Avatar billede vilandt Nybegynder
13. juni 2008 - 19:03 Der er 16 kommentarer og
2 løsninger

Virus/Browser hijack?

Hej alle,

Jeg har fået et lille problem, hver gang jeg åbner eller skifter side, popper der en meddelelse op. Det er pænt belastende, og jeg har prøvet alt for at fjerne den. Så nu er der kun en ting at gøre, og det er at spørge jer ekspoerter.

Den skriver:

Attention Lars! Some dangerous trojan horses detected in your system. Windows Vista (TM) Home Premium files corrupted. This may lead to the destruction of important files in C:\Windows Download protection software now!

Click ok top download the antispyware:(Recommended)

Jeg håber at i kan hjælpe, for jeg er ved at være desperat.
13. juni 2008 - 19:20 #1
"Det ska' vi nok klare sammen" *S*

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

------------------
Avatar billede vilandt Nybegynder
13. juni 2008 - 20:01 #2
Så er der en logfil:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:24, on 13-06-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Lars Vilandt\Desktop\hijack\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: RAW Ext - {94EDC7BA-1D2A-4DEA-9199-1DEB916BD6F6} - C:\WINDOWS\pusant32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12189 bytes
13. juni 2008 - 20:26 #3
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: RAW Ext - {94EDC7BA-1D2A-4DEA-9199-1DEB916BD6F6} - C:\WINDOWS\pusant32.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

Genstart normalt, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------
Avatar billede vilandt Nybegynder
13. juni 2008 - 20:47 #4
Hej du,

her er den sidste logfil, håber den ser god ud ;o)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:49, on 13-06-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Users\Lars Vilandt\Desktop\hijack\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9627 bytes
13. juni 2008 - 22:06 #5
BINGO...

Hvordan kører PC'en så nu ?
13. juni 2008 - 22:08 #6
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Safe Surfing...

--------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

--------------

Husk M$ ServicePack1 til Vista -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=f559842a-9c9b-4579-b64a-09146a0ba746
Avatar billede vilandt Nybegynder
14. juni 2008 - 00:15 #7
Hej karise_larry

Det ser ud som om jeg er sluppet af med det hele, 1000 tak for hjælpen :o) Jeg sender 200 p med det samme.

Lars
14. juni 2008 - 07:56 #8
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

Husk M$ ServicePack1 til Vista -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=f559842a-9c9b-4579-b64a-09146a0ba746
Avatar billede vilandt Nybegynder
15. juni 2008 - 08:52 #9
Hej karise_larry

Har du modtaget dine point?? Jeg har accepteret, men jeg kan ikke se om du har modtaget dem??


Vilandt
15. juni 2008 - 11:40 #10
(Du har ikke fortalt systemet HVEM du har [Accepteret] - du skal lige makere mit navn i boxen venstre og DEREFTER [Acceptere] ...)
http://expfaq.dk/behandling_af_svar#behandling_af_svar
Avatar billede vilandt Nybegynder
04. juli 2008 - 01:31 #11
Hej karise_larry

Hmm det ser ud som om jeg har fået noget igen, kan du hjælpe mig??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:30:26, on 04-07-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Users\LARSVI~1\AppData\Local\Temp\atmadm2.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lars Vilandt\Documents\hijack\HiJackThis.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 2484 bytes


Hilsen vilandt
04. juli 2008 - 06:35 #12
(Der mangler vist en hel del i din log ???)
Avatar billede vilandt Nybegynder
04. juli 2008 - 23:03 #13
Hej Prøver lige igen, håber at det er bedre :o)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:01, on 04-07-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Program Files\UseNeXT\UseNeXT.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Lars Vilandt\Documents\hijack\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: nqgpedlr - {DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - C:\Windows\nqgpedlr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqPjHyV.dll,#1
O4 - HKLM\..\Run: [9a2aa44e] rundll32.exe "C:\Windows\system32\dmfqobmj.dll",b
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O21 - SSODL: axrfgvek - {36EDA8C6-160B-4F1E-92AA-601ED81A476D} - C:\Windows\axrfgvek.dll
O21 - SSODL: okmdepgb - {13DCEE36-4725-46DD-80C1-5712BFD9F81D} - C:\Windows\okmdepgb.dll
O21 - SSODL: VoidSDRAM - {2b79bc28-fe6a-4a2f-aad0-ddb0d34d5325} - C:\Windows\Resources\VoidSDRAM.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9753 bytes
05. juli 2008 - 08:05 #14
Hvad har du haft 'gang i' siden det SNAVS er kommet indenbords ?
Noget af det kan jeg selv svare på: M$ Vista ServicePack1 + efterfølgende WindowsUpdate ???

Jeg har lige kørt en Vista op => ~80Mb WindowsUpdate elementer + nævnte SP1. Det har du vist ikke gennemført ?
05. juli 2008 - 08:06 #15
Så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
PS: Brug stadig denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Jo - virker også under Vista...
Avatar billede vilandt Nybegynder
05. juli 2008 - 12:18 #16
Hej igen, ja det er noget snavs jeg har fået ind, men sådan er det når ens 2 nevøer  sidder og roder med ens pc :o)

Første log fil:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:55, on 05-07-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lars Vilandt\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D0CF1C11-4503-4114-996E-E687D4E86057} - C:\Windows\system32\urQKCVMf.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [9a2aa44e] rundll32.exe "C:\Windows\system32\dmfqobmj.dll",b
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9935 bytes





Anden log fil:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/05/2008 at 10:29 AM

Application Version : 4.0.1154

Core Rules Database Version : 3497
Trace Rules Database Version: 1404

Scan type      : Complete Scan
Total Scan Time : 00:24:06

Memory items scanned      : 216
Memory threats detected  : 1
Registry items scanned    : 7877
Registry threats detected : 38
File items scanned        : 19298
File threats detected    : 97

Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\URQKCVMF.DLL
    C:\WINDOWS\SYSTEM32\URQKCVMF.DLL

Trojan.Vundo-Variant/Small
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}
    HKCR\CLSID\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}
    HKCR\CLSID\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}\InprocServer32
    HKCR\CLSID\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\URQPJHYV.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}

Trojan.Vundo-Variant/Small-GEN
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0CF1C11-4503-4114-996E-E687D4E86057}
    HKCR\CLSID\{D0CF1C11-4503-4114-996E-E687D4E86057}
    HKCR\CLSID\{D0CF1C11-4503-4114-996E-E687D4E86057}\InprocServer32
    HKCR\CLSID\{D0CF1C11-4503-4114-996E-E687D4E86057}\InprocServer32#ThreadingModel

Trojan.Net-MSV/VPS-Variant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}
    HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}
    HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}
    HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\InprocServer32
    HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\InprocServer32#ThreadingModel
    HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\ProgID
    HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\Programmable
    HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\TypeLib
    HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\VersionIndependentProgID
    C:\WINDOWS\KGQFWELTGBN.DLL

Trojan.Unclassified/GTS
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}
    HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}
    HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}
    HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\InprocServer32
    HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\InprocServer32#ThreadingModel
    HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\ProgID
    HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\Programmable
    HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\TypeLib
    HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\VersionIndependentProgID
    HKCR\nqgpedlr.1
    HKCR\nqgpedlr
    HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}
    HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}\1.0
    HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}\1.0\0
    HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}\1.0\0\win32
    HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}\1.0\FLAGS
    HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}\1.0\HELPDIR
    C:\WINDOWS\NQGPEDLR.DLL

Trojan.Net-MU/Gen
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName

Trojan.AnyCracks/Gen
    C:\USERS\LARS VILANDT\APPDATA\ROAMING\MICROSOFT\DTSC\5499.EXE

Adware.Tracking Cookie
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.googleadservices[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.googleadservices[3].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ad.yieldmanager[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@bluestreak[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ad.bolddk[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@revsci[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.googleadservices[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@mediaplex[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.fullreleases[3].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@edge.ru4[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.fullreleases[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@stats.gamestop[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@valueclick[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adlegend[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@server.iad.liveperson[3].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@server.iad.liveperson[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@indextools[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@xiti[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@anad.tacoda[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@anat.tacoda[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@fastclick[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@overture[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@msnportal.112.2o7[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@media.adrevolver[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@usenext[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@eas.apm.emediate[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@serv12.bluffmedia[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@statse.webtrendslive[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@atdmt[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@208.122.40[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@searchfeed[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@wwsop2008.122.2o7[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@208.122.40[3].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ads.tripod.lycos[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@edcgruppen.112.2o7[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@bs.serving-sys[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@tribalfusion[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adtech[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adfair[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@apmebf[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@crackdb[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@burstnet[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adbrite[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@richmedia.yahoo[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@spylog[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adrevolver[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.burstnet[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@serving-sys[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@stat.onestat[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@atwola[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@track.adform[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ad2.doublepimp[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@warezreleases[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adinterax[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@2o7[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@tradedoubler[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@clicktorrent[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@questionmarket[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@specificclick[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@imrworldwide[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@msnaccountservices.112.2o7[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@advertising[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ads.revsci[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@doubleclick[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@telmore.112.2o7[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@e2.emediate[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@anheuserbusch.122.2o7[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@forum.usenext[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@yadro[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ilead.itrack[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@playnetwork.112.2o7[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@crackserialkeygen[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@tacoda[1].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@bold.adservinginternational[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ads.pointroll[2].txt
    C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@dynamic.media.adrevolver[2].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@iacas.adbureau[1].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@mediaplex[1].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@msnportal.112.2o7[1].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@atdmt[2].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@bs.serving-sys[2].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adtech[1].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@serving-sys[2].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@track.adform[2].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@specificclick[1].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@advertising[2].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@doubleclick[1].txt
    C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adopt.specificclick[2].txt

Adware.Vundo-Variant/J
    C:\WINDOWS\AXRFGVEK.DLL

Trojan.Dropper/Gen
    C:\WINDOWS\ENWA.EXE
    C:\WINDOWS\MRVTDPQE.EXE

Adware.Vundo/Variant
    C:\WINDOWS\OKMDEPGB.DLL




Og så den sidte Log fil:


ComboFix 08-07-04.3 - Lars Vilandt 2008-07-05 12:00:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.1.1030.18.1155 [GMT 2:00]
Running from: C:\Users\Lars Vilandt\Desktop\virus\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\dtsc
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\dtsc\16096.dll
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\dtsc\17676.dll
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\dtsc\id
C:\Windows\resources\VoidSDRAM.dll
C:\Windows\System32\778670
C:\Windows\System32\778670\778670.dll
C:\Windows\system32\bitnefcr.dll
C:\WINDOWS\System32\fMVCKQru.ini
C:\WINDOWS\System32\fMVCKQru.ini2
C:\WINDOWS\System32\JkkmoUtv.ini
C:\WINDOWS\System32\JkkmoUtv.ini2
C:\Windows\system32\jmboqfmd.ini
C:\Windows\system32\oixmnqvb.ini
C:\Windows\system32\rcfentib.ini

----- BITS: Possible infected sites -----

hxxp://theinstalls.com
.
(((((((((((((((((((((((((  Files Created from 2008-06-05 to 2008-07-05  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 09:52    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\Skype
2008-07-05 07:54    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\SUPERAntiSpyware.com
2008-07-05 07:54    ---------    d-----w    C:\ProgramData\SUPERAntiSpyware.com
2008-07-05 07:54    ---------    d-----w    C:\Program Files\SUPERAntiSpyware
2008-07-05 07:53    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 07:48    ---------    d-----w    C:\Program Files\CCleaner
2008-07-05 06:50    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\UseNeXT
2008-07-04 20:52    89,088    ----a-w    C:\Windows\System32\dmfqobmj.dll
2008-07-04 00:21    ---------    d-----w    C:\Program Files\Full Tilt Poker
2008-07-03 23:21    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\Azureus
2008-07-03 22:00    ---------    d-----w    C:\Program Files\File Scavenger 3.2
2008-07-03 21:55    ---------    d-----w    C:\ProgramData\Azureus
2008-06-20 23:56    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\CoreFTP
2008-06-20 22:54    ---------    d-----w    C:\Program Files\UseNeXT
2008-06-20 18:28    ---------    d-----w    C:\Program Files\JalbumWin
2008-06-20 17:27    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\JAlbum
2008-06-15 07:05    ---------    d-----w    C:\Program Files\Panda Security
2008-06-14 05:15    42,656    ----a-w    C:\Users\Lars Vilandt\AppData\Roaming\nvModes.dat
2008-06-13 22:35    ---------    d-----w    C:\Program Files\Red Kawa
2008-06-13 22:35    ---------    d-----w    C:\Program Files\AviSynth 2.5
2008-06-13 22:04    ---------    d---a-w    C:\ProgramData\TEMP
2008-06-13 22:03    ---------    d-----w    C:\Program Files\NoAdware5.0
2008-06-13 16:21    ---------    d-----w    C:\Program Files\Browser Hijack Recover
2008-06-13 04:22    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\Uniblue
2008-06-12 16:28    ---------    d-----w    C:\Program Files\Windows Live Safety Center
2008-06-12 16:20    102,664    ----a-w    C:\Windows\system32\drivers\tmcomm.sys
2008-06-12 01:39    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\SecondLife
2008-06-12 01:27    ---------    d-----w    C:\Program Files\Windows Mail
2008-06-12 00:55    ---------    d-----w    C:\Program Files\Enigma Software Group
2008-06-11 14:59    ---------    d-----w    C:\ProgramData\Lavasoft
2008-06-11 14:57    ---------    d-----w    C:\Program Files\Lavasoft
2008-06-10 15:42    ---------    d-----w    C:\Program Files\Cucusoft
2008-06-10 15:27    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\Pavtube
2008-06-10 15:26    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\Download Manager
2008-06-09 22:38    ---------    d-----w    C:\ProgramData\Microsoft Help
2008-06-09 03:23    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\Nexon
2008-06-09 03:21    ---------    d-----w    C:\Program Files\Common Files\INCA Shared
2008-06-06 11:28    ---------    d-----w    C:\Program Files\uTorrent
2008-06-06 11:28    ---------    d-----w    C:\Program Files\CoreFTP
2008-06-06 10:14    ---------    d-----w    C:\Program Files\Alcohol Soft
2008-06-06 10:10    716,272    ----a-w    C:\Windows\system32\drivers\sptd.sys
2008-06-06 09:53    ---------    d-----w    C:\Program Files\DVD Decrypter
2008-06-05 21:58    ---------    d-----w    C:\Program Files\Microsoft Silverlight
2008-06-05 14:24    ---------    d-----w    C:\ProgramData\FLEXnet
2008-06-05 14:15    ---------    d-----w    C:\Program Files\Common Files\Adobe
2008-06-05 11:02    ---------    d-----w    C:\Program Files\Common Files\Macrovision Shared
2008-06-02 09:00    ---------    d-----w    C:\Program Files\Support.com
2008-05-31 13:35    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\Apple Computer
2008-05-31 10:15    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\Thunderbird
2008-05-31 10:15    ---------    d-----w    C:\Program Files\Mozilla Thunderbird
2008-05-28 19:08    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\cmw
2008-05-28 19:08    ---------    d-----w    C:\Program Files\winpwn
2008-05-24 15:28    ---------    d-----w    C:\ProgramData\Apple Computer
2008-05-24 15:28    ---------    d-----w    C:\Program Files\QuickTime
2008-05-24 15:28    ---------    d-----w    C:\Program Files\iTunes
2008-05-24 15:28    ---------    d-----w    C:\Program Files\iPod
2008-05-24 15:28    ---------    d-----w    C:\Program Files\Bonjour
2008-05-24 15:26    ---------    d-----w    C:\Program Files\Apple Software Update
2008-05-24 15:25    ---------    d-----w    C:\ProgramData\Apple
2008-05-24 15:25    ---------    d-----w    C:\Program Files\Common Files\Apple
2008-05-12 20:37    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\ACD Systems
2008-05-12 20:36    ---------    d-----w    C:\Program Files\Common Files\ACD Systems
2008-05-12 20:35    ---------    d-----w    C:\ProgramData\ACD Systems
2008-05-12 20:35    ---------    d-----w    C:\Program Files\ACD Systems
2008-05-12 17:20    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-05-10 03:30    14,848    ----a-w    C:\Windows\System32\wshrm.dll
2008-05-10 01:21    113,664    ----a-w    C:\Windows\system32\drivers\rmcast.sys
2008-05-09 09:26    ---------    d-----w    C:\ProgramData\Hewlett-Packard
2008-05-08 06:08    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\Media Player Classic
2008-05-08 03:33    ---------    d-----w    C:\Program Files\PCI Latency Tool 3
2008-05-05 00:15    ---------    d-----w    C:\Users\Lars Vilandt\AppData\Roaming\Ahead
2008-05-03 11:11    0    ----a-w    C:\Users\Lars Vilandt\AppData\Roaming\wklnhst.dat
2008-05-03 06:24    905,400    ----a-w    C:\Windows\System32\winresume.exe
2008-05-03 06:24    613,888    ----a-w    C:\Windows\System32\wpd_ci.dll
2008-05-03 06:24    40,960    ----a-w    C:\Windows\System32\srclient.dll
2008-05-03 06:24    371,712    ----a-w    C:\Windows\System32\srcore.dll
2008-05-03 06:24    313,856    ----a-w    C:\Windows\System32\rstrui.exe
2008-05-03 06:24    229,888    ----a-w    C:\Windows\System32\msshsq.dll
2008-05-03 06:24    19,000    ----a-w    C:\Windows\System32\kd1394.dll
2008-05-03 06:24    16,384    ----a-w    C:\Windows\System32\srdelayed.exe
2008-05-03 06:24    1,585,664    ----a-w    C:\Windows\System32\setupapi.dll
2008-05-03 04:38    174    --sha-w    C:\Program Files\desktop.ini
2008-05-03 04:20    87,040    ----a-w    C:\Windows\System32\msoert2.dll
2008-05-03 04:20    39,424    ----a-w    C:\Windows\System32\ACCTRES.dll
2008-05-03 04:20    205,824    ----a-w    C:\Windows\System32\msoeacct.dll
2008-05-03 04:19    704,000    ----a-w    C:\Windows\System32\PhotoScreensaver.scr
2008-05-03 04:19    67,584    ----a-w    C:\Windows\System32\wlanhlp.dll
2008-05-03 04:19    542,720    ----a-w    C:\Windows\System32\sysmain.dll
2008-05-03 04:19    502,784    ----a-w    C:\Windows\System32\wlansvc.dll
2008-05-03 04:19    47,104    ----a-w    C:\Windows\System32\wlanapi.dll
2008-05-03 04:19    297,984    ----a-w    C:\Windows\System32\wlansec.dll
2008-05-03 04:19    290,816    ----a-w    C:\Windows\System32\wlanmsm.dll
2008-05-03 04:19    24,064    ----a-w    C:\Windows\System32\wtsapi32.dll
2008-05-03 04:19    2,923,520    ----a-w    C:\Windows\explorer.exe
2008-05-03 04:19    194,560    ----a-w    C:\Windows\System32\WebClnt.dll
2008-05-03 04:17    49,664    ----a-w    C:\Windows\System32\csrsrv.dll
2008-05-03 04:17    376,320    ----a-w    C:\Windows\System32\winsrv.dll
2008-05-03 04:14    374,456    ----a-w    C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-05-03 04:13    8,147,968    ----a-w    C:\Windows\System32\wmploc.DLL
2008-05-03 04:13    7,680    ----a-w    C:\Windows\System32\spwmp.dll
.
[code]<pre>
----a-w          325,204 2006-12-21 18:56:28  C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
</pre>[/code]


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-03 06:01 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-05-03 08:13 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-06-06 12:15 4608]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"Device Detector"="DevDetect.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 08:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 17:12 107112]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 06:34 134808]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-11 19:51 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-11 19:51 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-11 19:51 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"9a2aa44e"="C:\Windows\system32\dmfqobmj.dll" [2008-07-04 22:52 89088]
"nwiz"="nwiz.exe" [N/A]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-05 02:42:13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1922583515-2520021141-4155528976-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E1BAF740-5042-456C-8259-6C5B0569DC42}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{F6C6D607-4C33-4196-A33F-221CE6899A1E}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{BD189C8F-93D9-45A9-8469-4A11B0E0F58A}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{F3381CB9-B9BE-4D2C-8B88-9529A79B29B2}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{383FD4CA-289B-426F-B3F0-73FC3BA03F25}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{B2370CE2-EA15-4007-A56C-2F02EAA8A7AE}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{38AA6F68-526A-47F5-91DC-D17BA5C351AA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{53D338E2-1A2D-4C63-882C-2BD412AA0641}C:\\program files\\hp\\quickplay\\qp.exe"= UDP:C:\program files\hp\quickplay\qp.exe:HP QuickPlay
"UDP Query User{0FD8EEEC-3315-407A-8DC0-06A38F0CC9FC}C:\\program files\\hp\\quickplay\\qp.exe"= TCP:C:\program files\hp\quickplay\qp.exe:HP QuickPlay
"{DA1956D5-03A8-486C-BF43-7F13D0D6B27E}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{FB541038-6A42-4794-B65A-D3D5ADC5A575}C:\\games\\secondlife\\slvoice.exe"= UDP:C:\games\secondlife\slvoice.exe:SLVoice
"UDP Query User{9570FECE-260C-4A21-994C-405DDF8AE033}C:\\games\\secondlife\\slvoice.exe"= TCP:C:\games\secondlife\slvoice.exe:SLVoice
"{BBE019F4-D89D-42B6-B3AB-46E9E073662F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{169B5E85-B482-450F-A33A-AC718C3F6AA7}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{47B8810E-8F09-4C14-84DB-14FB183BC328}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D9D758DF-65D1-4580-A046-23820362381D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2BBA169B-8BF7-46E1-A058-94B2A2A1BE7F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{CDB4A5F0-DA02-4C55-9E4D-38739A65DD16}C:\\program files\\secondlifereleasecandidate\\slvoice.exe"= UDP:C:\program files\secondlifereleasecandidate\slvoice.exe:SLVoice
"UDP Query User{0823F28E-6018-4C28-834E-CC651D454CA9}C:\\program files\\secondlifereleasecandidate\\slvoice.exe"= TCP:C:\program files\secondlifereleasecandidate\slvoice.exe:SLVoice
"{ECAE64EE-E5FF-41C8-8613-3F951B4A647E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{83BFDDD8-9797-4F29-BBF1-83DEDD4F9C80}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{DD25AE8B-678C-4DC2-B5EB-2236F1D6997F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FEC71FF1-2876-43C2-A772-4C070463BF7F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{AE4BE2B3-69BC-4B1C-911A-B7B875626D28}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{25538DB6-AA37-421E-A905-A127B54D36E6}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 LtcyCfgWDM;PCI Latency Tool Driver Service;C:\Windows\system32\DRIVERS\LtcyCfgWDM.sys [2005-12-26 00:24]
S3 ST50220;Sonix ST50220 USB Video Camera Driver;C:\Windows\system32\Drivers\ST50220.sys [2006-11-24 17:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{961994f4-18bc-11dd-a897-806e6f6e6963}]
\shell\AutoRun\command - E:\ShelExec.exe language.htm

.
- - - - ORPHANS REMOVED - - - -

BHO-{D0CF1C11-4503-4114-996E-E687D4E86057} - C:\Windows\system32\urQKCVMf.dll
SSODL-axrfgvek-{36EDA8C6-160B-4F1E-92AA-601ED81A476D} - C:\Windows\axrfgvek.dll
SSODL-okmdepgb-{13DCEE36-4725-46DD-80C1-5712BFD9F81D} - C:\Windows\okmdepgb.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 12:06:27
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Lars Vilandt\AppData\Local\Temp\Cab67E6.tmp
C:\Users\Lars Vilandt\AppData\Local\Temp\Tar67E7.tmp
C:\Users\Lars Vilandt\AppData\Local\Temp\WER2AD8.tmp.hdmp
C:\Users\Lars Vilandt\AppData\Local\Temp\WER6856.tmp.mdmp

scan completed successfully
hidden files: 4

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\dmfqobmj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\WerFault.exe
.
**************************************************************************
.
Completion time: 2008-07-05 12:11:37 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-05 10:11:22

      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
Post-Run: 61,575,626,752 byte ledig

277    --- E O F ---    2008-06-25 06:18:27
05. juli 2008 - 16:20 #17
Så ka' du godt slå dem over fingrene !!!

------------

Afinstaller

* Azereus
* µTorrent

Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer relutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------
05. juli 2008 - 16:21 #18
Gentager igen -> M$ Vista ServicePack1 + efterfølgende WindowsUpdate ???

http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=f559842a-9c9b-4579-b64a-09146a0ba746
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester