10-02 19:45 <DIR> d-------- C:\Windows\System32\HouseCall 6.6 2008-10-01 23:37 . 2007-12-24 17:37 138,384 --a------ C:\Windows\System32\drivers\tmcomm.sys 2008-10-01 23:33 . 2008-10-01 23:33 <DIR> d-------- C:\Users\Karsten\AppData\Roaming\Uniblue 2008-10-01 23:33 . 2008-10-01 23:33 <DIR> d-------- C:\Program Files\Uniblue 2008-10-01 23:28 . 2008-10-01 23:33 <DIR> d--h-c--- C:\Users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-10-01 23:28 . 2008-10-01 23:33 <DIR> d--h-c--- C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-10-01 23:26 . 2008-10-02 09:19 <DIR> d-------- C:\Users\Karsten\AppData\Roaming\HouseCall 6.6 2008-10-01 23:15 . 2008-10-01 23:15 <DIR> d-------- C:\Users\All Users\DFX 2008-10-01 23:15 . 2008-10-01 23:15 <DIR> d-------- C:\ProgramData\DFX 2008-10-01 23:15 . 2008-10-01 23:15 <DIR> d-------- C:\Program Files\DFX 2008-10-01 23:15 . 2008-10-01 23:15 <DIR> d-------- C:\Program Files\Common Files\DFX 2008-10-01 19:43 . 2008-10-01 19:43 <DIR> d-------- C:\Program Files\Setup Nurb Wma 2008-10-01 14:33 . 2008-10-01 14:33 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-01 14:28 . 2008-10-01 14:28 <DIR> d-------- C:\Users\Karsten\AppData\Roaming\Bitdefender 2008-10-01 14:12 . 2008-10-13 18:46 81,984 --a------ C:\Windows\System32\bdod.bin 2008-10-01 14:07 . 2008-10-01 14:09 <DIR> d-------- C:\Users\All Users\BitDefender 2008-10-01 14:07 . 2008-10-01 14:09 <DIR> d-------- C:\ProgramData\BitDefender 2008-10-01 14:07 . 2008-10-01 14:07 <DIR> d-------- C:\Program Files\Softwin 2008-10-01 14:07 . 2008-10-01 14:08 <DIR> d-------- C:\Program Files\Common Files\Softwin 2008-10-01 14:06 . 2008-10-01 14:06 <DIR> d-------- C:\Users\All Users\Avg7 2008-10-01 14:06 . 2008-10-01 14:06 <DIR> d-------- C:\ProgramData\Avg7 2008-10-01 13:58 . 2008-10-01 13:59 <DIR> d-------- C:\Winamp 2008-10-01 13:58 . 2008-10-01 18:32 <DIR> d-------- C:\Users\Karsten\AppData\Roaming\Winamp 2008-09-30 08:50 . 2008-09-30 08:53 <DIR> d-------- C:\Program Files\Counter-Strike 1.6 2008-09-30 08:49 . 2008-09-30 08:49 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-09-29 16:54 . 2008-09-29 16:54 <DIR> d-------- C:\Program Files\BZFlag2.0.10 2008-09-26 08:50 . 2008-09-29 10:24 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-09-26 08:50 . 2008-09-29 10:24 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-09-26 08:50 . 2008-09-26 08:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-09-25 20:12 . 2008-09-25 20:12 <DIR> d-------- C:\Users\All Users\Futuremark 2008-09-25 20:12 . 2008-09-25 20:12 <DIR> d-------- C:\ProgramData\Futuremark 2008-09-25 18:13 . 2008-09-25 18:13 <DIR> d-------- C:\Windows\System32\Futuremark 2008-09-25 18:13 . 2008-09-25 18:13 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared 2008-09-25 18:13 . 2008-04-22 08:53 27,672 -ra------ C:\Windows\System32\drivers\Entech.sys 2008-09-25 18:12 . 2008-09-25 18:12 <DIR> d-------- C:\Program Files\Futuremark 2008-09-25 18:11 . 2008-09-25 18:11 <DIR> d-------- C:\Windows\System32\AGEIA 2008-09-25 18:11 . 2008-09-25 18:11 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-09-25 16:15 . 2008-09-25 16:15 23,600 --a------ C:\Windows\System32\drivers\TVICHW32.SYS 2008-09-24 13:38 . 2008-09-24 13:38 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-09-18 21:07 . 2008-09-18 21:07 <DIR> d-------- C:\Users\All Users\Messenger Plus! 2008-09-18 21:07 . 2008-09-18 21:07 <DIR> d-------- C:\ProgramData\Messenger Plus! 2008-09-18 21:05 . 2008-10-01 19:47 <DIR> d-------- C:\Users\All Users\Setup Nurb Wma 2008-09-18 21:05 . 2008-10-01 19:47 <DIR> d-------- C:\Users\All Users\Iso Web Bags Else 2008-09-18 21:05 . 2008-10-01 19:47 <DIR> d-------- C:\ProgramData\Setup Nurb Wma 2008-09-18 21:05 . 2008-10-01 19:47 <DIR> d-------- C:\ProgramData\Iso Web Bags Else 2008-09-18 21:04 . 2008-09-18 21:04 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2008-09-18 21:04 . 2008-10-01 14:24 <DIR> d-------- C:\Program Files\Circle Developement 2008-09-17 20:15 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-09-17 20:15 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-09-17 20:15 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-09-17 20:15 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-09-17 20:15 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-09-17 20:15 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-09-17 20:15 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-09-17 20:14 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-09-17 20:14 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-09-16 23:32 . 2008-09-16 23:24 4,172,183 --a------ C:\Users\get_video 2008-09-16 23:30 . 2008-09-16 23:30 <DIR> d-------- C:\Program Files\Audio Conversion Studio 2008-09-16 23:12 . 2008-10-02 17:51 <DIR> d-------- C:\Downloads 2008-09-16 23:12 . 2008-09-16 23:12 2,560 --a------ C:\Windows\System32\bitcometres.dll 2008-09-16 23:11 . 2008-09-17 10:38 <DIR> d-------- C:\Program Files\BitComet 2008-09-16 21:00 . 2008-09-16 21:00 <DIR> d-------- C:\Program Files\leirurur 2008-09-16 16:50 . 2008-09-16 16:50 <DIR> d-------- C:\PerfLogs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-13 15:12 27,525 ----a-w C:\Users\Karsten\AppData\Roaming\nvModes.dat 2008-10-02 16:28 --------- d-----w C:\Program Files\Steam 2008-10-01 11:58 --------- d-----w C:\Program Files\Winamp 2008-09-29 19:28 --------- d-----w C:\Program Files\World of Warcraft 2008-09-29 19:26 --------- d-----w C:\Program Files\wow ting 2008-09-25 16:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-25 16:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-16 15:00 174 --sha-w C:\Program Files\desktop.ini 2008-09-16 14:53 --------- d-----w C:\Program Files\Windows Calendar 2008-09-16 14:52 --------- d-----w C:\Program Files\Windows Sidebar 2008-09-16 14:52 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-09-16 14:52 --------- d-----w C:\Program Files\Windows Mail 2008-09-16 14:52 --------- d-----w C:\Program Files\Windows Defender 2008-09-16 14:39 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-09-16 14:39 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-09-16 08:45 --------- d-----w C:\Program Files\Common Files\Steam 2008-09-16 07:56 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-11 11:34 --------- d-----w C:\Program Files\Your Freedom 2008-09-11 10:06 --------- d-----w C:\Program Files\MSBuild 2008-09-11 10:06 --------- d-----w C:\Program Files\Microsoft Works 2008-09-11 10:04 --------- d-----w C:\Program Files\Microsoft.NET 2008-09-11 09:59 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-09-10 16:57 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-09-09 15:55 --------- d-----w C:\Users\Karsten\AppData\Roaming\LimeWire 2008-09-09 12:35 --------- d-----w C:\Program Files\Hewlett-Packard 2008-09-09 10:56 --------- d-----w C:\Users\Karsten\AppData\Roaming\Clue 2008-09-09 08:35 --------- d-----w C:\Program Files\LimeWire 2008-09-09 08:35 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-09-09 08:13 --------- d-----w C:\Program Files\SocksCapV2 2008-09-09 07:31 --------- d-----w C:\Program Files\Common Files\PCschematic 2008-09-09 07:31 --------- d-----w C:\Program Files\Common Files\Open Design Alliance 2008-09-08 16:44 --------- d-----w C:\ProgramData\Lavasoft 2008-09-08 16:41 --------- d-----w C:\Program Files\Lavasoft 2008-09-08 15:21 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-09-04 13:09 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf 2008-09-04 13:08 --------- d-----w C:\Program Files\Synaptics 2008-08-27 20:28 --------- d-----w C:\Program Files\Sun 2008-08-27 20:28 --------- d-----w C:\Program Files\Java 2008-08-27 20:20 --------- d-----w C:\Program Files\Common Files\Java 2008-08-27 15:02 --------- d-----w C:\Users\Karsten\AppData\Roaming\Media Player Classic 2008-08-27 13:47 61,440 ----a-w C:\Windows\System32\winipsec.dll 2008-08-27 13:47 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2008-08-27 13:47 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll 2008-08-27 13:47 272,896 ----a-w C:\Windows\System32\polstore.dll 2008-08-27 13:44 269,312 ----a-w C:\Windows\System32\es.dll 2008-08-27 13:20 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-08-26 21:30 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-08-26 21:27 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-08-26 21:13 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2008-08-26 21:12 9,847,296 ----a-w C:\Windows\System32\NlsData000a.dll 2008-08-26 21:06 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-08-26 21:00 988,216 ----a-w C:\Windows\System32\winload.exe 2008-08-26 21:00 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-08-26 21:00 615,992 ----a-w C:\Windows\System32\ci.dll 2008-08-26 21:00 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-08-26 21:00 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-08-26 21:00 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-08-26 21:00 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-08-26 21:00 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-08-26 21:00 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-08-26 21:00 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-08-26 20:55 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-08-26 20:52 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-08-26 20:50 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-08-26 20:50 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-08-26 20:48 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-08-26 20:48 1,695,744 ----a-w C:\Windows\System32\gameux.dll 2008-08-26 20:43 84,480 ----a-w C:\Windows\System32\INETRES.dll 2008-08-26 20:43 738,304 ----a-w C:\Windows\System32\inetcomm.dll 2008-08-26 20:43 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-08-26 20:42 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-08-26 20:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-08-26 20:42 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-26 19:09 --------- d-----w C:\Program Files\Windows Live 2008-08-26 19:03 --------- d-----w C:\ProgramData\WLInstaller 2008-08-26 18:03 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-08-26 17:40 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-08-26 17:40 --------- d-----w C:\Users\Karsten\AppData\Roaming\DAEMON Tools 2008-08-26 15:28 --------- d-----w C:\Users\Karsten\AppData\Roaming\Thunderbird 2008-08-26 15:28 --------- d-----w C:\Users\Karsten\AppData\Roaming\Talkback 2008-08-26 15:27 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-26 15:07 --------- d-----w C:\Program Files\CCleaner 2008-08-26 14:58 --------- d-----w C:\Program Files\Yahoo! 2008-08-26 14:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-26 14:55 --------- d-----w C:\ProgramData\Symantec 2008-08-26 14:35 --------- d-----w C:\ProgramData\CyberLink 2008-08-26 14:35 --------- d-----w C:\Program Files\Acer Inc 2008-08-26 14:27 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf 2008-08-26 14:27 --------- d-----w C:\Program Files\Apoint2K 2008-08-26 14:25 --------- d-----w C:\Program Files\Acer Arcade Deluxe 2008-08-26 14:23 --------- d-----w C:\Program Files\Launch Manager 2008-08-26 14:20 --------- d-----w C:\Users\Karsten\AppData\Roaming\InstallShield 2008-08-26 14:14 --------- d-sh--w C:\ProgramData\Start-meny 2008-08-26 14:14 --------- d-sh--w C:\ProgramData\Skrivebord 2008-08-26 14:14 --------- d-sh--w C:\ProgramData\Programdata 2008-08-26 14:14 --------- d-sh--w C:\ProgramData\Maler 2008-08-26 14:14 --------- d-sh--w C:\ProgramData\Favoritter 2008-08-26 14:14 --------- d-sh--w C:\ProgramData\Dokumenter 2008-08-26 14:14 --------- d-sh--w C:\Program Files\Fellesfiler 2008-08-26 14:10 --------- d-----w C:\Program Files\SUYIN . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624] "Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2008-10-02 913664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pollwipe"="C:\ProgramData\Info math math.79qgwvy" [X] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144] "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-24 45056] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 752136] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-06 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-06 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-06 81920] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 290816] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 C:\Windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-03 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-03-08 04:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 17:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie] --------- 2007-05-24 13:38 206952 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-08-26 20:10 1271032 C:\Program Files\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-714583083-663644838-1438233626-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{865A5C83-C108-437B-8AF3-39BF8E851292}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{25E5AE1B-5384-4FC7-B15B-F0F0DBB071C3}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{BB90C049-97AE-47C9-9947-AC02E36FED37}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{3B8E43F8-5124-4484-B682-2CA2E37ADC55}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{A2E4576B-49A0-4638-8135-CB72BA16E8FE}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{7B1EFDE1-7788-48E0-BEAF-EA81E17AAEFB}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{2D729D9B-5D16-4DDE-8CC2-0D09E8898C29}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{D4B4C9C6-9BD9-4AE5-A1D0-BC922F1B24CC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{E48605A9-0648-44AC-B13E-7621A64135F5}C:\\program files\\steam\\steamapps\\91crazyman\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\91crazyman\counter-strike source\hl2.exe:hl2 "UDP Query User{83A4BCD6-6856-4BF6-B263-9AD797A8FCB6}C:\\program files\\steam\\steamapps\\91crazyman\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\91crazyman\counter-strike source\hl2.exe:hl2 "{D4772DDB-E2BE-4E92-8593-B557140FB92D}"= UDP:C:\Program Files\World of Warcraft\Launcher.exe:World of Warcraft "{2C740006-D21E-49BF-AD10-4E9B9E2E1E9B}"= TCP:C:\Program Files\World of Warcraft\Launcher.exe:World of Warcraft "{863F9B38-FD62-4939-941B-247DE7EA58D5}"= UDP:6112:WoW1 "{D6A4779C-B906-42C8-8A6E-E67BD2959E89}"= UDP:6881:wow2 "{B6FABE57-52CF-4D87-8314-FE28D0CBE18E}"= UDP:6999:wow3 "TCP Query User{1290A2E3-0C41-4E3C-972E-B870FF2480DE}C:\\program files\\your freedom\\freedom.exe"= UDP:C:\program files\your freedom\freedom.exe:freedom "UDP Query User{BE22CA01-7628-49EB-9353-692833FF3023}C:\\program files\\your freedom\\freedom.exe"= TCP:C:\program files\your freedom\freedom.exe:freedom "{E6DF49B7-551A-4A5B-9077-E4EB3DBCD328}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{C09F1849-9C41-4B98-8267-6DEF55773731}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{042BB969-FA4C-4EDB-B1B8-6FF60CC4671B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{CAA1A1A5-AA60-4D2F-ACAC-54107090F192}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C9D3A617-BCF0-412E-8A96-4309405792E9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{568CF7BC-E4CB-4C8B-B8B0-1B7B4CC58EE5}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{1EBDE41C-A59C-41B7-9341-AD4D25D1121E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C0EA3AC9-A340-42F3-B74C-119D78FED079}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{93F1CB97-4D23-4853-BDA9-5168F085D8C1}"= UDP:24834:BitComet 24834 TCP "{5A06F639-DE00-4126-AF92-A111AE22E6F7}"= TCP:24834:BitComet 24834 UDP "TCP Query User{B16FFD7B-6D02-4DA6-9AB3-708E2794A80D}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{D14291D6-AB6D-4630-BB32-0FBD4A2397FE}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{5267AA50-FE4C-46B3-B596-0CDE853EB3CA}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{7E67C46B-6F8A-4EF9-B183-67030FD3A572}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "{710E1BD6-2A37-459B-8C86-CBC381106E53}"= UDP:24834:BitComet 24834 TCP "{34123307-C931-4342-ACA8-DE67B7B00C1C}"= TCP:24834:BitComet 24834 UDP "TCP Query User{B060826C-7489-4162-AD9D-265BA13A8146}C:\\users\\karsten\\desktop\\cs2d\\counterstrike2d.exe"= UDP:C:\users\karsten\desktop\cs2d\counterstrike2d.exe:counterstrike2d.exe "UDP Query User{31FAD272-3CAB-42D3-8413-EBC6EDD8C881}C:\\users\\karsten\\desktop\\cs2d\\counterstrike2d.exe"= TCP:C:\users\karsten\desktop\cs2d\counterstrike2d.exe:counterstrike2d.exe "TCP Query User{5C3500D7-EEB9-44C6-873A-3A0CEAA36B6E}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{9D545FF3-78E2-4D5A-9D44-6957F82E72EB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{9E08A9D9-AF13-40BB-8E0C-1116F87B7085}C:\\users\\karsten\\desktop\\ting\\cs2d\\counterstrike2d.exe"= UDP:C:\users\karsten\desktop\ting\cs2d\counterstrike2d.exe:counterstrike2d.exe "UDP Query User{453E1814-EEFC-4B5C-9DC2-60267B63EB74}C:\\users\\karsten\\desktop\\ting\\cs2d\\counterstrike2d.exe"= TCP:C:\users\karsten\desktop\ting\cs2d\counterstrike2d.exe:counterstrike2d.exe "TCP Query User{9F044FBB-595B-4996-B7B2-E6F8DAB47C02}C:\\program files\\bzflag2.0.10\\bzflag.exe"= UDP:C:\program files\bzflag2.0.10\bzflag.exe:bzflag "UDP Query User{AB5EF310-7BB9-47C3-85D7-EFE91CF2B9DC}C:\\program files\\bzflag2.0.10\\bzflag.exe"= TCP:C:\program files\bzflag2.0.10\bzflag.exe:bzflag "TCP Query User{CDFFF5B3-54E2-46CF-B545-15CFFA927D72}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{7D9E1D46-4CFE-47DB-85F4-D5BF85EC4CAF}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "TCP Query User{567C140C-5803-4A9B-A24B-FC2B5EFAC178}C:\\users\\karsten\\downloads\\housecall66.exe"= UDP:C:\users\karsten\downloads\housecall66.exe:housecall66.exe "UDP Query User{058FEA0D-D3F5-4CF5-A09A-59C6961C105C}C:\\users\\karsten\\downloads\\housecall66.exe"= TCP:C:\users\karsten\downloads\housecall66.exe:housecall66.exe R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 16:51 13560] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 32256] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-15 92656] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43f2244e-743d-11dd-ae27-001b382a6bb0}] \shell\AutoRun\command - F:\SETUP.EXE \shell\configure\command - F:\SETUP.EXE \shell\install\command - F:\SETUP.EXE *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKLM-Run-SetPanel - C:\Acer\APanel\APanel.cmd Notify-avgwlntf - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\Karsten\AppData\Roaming\Mozilla\Firefox\Profiles\8ljrldzh.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-13 18:49:01 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-13 18:50:29 ComboFix-quarantined-files.txt 2008-10-13 16:50:26 Pre-Run: 15 151 554 560 byte ledig Post-Run: 14,702,546,944 byte ledig 325 --- E O F --- 2008-10-13 13:29:07 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:53:28, on 13.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Winamp\winamp.exe C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsiden.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe" O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [pollwipe] "C:\ProgramData\Info math math.79qgwvy" O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 9062 bytes tror det skulle vare alt Endret 13. oktober 2008 av Karstenb91 Lenke til kommentar
Don't salute! Skrevet 13. oktober 2008 Del Skrevet 13. oktober 2008 hvis du er administrator tror jeg nok at det er bare du som klarer å se loggen. men etter som jeg har forstått det, så loggføres ALT av hva det er du gjør på internett, enten det er spilling eller chat, eller hva det nå skulle være. Lenke til kommentar
DSAS Skrevet 13. oktober 2008 Forfatter Del Skrevet 13. oktober 2008 hvis du er administrator tror jeg nok at det er bare du som klarer å se loggen. men etter som jeg har forstått det, så loggføres ALT av hva det er du gjør på internett, enten det er spilling eller chat, eller hva det nå skulle være. ehh... fylgte denne https://www.diskusjon.no/index.php?showtopic=691246 så jeg lurer på om noe kan se om det er noe som ikke bør vare der, som fks, ormer, spyware osv.. Lenke til kommentar
snippsat Skrevet 13. oktober 2008 Del Skrevet 13. oktober 2008 Du har misforstått macdour. Han har lagd ut logger for og få sjekket eller fjernet maleware. Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O4 - HKLM\..\Run: [pollwipe] "C:\ProgramData\Info math math.79qgwvy" O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O13 - Gopher Prefix: O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - Da ser det bra ut Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
DSAS Skrevet 13. oktober 2008 Forfatter Del Skrevet 13. oktober 2008 har en liten følelse at jeg har noen trojanere også, har brukt sånn recovery ting for å få den til bake til fabrikant for ei ri siden, men pcn lagger fortsatt, har noen her noen tips om brae program som kan sjekke om jeg har trojanere eller virus? bruker avg atm... Lenke til kommentar
r2d290 Skrevet 13. oktober 2008 Del Skrevet 13. oktober 2008 Nå har det seg sånn at du netopp har brukt det beste programmet som finnes for å finne trojanere og virus (altså combofix)... Og når Snippsat sier at du er ren, pleier det å bety at du er det Men det kan være andre ting som gjør at PC-en går tregt. Ser du har CCleaner på PC-en. Kjør ccleaner og registerrens (svar ja ved spm. om backup.) Defragmering. Auslogics Disk Defrag + Free Registry Defrag + Pagedefrag (Altså bruker du alle disse). Gi tilbakemelding på om PC-en er raskere etter dette Lenke til kommentar
Bruker-158599 Skrevet 13. oktober 2008 Del Skrevet 13. oktober 2008 (endret) Nå har det seg sånn at du netopp har brukt det beste programmet som finnes for å finne trojanere og virus (altså combofix)... Og når Snippsat sier at du er ren, pleier det å bety at du er det Men det kan være andre ting som gjør at PC-en går tregt. Ser du har CCleaner på PC-en. Kjør ccleaner og registerrens (svar ja ved spm. om backup.) Defragmering. Auslogics Disk Defrag + Free Registry Defrag + Pagedefrag (Altså bruker du alle disse). Gi tilbakemelding på om PC-en er raskere etter dette Hvor trygt er det med et annet defragmenterings program? Vet at MS sitt gjør en dårlig jobb , Endret 30. juli 2010 av riskake90 Lenke til kommentar
r2d290 Skrevet 13. oktober 2008 Del Skrevet 13. oktober 2008 Hva legger du i ordet "trygt"? Risiko for at PC blir ødelagt eller...? Er nok uansett ikke rett person til å svare, er bare en pakke jeg har sett snipp har pleid å bruke... Lenke til kommentar
Bruker-158599 Skrevet 14. oktober 2008 Del Skrevet 14. oktober 2008 Hva legger du i ordet "trygt"? Risiko for at PC blir ødelagt eller...? Er nok uansett ikke rett person til å svare, er bare en pakke jeg har sett snipp har pleid å bruke... Vet ikke helt hva jeg legger i ordet "trygt", ikke at Pcen blir øderlagt, men at du får problemer Vet ikke helt, har alltid lurt på det. Lenke til kommentar
DSAS Skrevet 16. oktober 2008 Forfatter Del Skrevet 16. oktober 2008 trur pc'n ble litt raskere, men fortsatt burde ikke cs 1,6 lagge..... er litt rart at en pc som har dualcore pross. 4gb ram osv, lagger på cs, css og wow.... er ikke internetten... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå