Pc'n er nesten ødelagt!

38 innlegg i emnet

Skrevet

Hei, har en Acer Aspire 5720ZG, men nesten hver gang jeg slår på pc'n så fryser hele pc'n og må vente lenge før jeg kan få gjort noe, det er bare ''timeglass''

Og jeg kommer ikke inn på mine dokumenter eller noe bare de vinduende som popper opp er på en måte ''aktive''

Jeg får heller ikke tak i mine dokumenter som jeg driver med på skolen! Og lurer på om det er noe måte å få fikset dette på! Den baren helt nederst på skrivebordet er også ''død'' Noen måte å fikse dette på og samtidig få reddet viktige filer?

Tok virus scan før dette skjedde og den fant masse cookies og og en ''hidden driver'' men fikk ikke fjernet den..

Noen som har noen svar?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Forsøk å starte i sikker modus (tapp F8 under oppstart) og kjør ny skann med det programmet du bruker derfra.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

"Hidden Drive" er nokk den skjulte partisjonen som recovery systemet ligger på.. så denne skal du ikke gjøre noe med.

Du bør først starte i sikkerhetsmodus som anbefalt her, og se om du kan få rensket opp litt.

Fungerer ikke dette bør du nok ta en recovery på maskinen.

Det er flere måter å hente ut data på, ubuntu live CD er en måte, koble disken til en annen PC med en overgang er en annen.

Si fra om du ikke får sikkerhetsmodus til å fungere, så kan vi veilede deg gjennom en av de andre løsningene.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Tusen takk for svar! Skal starte i sikkerhetsmodus nå med en gang og så updater jeg når jeg har funnet ut noe!

Edit: Når jeg trykker F8 så er det noe som heter: Reparer Datamaskinen, kan det være noe?

Endret av HHXpert
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Ja ... fortsett

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Har nå gjennomført en virustest og fikk ikke sett noe før den restarta, da var den sikkert ferdig, prøvde å restarte den men så ikke ut til å fungere, holder nå på å brenne filene jeg virkelig trenger i tilfelle tilfelle, noen som har en løsning?

Og igjen: Når jeg trykker F8 er reparer datamaskinen et alternativ, kan det være noe? Tremger svar raskt da jeg kanskje sender den på rep i morra ..!

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Da er nok reparer pcen ett godt alternativ ja...

Endret av zerogoofy
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Du kunne ha kjørt Combofix (bruk en minnepenn til å overføre programmet hvis du har probl. med å hente den fra nett på aktuelle pc)

Hent Combofix, og legg det på skrivebordet

Kjør combofix.exe, og følg veiledningen.

Post loggfilen fra combofix (c:\combofix.txt)

Det med 'hidden driver' og at pc'n restarter sånn uten videre under/etter scan kan tyde på at du har en rootkit. Combofix kan i de fleste tilfeller ordne dette.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kommer til å brenne alle filene jeg trenger (17GB) på dvd, er det smart? Eller finnes det ca så mye plass eller noen par GB plass på nettet som jeg kan ha gratis?

Btw.

Her er loggen.

ComboFix 08-11-07.01 - Anders 2008-11-07 21:56:38.1 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1448 [GMT 1:00]

Running from: c:\users\Anders\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\acer\Empowering Technology\eRecovery\Autorun\SW1\Tuner\Liteon\Resources\_desktop.ini

c:\drv\Tuner\Yuan\Resources\_desktop.ini

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Internet Explorer.lnk

c:\users\Anders\AppData\Roaming\addon.dat

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url

c:\users\Anders\FAVORI~1\Download programs.url

c:\users\Anders\FAVORI~1\Games.url

c:\users\Anders\FAVORI~1\Translator.url

c:\users\Anders\FAVORI~1\Videos.url

c:\users\Anders\Favorites\Download programs.url

c:\users\Anders\Favorites\Games.url

c:\users\Anders\Favorites\Translator.url

c:\users\Anders\Favorites\Videos.url

c:\windows\system32\w3url.dll

c:\windows\system32\x64

.

((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-07 20:36 --------- d-----w c:\program files\SmartFTP Client 3.0 Setup Files

2008-11-07 17:05 --------- d-----w c:\program files\Steam

2008-11-07 16:26 75,326 ----a-w c:\users\Anders\AppData\Roaming\nvModes.dat

2008-11-06 20:17 --------- d-----w c:\program files\VstPlugins

2008-11-06 20:17 --------- d-----w c:\program files\Image-Line

2008-11-06 19:42 --------- d-----w c:\program files\Common Files\Steam

2008-11-06 17:08 --------- d-----w c:\users\Anders\AppData\Roaming\uTorrent

2008-11-06 15:24 --------- d-----w c:\program files\Guild Wars

2008-11-06 15:24 --------- d-----w c:\progra~2\Media Center Programs

2008-11-04 17:18 --------- d-----w c:\users\Anders\AppData\Roaming\LimeWire

2008-11-02 16:33 --------- d-----w c:\program files\Sports Interactive

2008-10-30 18:54 --------- d-----w c:\progra~2\Microsoft Help

2008-10-29 19:49 --------- d-----w c:\users\Anders\AppData\Roaming\Deusty

2008-10-29 19:38 --------- d-----w c:\program files\Deusty

2008-10-29 16:51 --------- d-----w c:\program files\Common Files\BCL Technologies

2008-10-29 16:51 --------- d-----w c:\program files\BCL Technologies

2008-10-29 16:30 --------- d-----w c:\program files\activePDF

2008-10-28 15:36 --------- d-----w c:\users\Anders\AppData\Roaming\CoreFTP

2008-10-25 19:49 --------- d-----w c:\program files\SystemRequirementsLab

2008-10-25 14:25 --------- d-----w c:\program files\CoreFTP

2008-10-24 17:09 --------- d-----w c:\users\Anders\AppData\Roaming\Dev-Cpp

2008-10-23 13:22 --------- d-----w c:\program files\iTunes

2008-10-23 13:22 --------- d-----w c:\program files\iPod

2008-10-23 13:22 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-23 12:57 --------- d-----w c:\program files\AirPort

2008-10-22 16:30 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-20 15:23 --------- d-----w c:\progra~2\OPPE

2008-10-19 19:25 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-19 19:25 --------- d-----w c:\program files\Okidata

2008-10-19 15:07 --------- d-----w c:\users\Anders\AppData\Roaming\Orbit

2008-10-19 14:56 --------- d-----w c:\program files\Orbitdownloader

2008-10-18 23:20 --------- d-----w c:\users\Anders\AppData\Roaming\TeamViewer

2008-10-18 23:20 --------- d-----w c:\program files\TeamViewer3

2008-10-18 14:39 --------- d-----w c:\program files\Windows Mail

2008-10-15 19:34 615,424 ----a-w c:\windows\System32\themeui.dll

2008-10-15 19:34 240,128 ----a-w c:\windows\System32\uxtheme.dll

2008-10-15 18:55 --------- d-----w c:\program files\TGTSoft

2008-10-15 18:38 --------- d-----w c:\program files\RK Launcher

2008-10-15 13:10 --------- d-----w c:\program files\FileZilla

2008-10-14 16:33 --------- d-----w c:\program files\Common Files\Stardock

2008-10-14 13:37 --------- d-----w c:\program files\Microsoft Visual Studio 9.0

2008-10-14 13:37 --------- d-----w c:\program files\Microsoft Synchronization Services

2008-10-14 13:37 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2008-10-14 13:37 --------- d-----w c:\program files\Microsoft SQL Server

2008-10-14 13:30 --------- d-----w c:\program files\Microsoft SDKs

2008-10-12 07:03 --------- d-----w c:\program files\Panda Security

2008-10-11 18:22 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys

2008-10-11 18:22 69,128 ----a-w c:\windows\system32\drivers\avgwfpx.sys

2008-10-11 18:22 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys

2008-10-11 18:22 10,520 ----a-w c:\windows\System32\avgrsstx.dll

2008-10-11 18:22 --------- d-----w c:\program files\AVG

2008-10-11 18:22 --------- d-----w c:\progra~2\Avg8

2008-10-11 18:16 --------- d-----w c:\program files\Common Files\Panda Software

2008-10-11 10:58 336,216 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck

2008-10-11 10:58 1,264 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck

2008-10-11 07:00 --------- d-----w c:\program files\Windows Live

2008-10-10 19:14 --------- d-----w c:\program files\Cheat Engine

2008-10-10 14:05 --------- d-----w c:\program files\Messenger Plus! Live

2008-10-10 13:59 --------- d-----w c:\progra~2\WLInstaller

2008-10-09 17:59 --------- d-----w c:\users\Anders\AppData\Roaming\Apple Computer

2008-10-09 15:50 --------- d-----w c:\program files\Orb Networks

2008-10-09 15:48 --------- d-----w c:\program files\FlashFXP

2008-10-08 19:15 --------- d-----w c:\program files\Sjekk passordet

2008-10-07 19:03 --------- d-----w c:\program files\Top Password

2008-10-06 18:27 --------- d-----w c:\users\Anders\AppData\Roaming\XBMC

2008-10-06 18:27 --------- d-----w c:\program files\XBMC

2008-10-05 16:04 --------- d-----w c:\program files\Zune

2008-10-02 18:48 --------- d---a-w c:\progra~2\TEMP

2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys

2008-10-01 09:46 --------- d-----w c:\program files\Red Kawa

2008-10-01 09:45 --------- d-----w c:\program files\AviSynth 2.5

2008-09-28 19:56 --------- d-----w c:\users\Anders\AppData\Roaming\cerasus.media

2008-09-27 15:36 --------- d-----w c:\program files\Windows Live Safety Center

2008-09-26 20:58 --------- d-----w c:\program files\Pacsteam

2008-09-25 12:39 --------- d-----w c:\users\Anders\AppData\Roaming\Audacity

2008-09-25 10:58 --------- d-----w c:\program files\Opera

2008-09-24 20:25 --------- d-----w c:\program files\LimeWire

2008-09-22 18:04 --------- d-----w c:\users\Anders\AppData\Roaming\Download Manager

2008-09-22 05:33 --------- d-----w c:\program files\Microsoft

2008-09-22 05:27 --------- d-----w c:\program files\Common Files\Windows Live

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-09-16 12:26 --------- d-----w c:\progra~2\Apple Computer

2008-09-16 05:44 --------- d-----w c:\program files\Bonjour

2008-09-16 05:43 --------- d-----w c:\program files\QuickTime

2008-09-16 05:43 --------- d-----w c:\program files\Common Files\Apple

2008-09-14 10:04 --------- d-----w c:\program files\MP3 Player Utilities 4.18

2008-09-14 08:15 --------- d-----w c:\program files\YouTube Downloader

2008-09-13 06:32 --------- d-----w c:\program files\Default Company Name

2008-09-12 16:48 245,664 ----a-w c:\windows\System32\ZuneWlanCfgSvc.exe

2008-09-11 01:02 --------- d-----w c:\program files\Microsoft Works

2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll

2008-08-22 10:08 878,592 ----a-w c:\windows\System32\wininet.dll

2008-08-22 10:07 43,008 ----a-w c:\windows\System32\licmgr10.dll

2008-08-22 10:07 18,944 ----a-w c:\windows\System32\corpol.dll

2008-08-22 10:06 72,704 ----a-w c:\windows\System32\admparse.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-25 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8470528]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-25 81920]

"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-11 1235736]

"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2008-05-20 737280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-14 3450608]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-09 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2007-12-29 10:43 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 13:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

--a------ 2008-01-19 08:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-10-08 17:54 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{729B66D6-00F1-416B-A5E9-9A8255A47FBB}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{C01F176F-41CC-4DF0-9FC0-E40B94DF7765}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{E47AD20F-63D3-4F9A-A7F7-4BAE53E638CB}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{AAE65792-0A60-4482-A603-4647BA443C9E}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{C28D3D9E-3619-474C-9BB7-65473D255C5C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F97C3EAC-DB0F-40C2-BCD5-E319311C9D13}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{883B63BF-735B-4C41-8EAC-92D1C18B9080}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{875D428F-CFE0-4D6E-AD53-23A3CC6833B2}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{22236B72-2CD9-4A19-AB66-48176FB88E3A}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"TCP Query User{4BCDFB97-7529-4A36-9F11-5EFD81CEEBD5}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{D78D73BE-C5CC-47A2-823D-12C1F64C3D49}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{10E86AEA-4550-4F87-9D6E-EB1F8A43ADFC}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{51CEC3BB-35E2-457C-A103-EABCC8FD4186}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"{9650A7EA-C467-4416-8EF3-E95DD9223C44}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{71CF4718-8202-416F-A1B7-B5A8AAB540EE}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{1A0BB5F4-F9E4-4109-B32D-6A41F1FD8F7C}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{F7240952-D8C3-42BE-927E-2B623019D930}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"{1CAE8AA0-836C-4203-8874-E79E8EFAF07D}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C0392AEE-958F-4D9B-AEED-72C1DCB9BD55}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{A458E30F-B384-493D-8944-7F7E233F416B}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{2AEC5274-F00E-47FF-A095-CB922DD8AA2E}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{E223E0ED-334A-4F03-B18F-46474CDA1AD5}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{13B27DDD-4698-41BF-8786-192CD753CC82}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{16DBAA60-B0E6-452C-AC91-8FE666CEB30F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{7D776646-6016-40A5-B6A3-04D55CD518FB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{CCFA0AC0-E0BE-4A23-97A6-56B2CCEE4525}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{F4B31D0B-ECEF-45B5-8C6E-4360B2B24700}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{FB917582-295C-4432-80A7-706F0C5A5FBD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3CFE83D4-7030-4ECE-AA19-1FD5CA5B5F09}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F92DC31C-4E7E-4613-9F90-EECCC241F538}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{967167C0-34F3-43B6-A212-6EDD969F7CAB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{F43A7333-90DD-498E-AE09-EC2066CE3DFF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{0E944415-688C-40E2-952C-353F7B67C70A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{EF1259BE-8B74-4498-A4F9-51F1BC7262D8}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

"{D859E729-9560-4702-A71D-7C76431E34D3}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

"{3CF74010-6C66-48DE-9EB1-A100C32C70AA}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb

"{C5363BB8-9411-4272-8E86-0E90BC4F2D75}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb

"{00FB04F1-0BA2-4E9F-B89E-76BC55E84E5A}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray

"{154FA116-6C84-48F9-85D3-B65E7FBCCB3F}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray

"{0F0154AF-6557-48F2-B0FF-0EC6B079F075}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR

"{6C41C829-B4F6-40EF-88B5-37661C66BB80}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR

"{CC21B2EF-83EC-4FE7-82EF-A0EDE21706B3}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client

"{01C093A2-814B-4B3D-942F-3866910141D0}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client

"{A035ACE1-912C-49DF-B551-3B8FA3DBE59D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{F6779F7C-E066-4D15-A770-8CBBEC3E1D16}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{F01A644C-98C6-408F-9CB3-996009091779}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{BF2C63E3-FC42-46E4-B68C-3A72F91C6DED}c:\\program files\\steam\\steamapps\\joystick95\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\joystick95\counter-strike source\hl2.exe:hl2

"UDP Query User{0ADB8A40-EB6B-4772-A992-A40A0D5E5BA7}c:\\program files\\steam\\steamapps\\joystick95\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\joystick95\counter-strike source\hl2.exe:hl2

"TCP Query User{090848E7-CB6E-4863-B9E1-2F3F13A69DBF}c:\\program files\\steam\\steamapps\\joystick95\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\joystick95\synergy\hl2.exe:hl2

"UDP Query User{14AF81AA-CBDB-4676-A5F9-DBA66034DAFE}c:\\program files\\steam\\steamapps\\joystick95\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\joystick95\synergy\hl2.exe:hl2

"{FD6C5868-04F6-40D8-BFC3-91646438598B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{468B9FB5-ACDC-4FD0-B033-7D3AF3A43335}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"{F9D32546-CDDC-4CC7-A48C-FA7800958FCE}"= UDP:c:\program files\AirPort\APAgent.exe:APAgent

"{C23183EE-07AF-4DA5-9486-D14102359FBA}"= TCP:c:\program files\AirPort\APAgent.exe:APAgent

"{594E343D-206B-403C-8095-3B390463F877}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{CFD1B355-393C-414C-8326-4FB8E43F632A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{E08C2ACD-65CC-4E61-AA5B-DC18370C4B07}"= UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo

"{F470ABB0-E5B7-4B7F-B77F-EC222779C9EF}"= TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-10-11 12936]

R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys [2007-04-24 142128]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-11 97928]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51 13560]

S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2007-06-06 46904]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-11 231704]

S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-10-11 1220888]

S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2008-08-20 13880]

S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2008\PskSvc.exe [ ]

S2 RealChat;RealChat;c:\inetpub\RealChat\realchat.exe [2008-04-25 138752]

S2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]

S3 AvgWfpX;Avg Firewall driver;c:\windows\system32\drivers\avgwfpx.sys [2008-10-11 69128]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]

S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2008-06-02 151552]

S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-11-05 99576]

S3 UMPass;Microsoft UMPass Driver;c:\windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]

S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\windows\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fafa94b-2fe3-11dd-ac54-806e6f6e6963}]

\shell\AutoRun\command - E:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{643b5339-7264-11dd-b94c-001b38674d06}]

\shell\AutoRun\command - G:\Autorun.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - ECACHE

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

HKLM-RunOnce-<NO NAME> - (no file)

Notify-avldr - avldr.dll

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\users\Anders\AppData\Roaming\Mozilla\Firefox\Profiles\p5t52l08.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - dataogit.moo.no

FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF -: plugin - c:\program files\Opera\program\plugins\NPOFF12.DLL

FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-07 22:02:06

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2008-11-07 22:05:15

ComboFix-quarantined-files.txt 2008-11-07 21:04:12

Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Post-Run: 37,967,974,400 byte ledig

330 --- E O F --- 2008-11-05 13:06:08

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Slette denne! Beklager dobbelpost..

Endret av HHXpert
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Kjører du med 2 antivirus-løsninger (AVG og Panda) ?

Hvis, så avinstallerer du det ene.

Å brenne ut backup på DVD er smart det. Alt. hadde vært og lagt backup på en ekstern hdd, men det har du kanskje ikke tilgjengelig?

Har du mulighet til å kjøre en scan med MBAM, så gjør du det også:

Last ned Malwarebytes Anti-Malware (MBAM) til skrivebordet.

Kjør og installer programmet. Velg Norsk-språk

La programmet oppdatere seg og velg å kjør en 'hurtig systemscan', klikk Skann.

Det kommer en meldingsboks om at scannen er ferdig, klikk Ok

Klikk på 'Vis resultat'-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet.

Klikk så på Fjern valgte -knappen for å fjerne malwaren som ble funnet.

MBAM vil i en del tilfeller be om en restart av pc'n.

Det vil deretter åpnes en logg i notisblokk. Den kopiere du og poster om den finner noe.

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Om ikke det fungerer ordentlig nå så sender jeg den på rep!

Prøvde å skanne den i vanlig modus men da ble den blue screen etter 4 min. så den fungerte i sikkerhetsmodus, den har nett nå, og den starter! Men mappe miniatyrbildet finnes ikke lenger :S Det vises ikke at det er en mappe ..

Men her er loggen fra MBAM:

Malwarebytes' Anti-Malware 1.30

Database versjon: 1373

Windows 6.0.6001 Service Pack 1

08.11.2008 10:13:25

mbam-log-2008-11-08 (10-13-25).txt

Skanntype: Rask Skann

Objekter skannet: 47912

Tid tilbakelagt: 4 minute(s), 48 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

Kan noen skjekke Hijack This OG denne loggen?

Og så tar jeg en virustest til!

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Probl. ditt med bluescreen kan skyldes at du kjører med AVG og Panda. Hvis det er AVG du bruker, så kan du bruke Panda Uninstaller til å fjerne det.

En hjt-logg sier ikke noe mer enn combofix-loggen, men du kan gjerne poste en hjt-logg om du ønsker.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Mente Combofix :P

Men er det noen som har en idë om hva jeg kan gjøre for å få pc'n til å fungere 100% igjen? Kan det å kjøpe en ekstern harddisk, legge over alt jeg skal ha, og så formatere?

Hva skal jeg gjøre nå?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

En formatering vil løse problemene dine :), og hvis det er det du ønsker, så er det jo bare å kjøre i vei (etter at du har tatt backup av dine filer).

Men om du har tid til å fortsette litt til: Har du fjernet ett av dine antivirusprog?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Nei, har ikke fjernet det, skal det nå! Men den trengte reeboot, og har gjort det nå .. Men gjorde det mannuelt, og ikke sånn som de sa i CMD,, håper det går bra? Den sa iallefall at den trengte reeboot og jeg gjorde det selv;P

Hva nå?En virustest til?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Du kan kjøre combofix igjen, så ser vi om noe bør fjernes manuelt ut fra loggen den lager.

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Kommer tilbake om 3 timer, fortsett med innlegg! Og tips... Skal handle :D Kjører combofix nå ..

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Her er loggen etter AVG Antivirus scan.

ComboFix 08-11-07.01 - Anders 2008-11-08 11:48:44.1 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1637 [GMT 1:00]

Running from: c:\users\Anders\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-07 21:39 --------- d-----w c:\users\Anders\AppData\Roaming\Malwarebytes

2008-11-07 21:39 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-11-07 21:39 --------- d-----w c:\progra~2\Malwarebytes

2008-11-07 20:36 --------- d-----w c:\program files\SmartFTP Client 3.0 Setup Files

2008-11-07 17:05 --------- d-----w c:\program files\Steam

2008-11-07 16:26 75,326 ----a-w c:\users\Anders\AppData\Roaming\nvModes.dat

2008-11-06 20:17 --------- d-----w c:\program files\VstPlugins

2008-11-06 20:17 --------- d-----w c:\program files\Image-Line

2008-11-06 19:42 --------- d-----w c:\program files\Common Files\Steam

2008-11-06 17:08 --------- d-----w c:\users\Anders\AppData\Roaming\uTorrent

2008-11-06 15:24 --------- d-----w c:\program files\Guild Wars

2008-11-06 15:24 --------- d-----w c:\progra~2\Media Center Programs

2008-11-04 17:18 --------- d-----w c:\users\Anders\AppData\Roaming\LimeWire

2008-11-02 16:33 --------- d-----w c:\program files\Sports Interactive

2008-10-30 18:54 --------- d-----w c:\progra~2\Microsoft Help

2008-10-29 19:49 --------- d-----w c:\users\Anders\AppData\Roaming\Deusty

2008-10-29 19:38 --------- d-----w c:\program files\Deusty

2008-10-29 16:51 --------- d-----w c:\program files\Common Files\BCL Technologies

2008-10-29 16:51 --------- d-----w c:\program files\BCL Technologies

2008-10-29 16:30 --------- d-----w c:\program files\activePDF

2008-10-28 15:36 --------- d-----w c:\users\Anders\AppData\Roaming\CoreFTP

2008-10-25 19:49 --------- d-----w c:\program files\SystemRequirementsLab

2008-10-25 14:25 --------- d-----w c:\program files\CoreFTP

2008-10-24 17:09 --------- d-----w c:\users\Anders\AppData\Roaming\Dev-Cpp

2008-10-23 13:22 --------- d-----w c:\program files\iTunes

2008-10-23 13:22 --------- d-----w c:\program files\iPod

2008-10-23 13:22 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-23 12:57 --------- d-----w c:\program files\AirPort

2008-10-22 16:30 --------- d-----w c:\program files\Microsoft Silverlight

2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-20 15:23 --------- d-----w c:\progra~2\OPPE

2008-10-19 19:25 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-19 19:25 --------- d-----w c:\program files\Okidata

2008-10-19 15:07 --------- d-----w c:\users\Anders\AppData\Roaming\Orbit

2008-10-19 14:56 --------- d-----w c:\program files\Orbitdownloader

2008-10-18 23:20 --------- d-----w c:\users\Anders\AppData\Roaming\TeamViewer

2008-10-18 23:20 --------- d-----w c:\program files\TeamViewer3

2008-10-18 14:39 --------- d-----w c:\program files\Windows Mail

2008-10-15 19:34 615,424 ----a-w c:\windows\System32\themeui.dll

2008-10-15 19:34 240,128 ----a-w c:\windows\System32\uxtheme.dll

2008-10-15 18:55 --------- d-----w c:\program files\TGTSoft

2008-10-15 18:38 --------- d-----w c:\program files\RK Launcher

2008-10-15 13:10 --------- d-----w c:\program files\FileZilla

2008-10-14 16:33 --------- d-----w c:\program files\Common Files\Stardock

2008-10-14 13:37 --------- d-----w c:\program files\Microsoft Visual Studio 9.0

2008-10-14 13:37 --------- d-----w c:\program files\Microsoft Synchronization Services

2008-10-14 13:37 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2008-10-14 13:37 --------- d-----w c:\program files\Microsoft SQL Server

2008-10-14 13:30 --------- d-----w c:\program files\Microsoft SDKs

2008-10-11 18:22 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys

2008-10-11 18:22 69,128 ----a-w c:\windows\system32\drivers\avgwfpx.sys

2008-10-11 18:22 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys

2008-10-11 18:22 10,520 ----a-w c:\windows\System32\avgrsstx.dll

2008-10-11 18:22 --------- d-----w c:\program files\AVG

2008-10-11 18:22 --------- d-----w c:\progra~2\Avg8

2008-10-11 18:16 --------- d-----w c:\program files\Common Files\Panda Software

2008-10-11 10:58 336,216 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck

2008-10-11 10:58 1,264 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck

2008-10-11 07:00 --------- d-----w c:\program files\Windows Live

2008-10-10 19:14 --------- d-----w c:\program files\Cheat Engine

2008-10-10 14:05 --------- d-----w c:\program files\Messenger Plus! Live

2008-10-10 13:59 --------- d-----w c:\progra~2\WLInstaller

2008-10-09 17:59 --------- d-----w c:\users\Anders\AppData\Roaming\Apple Computer

2008-10-09 15:50 --------- d-----w c:\program files\Orb Networks

2008-10-09 15:48 --------- d-----w c:\program files\FlashFXP

2008-10-08 19:15 --------- d-----w c:\program files\Sjekk passordet

2008-10-07 19:03 --------- d-----w c:\program files\Top Password

2008-10-06 18:27 --------- d-----w c:\users\Anders\AppData\Roaming\XBMC

2008-10-06 18:27 --------- d-----w c:\program files\XBMC

2008-10-05 16:04 --------- d-----w c:\program files\Zune

2008-10-02 18:48 --------- d---a-w c:\progra~2\TEMP

2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys

2008-10-01 09:46 --------- d-----w c:\program files\Red Kawa

2008-10-01 09:45 --------- d-----w c:\program files\AviSynth 2.5

2008-09-28 19:56 --------- d-----w c:\users\Anders\AppData\Roaming\cerasus.media

2008-09-27 15:36 --------- d-----w c:\program files\Windows Live Safety Center

2008-09-26 20:58 --------- d-----w c:\program files\Pacsteam

2008-09-25 12:39 --------- d-----w c:\users\Anders\AppData\Roaming\Audacity

2008-09-25 10:58 --------- d-----w c:\program files\Opera

2008-09-24 20:25 --------- d-----w c:\program files\LimeWire

2008-09-22 18:04 --------- d-----w c:\users\Anders\AppData\Roaming\Download Manager

2008-09-22 05:33 --------- d-----w c:\program files\Microsoft

2008-09-22 05:27 --------- d-----w c:\program files\Common Files\Windows Live

2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll

2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll

2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys

2008-09-16 12:26 --------- d-----w c:\progra~2\Apple Computer

2008-09-16 05:44 --------- d-----w c:\program files\Bonjour

2008-09-16 05:43 --------- d-----w c:\program files\QuickTime

2008-09-16 05:43 --------- d-----w c:\program files\Common Files\Apple

2008-09-14 10:04 --------- d-----w c:\program files\MP3 Player Utilities 4.18

2008-09-14 08:15 --------- d-----w c:\program files\YouTube Downloader

2008-09-13 06:32 --------- d-----w c:\program files\Default Company Name

2008-09-12 16:48 245,664 ----a-w c:\windows\System32\ZuneWlanCfgSvc.exe

2008-09-11 01:02 --------- d-----w c:\program files\Microsoft Works

2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248]

"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-25 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-25 8470528]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-25 81920]

"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-09-12 160160]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-11 1235736]

"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2008-05-20 737280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"DelUninstallPath"="RD" [X]

"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

c:\users\Anders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-14 3450608]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-08-09 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2007-12-29 10:43 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 13:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

--a------ 2008-01-19 08:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-10-08 17:54 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2008-01-19 08:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{729B66D6-00F1-416B-A5E9-9A8255A47FBB}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{C01F176F-41CC-4DF0-9FC0-E40B94DF7765}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{E47AD20F-63D3-4F9A-A7F7-4BAE53E638CB}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{AAE65792-0A60-4482-A603-4647BA443C9E}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{C28D3D9E-3619-474C-9BB7-65473D255C5C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F97C3EAC-DB0F-40C2-BCD5-E319311C9D13}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{883B63BF-735B-4C41-8EAC-92D1C18B9080}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{875D428F-CFE0-4D6E-AD53-23A3CC6833B2}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{22236B72-2CD9-4A19-AB66-48176FB88E3A}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"TCP Query User{4BCDFB97-7529-4A36-9F11-5EFD81CEEBD5}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{D78D73BE-C5CC-47A2-823D-12C1F64C3D49}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{10E86AEA-4550-4F87-9D6E-EB1F8A43ADFC}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{51CEC3BB-35E2-457C-A103-EABCC8FD4186}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

"{9650A7EA-C467-4416-8EF3-E95DD9223C44}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{71CF4718-8202-416F-A1B7-B5A8AAB540EE}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"TCP Query User{1A0BB5F4-F9E4-4109-B32D-6A41F1FD8F7C}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"UDP Query User{F7240952-D8C3-42BE-927E-2B623019D930}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

"{1CAE8AA0-836C-4203-8874-E79E8EFAF07D}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C0392AEE-958F-4D9B-AEED-72C1DCB9BD55}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{A458E30F-B384-493D-8944-7F7E233F416B}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{2AEC5274-F00E-47FF-A095-CB922DD8AA2E}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{E223E0ED-334A-4F03-B18F-46474CDA1AD5}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{13B27DDD-4698-41BF-8786-192CD753CC82}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{16DBAA60-B0E6-452C-AC91-8FE666CEB30F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{7D776646-6016-40A5-B6A3-04D55CD518FB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{CCFA0AC0-E0BE-4A23-97A6-56B2CCEE4525}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{F4B31D0B-ECEF-45B5-8C6E-4360B2B24700}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{FB917582-295C-4432-80A7-706F0C5A5FBD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3CFE83D4-7030-4ECE-AA19-1FD5CA5B5F09}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F92DC31C-4E7E-4613-9F90-EECCC241F538}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{967167C0-34F3-43B6-A212-6EDD969F7CAB}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{F43A7333-90DD-498E-AE09-EC2066CE3DFF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{0E944415-688C-40E2-952C-353F7B67C70A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{EF1259BE-8B74-4498-A4F9-51F1BC7262D8}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

"{D859E729-9560-4702-A71D-7C76431E34D3}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

"{3CF74010-6C66-48DE-9EB1-A100C32C70AA}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb

"{C5363BB8-9411-4272-8E86-0E90BC4F2D75}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb

"{00FB04F1-0BA2-4E9F-B89E-76BC55E84E5A}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray

"{154FA116-6C84-48F9-85D3-B65E7FBCCB3F}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray

"{0F0154AF-6557-48F2-B0FF-0EC6B079F075}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR

"{6C41C829-B4F6-40EF-88B5-37661C66BB80}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR

"{CC21B2EF-83EC-4FE7-82EF-A0EDE21706B3}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client

"{01C093A2-814B-4B3D-942F-3866910141D0}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client

"{A035ACE1-912C-49DF-B551-3B8FA3DBE59D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{F6779F7C-E066-4D15-A770-8CBBEC3E1D16}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{F01A644C-98C6-408F-9CB3-996009091779}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{BF2C63E3-FC42-46E4-B68C-3A72F91C6DED}c:\\program files\\steam\\steamapps\\joystick95\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\joystick95\counter-strike source\hl2.exe:hl2

"UDP Query User{0ADB8A40-EB6B-4772-A992-A40A0D5E5BA7}c:\\program files\\steam\\steamapps\\joystick95\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\joystick95\counter-strike source\hl2.exe:hl2

"TCP Query User{090848E7-CB6E-4863-B9E1-2F3F13A69DBF}c:\\program files\\steam\\steamapps\\joystick95\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\joystick95\synergy\hl2.exe:hl2

"UDP Query User{14AF81AA-CBDB-4676-A5F9-DBA66034DAFE}c:\\program files\\steam\\steamapps\\joystick95\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\joystick95\synergy\hl2.exe:hl2

"{FD6C5868-04F6-40D8-BFC3-91646438598B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{468B9FB5-ACDC-4FD0-B033-7D3AF3A43335}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"{F9D32546-CDDC-4CC7-A48C-FA7800958FCE}"= UDP:c:\program files\AirPort\APAgent.exe:APAgent

"{C23183EE-07AF-4DA5-9486-D14102359FBA}"= TCP:c:\program files\AirPort\APAgent.exe:APAgent

"{594E343D-206B-403C-8095-3B390463F877}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{CFD1B355-393C-414C-8326-4FB8E43F632A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{E08C2ACD-65CC-4E61-AA5B-DC18370C4B07}"= UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo

"{F470ABB0-E5B7-4B7F-B77F-EC222779C9EF}"= TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-10-11 12936]

R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-03-07 32256]

R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys [2007-04-24 142128]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-11 97928]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 15:51 13560]

S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2007-06-06 46904]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-11 231704]

S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-10-11 1220888]

S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2008-08-20 13880]

S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2008\PskSvc.exe [ ]

S2 RealChat;RealChat;c:\inetpub\RealChat\realchat.exe [2008-04-25 138752]

S2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]

S3 AvgWfpX;Avg Firewall driver;c:\windows\system32\drivers\avgwfpx.sys [2008-10-11 69128]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]

S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2008-06-02 151552]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]

S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-11-05 99576]

S3 UMPass;Microsoft UMPass Driver;c:\windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]

S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\windows\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fafa94b-2fe3-11dd-ac54-806e6f6e6963}]

\shell\AutoRun\command - E:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{643b5339-7264-11dd-b94c-001b38674d06}]

\shell\AutoRun\command - G:\Autorun.exe

.

- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\users\Anders\AppData\Roaming\Mozilla\Firefox\Profiles\p5t52l08.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - dataogit.moo.no

FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll

FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF -: plugin - c:\program files\Opera\program\plugins\NPOFF12.DLL

FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-08 11:53:01

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-11-08 11:57:09

ComboFix-quarantined-files.txt 2008-11-08 10:56:27

ComboFix2.txt 2008-11-07 21:05:16

Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Post-Run: 37,870,084,096 byte ledig

309 --- E O F --- 2008-11-05 13:06:08

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet (endret)

Hvis det er Panda du har fjernet, så gjør du følgnede:

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

File::

c:\windows\system32\DRIVERS\amm8660.sys

c:\windows\system32\DRIVERS\netimflt.sys

c:\windows\system32\DRIVERS\COMFiltr.sys

Folder::

c:\program files\Common Files\Panda Software

Driver::

PskSvcRetail

ComFiltr

AmFSM;AmFSM

NETIMFLT

Vurder om følgnede program er noe du må ha, hvis ikke, avinstaller det:

Messenger Plus! Live

Sjekk om du får kjørt en skann med MBAM nå.

Endret av norbat
0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Gjorde nå det du sa .. Og nå får jeg ikke lenger internett!! Hva kan jeg nå gjøre? Bare brenne over alt jeg skal ha og så formatere eller hva?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Klikk: Start->Kjør

Skriv: cmd

Høykrelikk på cmd.exe og velg kjør som administrator

Skriv: netsh winsock reset catalog

Restart pc'n

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Hva gjør det? Og forrseten pc'n fryser ofte nå .. Til og med når jeg bare brenner en dvd!

OMG. Hva kan jeg gjøre?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Det funka ikke :S Har reboota og alt men ingenting fungerer! ... -.- ...

Hva nå?

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Skrevet

Det funka ikke :S Har reboota og alt men ingenting fungerer! ... -.- ...

Hva nå?

Formater pc-en din :)

0

Del dette innlegget


Lenke til innlegg
Del på andre sider

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!


Start en konto

Logg inn

Har du allerede en konto? Logg inn her.


Logg inn nå

  • Hvem er aktive   0 medlemmer

    Ingen innloggede medlemmer aktive