Insomniatic Skrevet 24. april 2010 Del Skrevet 24. april 2010 Oppdaget i stad at samme prosess (server.exe) hele tiden åpner seg. Begynte med at jeg merka at PCen kjørte treigt, så jeg åpna oppgavebehandling, der var det masse av server.exe, som var på rundt 2400 kb - 2700 kb, og tok 1% (hver av dem). Har ikke tilgang til internett på denne PCen, og synes heller ikke at det er særlig lurt å gi den det, siden jeg mistenker at viruset kommer til å sende videre masse info av det jeg har, som passord (lagra i firefox) og annet. Noen som har opplevd dette tidligere, og fått fikset det? Kjørte Spybot S&D, men den har ikke vært oppdatert på flere uker/måneder. Kan prøve å få kjørt en hijackthis og combofix, og poste logg, hvis noen kan se på det. Er en Acer Aspire 5737Z med Windows Vista Home Premium 32bit 4gb ram. Lenke til kommentar
Insomniatic Skrevet 24. april 2010 Forfatter Del Skrevet 24. april 2010 Her er HJT logg: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:20:24, on 24.04.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Michael\Desktop\fseasyclean.exe C:\Windows\explorer.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\mobsync.exe C:\Users\Michael\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0409&m=aspire_5737z R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0409&m=aspire_5737z R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0409&m=aspire_5737z R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0409&m=aspire_5737z R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\CyberGate\install\server.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\CyberGate\install\server.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: Customize Translation Options - C:\Program Files\PRMT8\PRMTIE\options.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Online Dictionaries - C:\Program Files\PRMT8\PRMTIE\oda.htm O8 - Extra context menu item: Open Entry - C:\Program Files\PRMT8\PRMTIE\addentry.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Translate - C:\Program Files\PRMT8\PRMTIE\translat.htm O8 - Extra context menu item: Translate Page - C:\Program Files\PRMT8\PRMTIE\page.htm O8 - Extra context menu item: Unknown Words - C:\Program Files\PRMT8\PRMTIE\infopanel.htm O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10442 bytes Mye kan være ukorrekt nå, siden combofix slo pcen av og på. Når jeg får slettet rota til server.exe, så gjenopprettes den selv etter at jeg har sletta den fra papirkurven også Combofix logg kommer nok om ikke lenge Lenke til kommentar
Insomniatic Skrevet 24. april 2010 Forfatter Del Skrevet 24. april 2010 ComboFix log ComboFix 10-04-21.01 - Michael 24.04.2010 15:40:16.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2813.1609 [GMT 2:00] Kjører fra: c:\users\Michael\Desktop\ComboFix.exe SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604} SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1036060314-1578210108-943081676-500 c:\$recycle.bin\S-1-5-21-1174699977-3940348095-610486557-1000 c:\$recycle.bin\S-1-5-21-446278759-3945786453-416701414-1001 C:\ErrLog.txt c:\program files\Cheat Engine\dbk32.sys c:\program files\Common Files\alg.exe c:\users\Michael\AppData\Roaming\.# c:\users\Michael\AppData\Roaming\.#\MBX@1010@D32908.### c:\users\Michael\AppData\Roaming\.#\MBX@1010@D32938.### c:\users\Michael\AppData\Roaming\.#\MBX@1010@D32968.### c:\users\Michael\AppData\Roaming\.#\MBX@168C@1CC2908.### c:\users\Michael\AppData\Roaming\.#\MBX@168C@1CC2938.### c:\users\Michael\AppData\Roaming\.#\MBX@168C@1CC2968.### c:\users\Michael\AppData\Roaming\.#\MBX@168C@1D82908.### c:\users\Michael\AppData\Roaming\.#\MBX@168C@1D82938.### c:\users\Michael\AppData\Roaming\.#\MBX@168C@1D82968.### c:\users\Michael\AppData\Roaming\.#\MBX@1740@1CD2908.### c:\users\Michael\AppData\Roaming\.#\MBX@1740@1CD2938.### c:\users\Michael\AppData\Roaming\.#\MBX@1740@1CD2968.### c:\users\Michael\AppData\Roaming\.#\MBX@17EC@21B2908.### c:\users\Michael\AppData\Roaming\.#\MBX@17EC@21B2938.### c:\users\Michael\AppData\Roaming\.#\MBX@17EC@21B2968.### c:\users\Michael\AppData\Roaming\.#\MBX@17FC@3B2908.### c:\users\Michael\AppData\Roaming\.#\MBX@17FC@3B2938.### c:\users\Michael\AppData\Roaming\.#\MBX@17FC@3B2968.### c:\users\Michael\AppData\Roaming\.#\MBX@1A08@1AE2908.### c:\users\Michael\AppData\Roaming\.#\MBX@1A08@1AE2938.### c:\users\Michael\AppData\Roaming\.#\MBX@1A08@1AE2968.### c:\users\Michael\AppData\Roaming\.#\MBX@1EE8@2E2908.### c:\users\Michael\AppData\Roaming\.#\MBX@1EE8@2E2938.### c:\users\Michael\AppData\Roaming\.#\MBX@1EE8@2E2968.### c:\users\Michael\AppData\Roaming\.#\MBX@1F64@1EE2908.### c:\users\Michael\AppData\Roaming\.#\MBX@1F64@1EE2938.### c:\users\Michael\AppData\Roaming\.#\MBX@1F64@1EE2968.### c:\users\Michael\AppData\Roaming\.#\MBX@6B8@1C02908.### c:\users\Michael\AppData\Roaming\.#\MBX@6B8@1C02938.### c:\users\Michael\AppData\Roaming\.#\MBX@6B8@1C02968.### c:\users\Michael\AppData\Roaming\logs.dat c:\windows\wpe pro.INI . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-03-24 til 2010-04-24 ))))))))))))))))))))))))))))))))) . 2010-04-24 11:18 . 2010-04-24 11:18 -------- d-----w- C:\directory 2010-04-23 14:20 . 2010-04-23 14:20 -------- d-----w- c:\users\Michael\AppData\Local\Mato_Technologies 2010-04-23 14:17 . 2010-04-23 14:17 -------- d-----w- c:\users\Michael\AppData\Local\_dfx_Editor 2010-04-23 14:10 . 2010-04-23 14:10 -------- d-----w- c:\program files\GTASAConsole 2010-04-20 13:18 . 2010-04-20 13:18 -------- d-----w- c:\program files\Conduit 2010-04-17 11:45 . 2010-04-22 17:23 -------- d-----w- c:\program files\Common Files\Real 2010-04-17 10:43 . 2010-04-17 10:44 -------- d--h--w- c:\windows\msdownld.tmp 2010-04-17 09:32 . 2010-04-17 09:32 -------- d-----w- c:\program files\Xilisoft 2010-04-17 08:44 . 2010-04-17 08:44 -------- d-----w- c:\program files\4Media 2010-04-15 06:37 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-15 06:37 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-15 06:37 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-15 06:37 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-04-15 06:37 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-04-15 06:37 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-04-15 06:37 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-15 06:37 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-04-15 06:37 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2010-04-15 06:36 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2010-04-15 06:36 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-11 01:55 . 2010-04-11 18:26 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-04-11 01:49 . 2010-04-11 01:49 -------- d-----w- c:\program files\Common Files\Protexis 2010-04-11 01:49 . 2010-04-11 01:50 -------- d-----w- c:\program files\Common Files\Corel 2010-04-11 01:44 . 2010-04-11 01:49 -------- d-----w- c:\program files\Corel 2010-04-03 02:27 . 2010-04-03 02:28 -------- d-----w- c:\users\Michael\AppData\Roaming\FreeBurner 2010-04-02 22:19 . 2010-04-02 22:19 -------- d-----w- c:\programdata\DAEMON Tools Pro 2010-03-31 14:14 . 2010-03-31 15:04 -------- d-----w- c:\users\Michael\AppData\Local\Spotify 2010-03-31 14:14 . 2010-03-31 14:39 -------- d-----w- c:\users\Michael\AppData\Roaming\Spotify 2010-03-31 14:14 . 2010-03-31 14:14 -------- d-----w- c:\program files\Spotify 2010-03-31 13:43 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll 2010-03-31 13:43 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-31 00:24 . 2010-03-31 00:24 -------- d-----w- c:\program files\Adobe Media Player 2010-03-31 00:22 . 2010-03-31 00:22 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-03-30 16:03 . 2010-03-30 16:03 -------- d-----w- c:\program files\iPod 2010-03-30 16:03 . 2010-03-30 16:04 -------- d-----w- c:\program files\iTunes 2010-03-30 15:54 . 2010-03-30 15:54 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-03-30 15:50 . 2010-03-30 15:50 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2010-03-30 15:22 . 2005-01-12 16:56 335872 ----a-w- c:\windows\system32\m4atag.dll 2010-03-30 15:21 . 2010-03-30 15:25 -------- d-----w- c:\program files\mp3Tag 5 2010-03-30 15:08 . 2007-04-30 11:10 315392 ----a-w- c:\programdata\RapidSolution\Tagrunner\lyrics\LyricsOnDemand.dll 2010-03-30 15:08 . 2007-04-30 11:10 327680 ----a-w- c:\programdata\RapidSolution\Tagrunner\lyrics\LyricsVault.dll 2010-03-30 15:08 . 2007-04-30 11:10 327680 ----a-w- c:\programdata\RapidSolution\Tagrunner\lyrics\LyricsDemon.dll 2010-03-30 15:08 . 2007-04-30 11:10 311296 ----a-w- c:\programdata\RapidSolution\Tagrunner\lyrics\AstraLyrics.dll 2010-03-30 15:08 . 2007-04-30 11:10 339968 ----a-w- c:\programdata\RapidSolution\Tagrunner\general\allmusic.dll 2010-03-30 15:08 . 2007-04-30 11:10 413696 ----a-w- c:\programdata\RapidSolution\Tagrunner\general\amazon.dll 2010-03-30 15:08 . 2007-04-30 11:10 331776 ----a-w- c:\programdata\RapidSolution\Tagrunner\general\sonybmg.dll 2010-03-30 15:08 . 2007-04-30 11:10 339968 ----a-w- c:\programdata\RapidSolution\Tagrunner\general\connect.dll 2010-03-30 15:08 . 2007-04-30 11:09 307200 ----a-w- c:\programdata\RapidSolution\Tagrunner\general\mp3com.dll 2010-03-30 15:08 . 2010-03-30 15:10 -------- d-----w- c:\program files\TagRunner 2010-03-30 15:08 . 2010-03-30 15:08 -------- d-----w- c:\programdata\RapidSolution 2010-03-30 14:50 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2010-03-30 14:50 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2010-03-30 14:49 . 2010-03-30 14:49 -------- d-----w- c:\program files\Winamp Detect 2010-03-29 19:57 . 2010-03-29 19:57 -------- d-----w- c:\users\Michael\AppData\Roaming\DAEMON Tools Pro 2010-03-29 19:54 . 2010-03-29 19:56 -------- d-----w- c:\program files\DAEMON Tools Pro 2010-03-29 19:44 . 2010-04-17 00:13 -------- d-----w- c:\programdata\FLEXnet 2010-03-29 19:33 . 2010-03-29 19:33 685816 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-03-29 17:52 . 2010-03-29 17:52 -------- d-----w- c:\program files\Sony 2010-03-29 17:04 . 2010-03-29 17:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-03-29 16:12 . 2010-03-29 16:12 -------- d-----w- c:\users\Michael\AppData\Roaming\Publish Providers 2010-03-29 16:04 . 2010-03-30 23:04 -------- d-----w- c:\users\Michael\AppData\Roaming\Sony 2010-03-29 16:04 . 2010-03-29 16:05 -------- d-----w- c:\users\Michael\AppData\Local\Sony 2010-03-29 16:00 . 2010-03-29 16:00 -------- d-----w- c:\programdata\Sony 2010-03-28 19:33 . 2010-03-28 19:33 0 ----a-w- c:\users\Michael\jagex__preferences3.dat 2010-03-26 18:33 . 2010-03-26 18:33 -------- d-----w- c:\program files\Ligos 2010-03-26 18:33 . 2000-06-23 13:05 136704 ----a-w- c:\windows\system32\iacenc.dll 2010-03-26 18:33 . 2000-06-22 12:09 56320 ------w- c:\windows\system32\iyvu9_32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-24 13:49 . 2009-05-23 20:21 -------- d-----w- c:\program files\Cheat Engine 2010-04-24 13:35 . 2010-02-28 23:26 12 ----a-w- c:\windows\bthservsdp.dat 2010-04-24 13:23 . 2008-01-21 06:14 76478 ----a-w- c:\windows\system32\perfc014.dat 2010-04-24 13:23 . 2008-01-21 06:14 452326 ----a-w- c:\windows\system32\perfh014.dat 2010-04-24 10:41 . 2010-01-24 15:57 -------- d-----w- c:\users\Michael\AppData\Roaming\wsInspector 2010-04-24 10:41 . 2009-08-14 02:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-04-24 08:43 . 2009-12-31 03:07 -------- d-----w- c:\users\Michael\AppData\Roaming\Disk Cleaner 2010-04-23 14:10 . 2009-04-17 17:41 127601 ----a-w- c:\programdata\nvModes.dat 2010-04-22 17:13 . 2010-01-23 15:09 -------- d-----w- c:\program files\Startup Inspector for Windows 2010-04-22 17:04 . 2010-01-09 20:23 -------- d-----w- c:\users\Michael\AppData\Roaming\uTorrent 2010-04-20 13:18 . 2010-03-22 20:28 -------- d-----w- c:\program files\Messenger_Plus_Live 2010-04-20 13:17 . 2009-04-20 19:17 -------- d-----w- c:\program files\Messenger Plus! Live 2010-04-19 12:14 . 2009-04-16 14:20 -------- d-----r- c:\program files\Mappe 2010-04-18 11:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-04-17 00:16 . 2009-02-05 23:56 -------- d-----w- c:\programdata\Microsoft Help 2010-04-16 07:24 . 2009-04-16 13:17 88696 ----a-w- c:\users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-11 02:13 . 2009-02-06 01:17 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-11 01:55 . 2009-06-27 23:17 -------- d-----w- c:\users\Michael\AppData\Roaming\Corel 2010-04-11 01:53 . 2009-06-20 19:42 -------- d-----w- c:\programdata\Corel 2010-04-10 20:58 . 2009-05-05 15:46 -------- d-----w- c:\users\Michael\AppData\Roaming\Winamp 2010-04-10 18:48 . 2009-05-22 21:38 -------- d-----w- c:\users\Michael\AppData\Roaming\LimeWire 2010-04-04 17:55 . 2009-12-27 19:46 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-04-03 15:35 . 2010-02-07 13:51 -------- d-----w- c:\program files\MediaMonkey 2010-04-03 03:02 . 2009-04-16 13:31 -------- d-----w- c:\programdata\CyberLink 2010-04-03 03:02 . 2009-04-16 13:33 -------- d-----w- c:\users\Michael\AppData\Roaming\PowerCinema 2010-04-03 02:27 . 2010-01-30 23:46 -------- d-----w- c:\program files\Free Easy Burner 2010-04-02 21:58 . 2009-08-31 20:03 -------- d-----w- c:\users\Michael\AppData\Roaming\AVS4YOU 2010-04-02 21:57 . 2009-08-31 20:02 -------- d-----w- c:\program files\AVS4YOU 2010-03-31 22:56 . 2009-09-15 21:39 -------- d-----w- c:\users\Michael\AppData\Roaming\MessengerDiscovery 2 2010-03-30 16:03 . 2009-06-02 17:54 -------- d-----w- c:\program files\Common Files\Apple 2010-03-30 16:00 . 2009-06-02 17:50 -------- d-----w- c:\program files\QuickTime 2010-03-30 15:52 . 2009-06-02 17:48 -------- d-----w- c:\program files\Safari 2010-03-30 14:51 . 2009-05-05 15:46 -------- d-----w- c:\program files\Winamp 2010-03-29 17:01 . 2010-03-29 17:02 118520 ------w- c:\windows\system32\pxinsi64.exe 2010-03-29 17:01 . 2010-03-29 17:02 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys 2010-03-29 17:01 . 2010-03-29 17:02 129784 ------w- c:\windows\system32\pxafs.dll 2010-03-29 17:01 . 2010-03-29 17:02 116472 ------w- c:\windows\system32\pxcpyi64.exe 2010-03-28 19:36 . 2009-06-22 21:36 -------- d-----w- c:\program files\SwiftKit 2010-03-28 19:34 . 2009-09-02 14:59 69 ----a-w- c:\users\Michael\jagex_runescape_preferences2.dat 2010-03-28 19:33 . 2009-05-12 18:35 41 ----a-w- c:\users\Michael\jagex_runescape_preferences.dat 2010-03-28 14:53 . 2010-01-24 17:39 -------- d-----w- c:\program files\ManyCam 2.4 2010-03-28 14:44 . 2010-03-20 01:55 -------- d-----w- c:\users\Michael\AppData\Roaming\gtk-2.0 2010-03-23 07:03 . 2010-01-31 00:12 -------- d-----w- c:\users\Michael\AppData\Roaming\DeepBurner 2010-03-23 07:03 . 2009-07-05 14:34 -------- d-----w- c:\program files\Creative 2010-03-22 20:29 . 2009-04-20 19:17 -------- d-----w- c:\programdata\Messenger Plus! 2010-03-21 20:02 . 2009-10-11 20:31 -------- d--h--w- c:\program files\Creative Installation Information 2010-03-21 10:47 . 2009-02-05 23:51 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-18 15:52 . 2010-03-17 20:21 -------- d-----w- c:\users\Michael\AppData\Roaming\DVD Flick 2010-03-17 20:21 . 2010-03-17 20:20 -------- d-----w- c:\program files\DVD Flick 2010-03-09 17:28 . 2009-12-24 21:29 117760 ----a-w- c:\users\Michael\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-09 13:24 . 2010-03-09 13:24 -------- d-----w- c:\program files\LitexMedia 2010-03-08 19:26 . 2010-03-08 19:26 -------- d-----w- c:\program files\UltraISO 2010-03-08 19:26 . 2010-03-08 19:26 -------- d-----w- c:\program files\Common Files\EZB Systems 2010-03-08 17:27 . 2010-03-08 17:19 -------- d-----w- c:\users\Michael\AppData\Roaming\ImgBurn 2010-03-08 17:13 . 2010-03-08 17:13 -------- d-----w- c:\program files\ImgBurn 2010-03-08 14:49 . 2009-02-06 00:12 -------- d-----w- c:\program files\Google 2010-03-07 19:23 . 2009-12-24 21:24 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-06 17:06 . 2010-03-06 16:38 -------- d-----w- c:\program files\Nokia 2010-03-06 17:04 . 2010-03-06 16:41 -------- d-----w- c:\program files\Common Files\Nokia 2010-03-06 17:03 . 2010-02-28 22:50 34649552 ----a-w- c:\programdata\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\NokiaSoftwareUpdaterSetup_no.exe 2010-03-06 16:58 . 2010-02-28 23:19 -------- d-----w- c:\users\Michael\AppData\Roaming\Nokia 2010-03-06 16:57 . 2010-03-06 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2010-03-06 16:57 . 2010-02-28 23:19 -------- d-----w- c:\users\Michael\AppData\Roaming\PC Suite 2010-03-06 16:57 . 2010-02-28 23:19 -------- d-----w- c:\programdata\PC Suite 2010-03-06 16:56 . 2010-03-06 16:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2010-03-06 16:41 . 2010-03-06 16:41 -------- d-----w- c:\program files\Common Files\PCSuite 2010-03-06 16:37 . 2010-03-06 16:37 95232 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe 2010-03-06 16:37 . 2010-03-06 16:37 8192 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe 2010-03-06 16:37 . 2010-03-06 16:37 61440 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2010-03-06 16:37 . 2010-03-06 16:37 10240 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe 2010-03-06 16:37 . 2010-03-06 16:38 33646144 ----a-w- c:\programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_wu_nor.exe 2010-03-06 16:37 . 2010-02-28 22:48 -------- d-----w- c:\programdata\Installations 2010-03-06 16:31 . 2010-03-06 16:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2010-03-03 22:04 . 2010-03-03 22:04 -------- d-----w- c:\program files\GIMP-2.0 2010-03-02 14:04 . 2010-01-09 20:23 -------- d-----w- c:\program files\uTorrent 2010-02-28 23:35 . 2009-05-14 18:04 -------- d-----w- c:\users\Michael\AppData\Roaming\BitTorrent 2010-02-28 23:20 . 2010-02-28 22:54 -------- d-----w- c:\program files\DIFX 2010-02-28 23:18 . 2010-02-28 23:18 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe 2010-02-28 23:18 . 2010-02-28 23:18 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe 2010-02-28 23:18 . 2010-02-28 23:18 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2010-02-28 23:18 . 2010-02-28 23:18 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe 2010-02-28 23:16 . 2010-02-28 23:18 34467776 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_nor_web.exe 2010-02-28 23:09 . 2010-02-28 23:09 -------- d-----w- c:\programdata\Nokia 2010-02-28 23:09 . 2009-04-16 13:15 680 ----a-w- c:\users\Michael\AppData\Local\d3d9caps.dat 2010-02-28 22:53 . 2010-02-28 22:53 -------- d-----w- c:\program files\PC Connectivity Solution 2010-02-28 22:48 . 2010-02-28 22:48 3351812 ----a-w- c:\programdata\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\msxml6Exec.exe 2010-02-28 22:48 . 2010-02-28 22:48 36864 ----a-w- c:\programdata\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\Sleep.exe 2010-02-28 22:48 . 2010-02-28 22:48 3203453 ----a-w- c:\programdata\Installations\{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}\Installer\CommonCustomActions\vcredistExec.exe 2010-02-28 14:19 . 2010-02-28 02:31 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-02-28 02:39 . 2010-02-28 02:39 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1 2010-02-28 02:18 . 2010-02-28 02:18 -------- d-----w- c:\program files\Rockstar Games 2010-02-24 08:16 . 2009-10-03 22:39 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-20 23:06 . 2010-03-14 02:00 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-14 02:00 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-14 02:00 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-14 16:19 . 2010-02-14 16:19 1923880 ----a-w- c:\users\Michael\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-02-12 10:32 . 2010-03-14 02:08 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-02-04 08:01 . 2010-04-17 10:45 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2010-02-04 08:01 . 2010-04-17 10:45 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2010-02-04 08:01 . 2010-04-17 10:45 238936 ----a-w- c:\windows\system32\xactengine3_6.dll 2009-12-04 13:04 . 2009-12-04 13:04 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176] [HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}] 2010-02-22 10:05 2353176 ----a-w- c:\program files\Messenger_Plus_Live\tbMess.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176] [HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176] [HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-10-27 11:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-02-06 686624] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-24 870920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824] "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456] "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936] "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "VistaSp2"=hex(b):75,90,9f,d2,1d,3c,ca,01 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-29 685816] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072] R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-04 30192] R3 GTFFBUS;GT FF BUS;c:\windows\system32\DRIVERS\gtffbus.sys [2007-01-15 17152] R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 122240] R3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-01-15 36992] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-12-29 109920] R3 PNPMEM;Microsoft Memory Module Driver;c:\windows\system32\DRIVERS\pnpmem.sys [2008-01-21 17408] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-07 12872] R3 WSDPrintDevice;WSD-utskriftsstøtte via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-07 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-03-07 66632] S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384] S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-02-06 653856] S2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128] S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504] S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432] S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952] S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736] S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-29 223232] S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-24 45600] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32VC43T4-YCUA-55NK-Q1PG-6XXPXO33100E}] 2006-01-05 09:47 446464 --sha-r- c:\directory\CyberGate\install\server.exe . . ------- Tilleggsskanning ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0409&m=aspire_5737z mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0409&m=aspire_5737z uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Customize Translation Options - c:\program files\PRMT8\PRMTIE\options.htm IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Online Dictionaries - c:\program files\PRMT8\PRMTIE\oda.htm IE: Open Entry - c:\program files\PRMT8\PRMTIE\addentry.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm IE: Translate - c:\program files\PRMT8\PRMTIE\translat.htm IE: Translate Page - c:\program files\PRMT8\PRMTIE\page.htm IE: Unknown Words - c:\program files\PRMT8\PRMTIE\infopanel.htm LSP: c:\windows\system32\wpclsp.dll FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\yfrhsg8a.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.lockerz.com/myLocker FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\yfrhsg8a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - AddRemove-Nyno 3.1 - c:\nyno31\instnyno.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-24 15:50 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-446278759-3945786453-416701414-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F475C57-C689-0422-A386-C93AF35C4B88}*] "iapjamghhnhemfbcbj"=hex:6b,61,61,69,6d,61,6b,6b,65,66,68,64,6a,6f,63,6a,69,6f, 68,61,63,6f,00,00 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2010-04-24 15:53:15 ComboFix-quarantined-files.txt 2010-04-24 13:53 Pre-Run: 34 813 517 824 byte ledig Post-Run: 34 540 011 520 byte ledig - - End Of File - - A043986464F8CC6A7A0A2FD769B10E0B Lenke til kommentar
raWrz Skrevet 24. april 2010 Del Skrevet 24. april 2010 (endret) Server.exe brukes til RAT (Remote Administration Tool) aka. de kan styre dataen din fra en annen datamaskin. De er lette og fikse. eneste grunnen fordi antiviruset ditt ikke finner det er fordi de Encrypter det. Ps. den kommer ikke uten at noen har kjør filen på maskina di eller at du har gjort det. Start HijackThis Velg: Do a systemscan only Sett en hake i boksene foran disse linjene: O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\CyberGate\install\server.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\CyberGate\install\server.exe Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked. Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette. Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg: Start HijackThis Velg: Do a systemscan, and save a logfile Post denne loggen i din neste post. Et tips: Legg loggfilene i spoiler: [skjul]<skriv loggfilen her>[/skjul] edit: Kan du se hva som er i mappen "C:\directory"? Endret 24. april 2010 av Submit Lenke til kommentar
Insomniatic Skrevet 24. april 2010 Forfatter Del Skrevet 24. april 2010 (endret) Her er nye HJT loggen: I mappen c:/directory er det en til mappe: cybergate, og inni der er en mappe CyberGate, og inni der er en mappe innstall, og inni der er server.exe når jeg klarer å slette directory, blir den automatisk gjenopprettet... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:28:54, on 24.04.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\directory\CyberGate\install\server.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\directory\CyberGate\install\server.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\Windows\system32\wbem\unsecapp.exe C:\directory\CyberGate\install\server.exe C:\Users\Michael\AppData\Local\Temp\RtkBtMnt.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\Users\Michael\Desktop\HiJackThis.exe C:\directory\CyberGate\install\server.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\Windows\System32\mobsync.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe C:\directory\CyberGate\install\server.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0409&m=aspire_5737z R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0409&m=aspire_5737z R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\directory\CyberGate\install\server.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\directory\CyberGate\install\server.exe O8 - Extra context menu item: Customize Translation Options - C:\Program Files\PRMT8\PRMTIE\options.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Online Dictionaries - C:\Program Files\PRMT8\PRMTIE\oda.htm O8 - Extra context menu item: Open Entry - C:\Program Files\PRMT8\PRMTIE\addentry.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Translate - C:\Program Files\PRMT8\PRMTIE\translat.htm O8 - Extra context menu item: Translate Page - C:\Program Files\PRMT8\PRMTIE\page.htm O8 - Extra context menu item: Unknown Words - C:\Program Files\PRMT8\PRMTIE\infopanel.htm O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10921 bytes Ser ikke ut til at å fixe de to hjalp. Som jeg sa, så gjenopprettes den hele tiden. Endret 24. april 2010 av Latterkongen Lenke til kommentar
norbat Skrevet 26. april 2010 Del Skrevet 26. april 2010 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32VC43T4-YCUA-55NK-Q1PG-6XXPXO33100E}] Folder:: c:\directory Endret 26. april 2010 av norbat Lenke til kommentar
Insomniatic Skrevet 27. april 2010 Forfatter Del Skrevet 27. april 2010 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{32VC43T4-YCUA-55NK-Q1PG-6XXPXO33100E}] Folder:: c:\directory Fiksa det med MBAM for noen dager siden, ellers takk for hjelpen Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå