CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede ps76 Forsker
01. juli 2008 - 18:12 Der er 14 kommentarer og
1 løsning

rense sønnens computer

Efter jeg med held fik renset datterens pc i sidste uge vil sønnen nu også gerne have sådan en "hovedrengøring".
Jeg har fulgt samme procedure og har nu en Combo.fix fil, hvis der er en der gider kigge på denne og gøre det fornødne:

ComboFix 08-06-20.4 - Yoggi 2008-07-01 18:02:20.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.1.1030.18.1977 [GMT 2:00]
Running from: C:\Users\Yoggi\Downloads\Protection\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2008-06-01 to 2008-07-01  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 16:01    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\DNA
2008-07-01 14:57    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\Malwarebytes
2008-07-01 14:57    ---------    d-----w    C:\ProgramData\Malwarebytes
2008-07-01 14:57    ---------    d-----w    C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 11:05    ---------    d-----w    C:\Program Files\Password Agent
2008-06-30 23:34    ---------    d-----w    C:\Program Files\Cheat Engine
2008-06-30 17:37    ---------    d-----w    C:\ProgramData\iOpus-i-M
2008-06-30 17:37    ---------    d-----w    C:\Program Files\iMacros
2008-06-30 16:38    ---------    d-----w    C:\ProgramData\Yahoo! Companion
2008-06-30 16:11    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\SUPERAntiSpyware.com
2008-06-30 16:11    ---------    d-----w    C:\ProgramData\SUPERAntiSpyware.com
2008-06-30 16:11    ---------    d-----w    C:\Program Files\SUPERAntiSpyware
2008-06-30 16:11    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 16:08    ---------    d-----w    C:\Program Files\Yahoo!
2008-06-30 16:08    ---------    d-----w    C:\Program Files\CCleaner
2008-06-30 15:34    ---------    d-----w    C:\ProgramData\Lavasoft
2008-06-30 15:33    ---------    d-----w    C:\Program Files\Lavasoft
2008-06-30 15:32    ---------    d-----w    C:\ProgramData\Spybot - Search & Destroy
2008-06-30 14:47    ---------    d-----w    C:\Program Files\Spybot - Search & Destroy
2008-06-30 12:31    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\BitTorrent
2008-06-29 19:08    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\LimeWire
2008-06-28 12:16    34,296    ----a-w    C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-28 12:16    17,144    ----a-w    C:\Windows\system32\drivers\mbam.sys
2008-06-27 22:56    ---------    d-----w    C:\Program Files\7-Zip
2008-06-27 14:13    ---------    d-----w    C:\Program Files\PicLensIE
2008-06-18 18:39    ---------    d-----w    C:\Program Files\Intel Corporation
2008-06-16 16:57    ---------    d-----w    C:\Program Files\AC3Filter
2008-06-15 00:12    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\EVEMon
2008-06-13 18:13    ---------    d-----w    C:\Program Files\Xilisoft
2008-06-13 17:45    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-06-13 17:44    ---------    d-----w    C:\Program Files\Google
2008-06-13 17:27    ---------    d-----w    C:\Program Files\DNA
2008-06-13 17:27    ---------    d-----w    C:\Program Files\BitTorrent
2008-06-12 19:13    ---------    d-----w    C:\Program Files\Windows Mail
2008-06-10 15:57    ---------    d-----w    C:\ProgramData\NVIDIA
2008-06-09 18:41    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\vlc
2008-06-09 18:33    ---------    d-----w    C:\Program Files\VideoLAN
2008-06-08 11:16    ---------    d-----w    C:\ProgramData\Messenger Plus!
2008-06-08 10:05    ---------    d-----w    C:\Program Files\CCP
2008-06-07 23:28    ---------    d-----w    C:\Program Files\EVEMon
2008-06-07 20:10    ---------    d---a-w    C:\ProgramData\TEMP
2008-06-07 15:17    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\DivX
2008-06-07 15:16    ---------    d-----w    C:\Program Files\DivX
2008-06-07 15:15    ---------    d-----w    C:\Program Files\Common Files\PX Storage Engine
2008-06-07 11:29    174    --sha-w    C:\Program Files\desktop.ini
2008-06-07 11:24    ---------    d-----w    C:\Program Files\Windows Sidebar
2008-06-07 11:24    ---------    d-----w    C:\Program Files\Windows Defender
2008-06-07 11:24    ---------    d-----w    C:\Program Files\Windows Calendar
2008-06-07 01:01    87,040    ----a-w    C:\Windows\System32\msoert2.dll
2008-06-07 01:01    39,424    ----a-w    C:\Windows\System32\ACCTRES.dll
2008-06-07 01:01    205,824    ----a-w    C:\Windows\System32\msoeacct.dll
2008-06-07 01:00    704,000    ----a-w    C:\Windows\System32\PhotoScreensaver.scr
2008-06-07 01:00    67,584    ----a-w    C:\Windows\System32\wlanhlp.dll
2008-06-07 01:00    542,720    ----a-w    C:\Windows\System32\sysmain.dll
2008-06-07 01:00    502,784    ----a-w    C:\Windows\System32\wlansvc.dll
2008-06-07 01:00    47,104    ----a-w    C:\Windows\System32\wlanapi.dll
2008-06-07 01:00    297,984    ----a-w    C:\Windows\System32\wlansec.dll
2008-06-07 01:00    290,816    ----a-w    C:\Windows\System32\wlanmsm.dll
2008-06-07 01:00    258,232    ----a-w    C:\Windows\system32\drivers\acpi.sys
2008-06-07 01:00    24,064    ----a-w    C:\Windows\System32\wtsapi32.dll
2008-06-07 01:00    2,923,520    ----a-w    C:\Windows\explorer.exe
2008-06-07 00:59    194,560    ----a-w    C:\Windows\System32\WebClnt.dll
2008-06-07 00:59    110,080    ----a-w    C:\Windows\system32\drivers\mrxdav.sys
2008-06-07 00:58    49,664    ----a-w    C:\Windows\System32\csrsrv.dll
2008-06-07 00:58    376,320    ----a-w    C:\Windows\System32\winsrv.dll
2008-06-07 00:55    41,984    ----a-w    C:\Windows\system32\drivers\monitor.sys
2008-06-07 00:55    1,060,920    ----a-w    C:\Windows\system32\drivers\ntfs.sys
2008-06-07 00:54    374,456    ----a-w    C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-06-07 00:53    414,208    ----a-w    C:\Windows\System32\msscp.dll
2008-06-07 00:52    8,147,968    ----a-w    C:\Windows\System32\wmploc.DLL
2008-06-07 00:52    7,680    ----a-w    C:\Windows\System32\spwmp.dll
2008-06-07 00:52    4,096    ----a-w    C:\Windows\System32\dxmasf.dll
2008-06-07 00:52    356,864    ----a-w    C:\Windows\System32\MediaMetadataHandler.dll
2008-06-07 00:51    86,016    ----a-w    C:\Windows\System32\icfupgd.dll
2008-06-07 00:51    63,488    ----a-w    C:\Windows\system32\drivers\mpsdrv.sys
2008-06-07 00:51    61,952    ----a-w    C:\Windows\System32\cmifw.dll
2008-06-07 00:51    396,800    ----a-w    C:\Windows\System32\MPSSVC.dll
2008-06-07 00:51    392,192    ----a-w    C:\Windows\System32\FirewallAPI.dll
2008-06-07 00:51    23,040    ----a-w    C:\Windows\system32\drivers\tunnel.sys
2008-06-07 00:51    178,688    ----a-w    C:\Windows\System32\iphlpsvc.dll
2008-06-07 00:51    16,896    ----a-w    C:\Windows\System32\wfapigp.dll
2008-06-07 00:51    15,360    ----a-w    C:\Windows\system32\drivers\TUNMP.SYS
2008-06-07 00:50    45,112    ----a-w    C:\Windows\system32\drivers\pciidex.sys
2008-06-07 00:50    3,504,696    ----a-w    C:\Windows\System32\ntkrnlpa.exe
2008-06-07 00:50    3,470,392    ----a-w    C:\Windows\System32\ntoskrnl.exe
2008-06-07 00:50    211,000    ----a-w    C:\Windows\system32\drivers\volsnap.sys
2008-06-07 00:50    21,560    ----a-w    C:\Windows\system32\drivers\atapi.sys
2008-06-07 00:50    17,464    ----a-w    C:\Windows\system32\drivers\intelide.sys
2008-06-07 00:50    154,624    ----a-w    C:\Windows\system32\drivers\nwifi.sys
2008-06-07 00:50    15,928    ----a-w    C:\Windows\system32\drivers\pciide.sys
2008-06-07 00:50    109,624    ----a-w    C:\Windows\system32\drivers\ataport.sys
2008-06-07 00:49    2,048    ----a-w    C:\Windows\System32\msxml3r.dll
2008-06-07 00:49    104,448    ----a-w    C:\Windows\System32\DWWIN.EXE
2008-06-07 00:49    1,191,936    ----a-w    C:\Windows\System32\msxml3.dll
2008-06-07 00:48    8,704    ----a-w    C:\Windows\System32\hcrstco.dll
2008-06-07 00:48    8,704    ----a-w    C:\Windows\System32\hccoin.dll
2008-06-07 00:48    73,216    ----a-w    C:\Windows\system32\drivers\usbccgp.sys
2008-06-07 00:48    5,888    ----a-w    C:\Windows\system32\drivers\usbd.sys
2008-06-07 00:48    38,400    ----a-w    C:\Windows\system32\drivers\usbehci.sys
2008-06-07 00:48    23,040    ----a-w    C:\Windows\system32\drivers\usbuhci.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
2008-06-13 17:24    2084864    --a------    C:\Program Files\PicLensIE\PicLens.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-07 02:37 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Users\Yoggi\Program Files\DNA\btdna.exe" [2008-06-13 19:49 289088]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-06-09 23:22 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-09 23:22 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-09 23:22 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC7CDC43-AC8C-4C52-897D-48A5C09AA7DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{ADEAF152-4E74-46E2-ADC8-E50514DB3F19}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{B6B6CDF2-91EC-4E24-BC1D-49362136F5C3}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{9339CB30-7B43-42BB-8712-D565A718F6FA}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{A59F5263-9AAC-488D-842C-74954D52AE27}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{12D06FAA-089C-492C-9A6F-C8401BC87EB2}C:\\eve2\\bin\\exefile.exe"= UDP:C:\eve2\bin\exefile.exe:CCP ExeFile
"UDP Query User{F771BE93-C544-4769-A4A9-2E228A393766}C:\\eve2\\bin\\exefile.exe"= TCP:C:\eve2\bin\exefile.exe:CCP ExeFile
"{53412CCD-2026-4E1F-A2DA-F31DB902CCBF}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D05F5423-8061-4707-9BE2-6AF456C87159}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{C765EA13-1D0A-4276-8739-5ED7501DCC93}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{288B8C84-D405-48CC-9873-1BC49DC0F2AA}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{9E4764C2-C83D-4494-9535-4D6AC22C7CF7}C:\\users\\yoggi\\program files\\dna\\btdna.exe"= UDP:C:\users\yoggi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5E3207DD-A9A6-4C71-88D4-62EE8EE62682}C:\\users\\yoggi\\program files\\dna\\btdna.exe"= TCP:C:\users\yoggi\program files\dna\btdna.exe:btdna.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-15 16:24]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd780fb9-3eb8-11dd-baee-001a92bd0550}]
\shell\AutoRun\command - patty.exe
\shell\explore\Command - patty.exe
\shell\find\Command - patty.exe
\shell\open\Command - patty.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 18:04:12
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-01 18:05:00
ComboFix-quarantined-files.txt  2008-07-01 16:04:54
ComboFix2.txt  2008-07-01 16:00:33

      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.

180    --- E O F ---    2008-06-26 10:55:24
Avatar billede levich Nybegynder
01. juli 2008 - 18:31 #1
Følg vejledningen her: http://www.eksperten.dk/artikler/1123
Bagefter send loggen fra SuperAntiSpyware, Combofix og hijackthis herind.
Avatar billede ps76 Forsker
01. juli 2008 - 18:56 #2
ok er igang - men vejledningen er ikke gældende for Vista, jfr. indledningen...? Prøver dog alligevel.
Avatar billede Computer Hjælp (Gratis) Mester
01. juli 2008 - 19:11 #3
(Artiklen er - stadig - ikke opdateret... Virker også til Vista...)

Læs og forstå - også i denne log ->
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

* BitTorrent
* limewire
* DNA

Desuden bør/skal
* Messenger Plus!
også afinstaleres...
Avatar billede ps76 Forsker
01. juli 2008 - 19:32 #4
Her kommer de tre logfiler:
ComboFix 08-06-20.4 - Yoggi 2008-07-01 19:22:07.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.1.1030.18.2140 [GMT 2:00]
Running from: C:\Users\Yoggi\Downloads\Protection\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2008-06-01 to 2008-07-01  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 16:48    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\DNA
2008-07-01 14:57    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\Malwarebytes
2008-07-01 14:57    ---------    d-----w    C:\ProgramData\Malwarebytes
2008-07-01 14:57    ---------    d-----w    C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 11:05    ---------    d-----w    C:\Program Files\Password Agent
2008-06-30 23:34    ---------    d-----w    C:\Program Files\Cheat Engine
2008-06-30 17:37    ---------    d-----w    C:\ProgramData\iOpus-i-M
2008-06-30 17:37    ---------    d-----w    C:\Program Files\iMacros
2008-06-30 16:38    ---------    d-----w    C:\ProgramData\Yahoo! Companion
2008-06-30 16:11    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\SUPERAntiSpyware.com
2008-06-30 16:11    ---------    d-----w    C:\ProgramData\SUPERAntiSpyware.com
2008-06-30 16:11    ---------    d-----w    C:\Program Files\SUPERAntiSpyware
2008-06-30 16:11    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 16:08    ---------    d-----w    C:\Program Files\Yahoo!
2008-06-30 16:08    ---------    d-----w    C:\Program Files\CCleaner
2008-06-30 15:34    ---------    d-----w    C:\ProgramData\Lavasoft
2008-06-30 15:33    ---------    d-----w    C:\Program Files\Lavasoft
2008-06-30 15:32    ---------    d-----w    C:\ProgramData\Spybot - Search & Destroy
2008-06-30 14:47    ---------    d-----w    C:\Program Files\Spybot - Search & Destroy
2008-06-30 12:31    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\BitTorrent
2008-06-29 19:08    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\LimeWire
2008-06-28 12:16    34,296    ----a-w    C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-28 12:16    17,144    ----a-w    C:\Windows\system32\drivers\mbam.sys
2008-06-27 22:56    ---------    d-----w    C:\Program Files\7-Zip
2008-06-27 14:13    ---------    d-----w    C:\Program Files\PicLensIE
2008-06-18 18:39    ---------    d-----w    C:\Program Files\Intel Corporation
2008-06-16 16:57    ---------    d-----w    C:\Program Files\AC3Filter
2008-06-15 00:12    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\EVEMon
2008-06-13 18:13    ---------    d-----w    C:\Program Files\Xilisoft
2008-06-13 17:45    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-06-13 17:44    ---------    d-----w    C:\Program Files\Google
2008-06-13 17:27    ---------    d-----w    C:\Program Files\DNA
2008-06-13 17:27    ---------    d-----w    C:\Program Files\BitTorrent
2008-06-12 19:13    ---------    d-----w    C:\Program Files\Windows Mail
2008-06-10 15:57    ---------    d-----w    C:\ProgramData\NVIDIA
2008-06-09 18:41    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\vlc
2008-06-09 18:33    ---------    d-----w    C:\Program Files\VideoLAN
2008-06-08 11:16    ---------    d-----w    C:\ProgramData\Messenger Plus!
2008-06-08 10:05    ---------    d-----w    C:\Program Files\CCP
2008-06-07 23:28    ---------    d-----w    C:\Program Files\EVEMon
2008-06-07 20:10    ---------    d---a-w    C:\ProgramData\TEMP
2008-06-07 15:17    ---------    d-----w    C:\Users\Yoggi\AppData\Roaming\DivX
2008-06-07 15:16    ---------    d-----w    C:\Program Files\DivX
2008-06-07 15:15    ---------    d-----w    C:\Program Files\Common Files\PX Storage Engine
2008-06-07 11:29    174    --sha-w    C:\Program Files\desktop.ini
2008-06-07 11:24    ---------    d-----w    C:\Program Files\Windows Sidebar
2008-06-07 11:24    ---------    d-----w    C:\Program Files\Windows Defender
2008-06-07 11:24    ---------    d-----w    C:\Program Files\Windows Calendar
2008-06-07 01:01    87,040    ----a-w    C:\Windows\System32\msoert2.dll
2008-06-07 01:01    39,424    ----a-w    C:\Windows\System32\ACCTRES.dll
2008-06-07 01:01    205,824    ----a-w    C:\Windows\System32\msoeacct.dll
2008-06-07 01:00    704,000    ----a-w    C:\Windows\System32\PhotoScreensaver.scr
2008-06-07 01:00    67,584    ----a-w    C:\Windows\System32\wlanhlp.dll
2008-06-07 01:00    542,720    ----a-w    C:\Windows\System32\sysmain.dll
2008-06-07 01:00    502,784    ----a-w    C:\Windows\System32\wlansvc.dll
2008-06-07 01:00    47,104    ----a-w    C:\Windows\System32\wlanapi.dll
2008-06-07 01:00    297,984    ----a-w    C:\Windows\System32\wlansec.dll
2008-06-07 01:00    290,816    ----a-w    C:\Windows\System32\wlanmsm.dll
2008-06-07 01:00    258,232    ----a-w    C:\Windows\system32\drivers\acpi.sys
2008-06-07 01:00    24,064    ----a-w    C:\Windows\System32\wtsapi32.dll
2008-06-07 01:00    2,923,520    ----a-w    C:\Windows\explorer.exe
2008-06-07 00:59    194,560    ----a-w    C:\Windows\System32\WebClnt.dll
2008-06-07 00:59    110,080    ----a-w    C:\Windows\system32\drivers\mrxdav.sys
2008-06-07 00:58    49,664    ----a-w    C:\Windows\System32\csrsrv.dll
2008-06-07 00:58    376,320    ----a-w    C:\Windows\System32\winsrv.dll
2008-06-07 00:55    41,984    ----a-w    C:\Windows\system32\drivers\monitor.sys
2008-06-07 00:55    1,060,920    ----a-w    C:\Windows\system32\drivers\ntfs.sys
2008-06-07 00:54    374,456    ----a-w    C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-06-07 00:53    414,208    ----a-w    C:\Windows\System32\msscp.dll
2008-06-07 00:52    8,147,968    ----a-w    C:\Windows\System32\wmploc.DLL
2008-06-07 00:52    7,680    ----a-w    C:\Windows\System32\spwmp.dll
2008-06-07 00:52    4,096    ----a-w    C:\Windows\System32\dxmasf.dll
2008-06-07 00:52    356,864    ----a-w    C:\Windows\System32\MediaMetadataHandler.dll
2008-06-07 00:51    86,016    ----a-w    C:\Windows\System32\icfupgd.dll
2008-06-07 00:51    63,488    ----a-w    C:\Windows\system32\drivers\mpsdrv.sys
2008-06-07 00:51    61,952    ----a-w    C:\Windows\System32\cmifw.dll
2008-06-07 00:51    396,800    ----a-w    C:\Windows\System32\MPSSVC.dll
2008-06-07 00:51    392,192    ----a-w    C:\Windows\System32\FirewallAPI.dll
2008-06-07 00:51    23,040    ----a-w    C:\Windows\system32\drivers\tunnel.sys
2008-06-07 00:51    178,688    ----a-w    C:\Windows\System32\iphlpsvc.dll
2008-06-07 00:51    16,896    ----a-w    C:\Windows\System32\wfapigp.dll
2008-06-07 00:51    15,360    ----a-w    C:\Windows\system32\drivers\TUNMP.SYS
2008-06-07 00:50    45,112    ----a-w    C:\Windows\system32\drivers\pciidex.sys
2008-06-07 00:50    3,504,696    ----a-w    C:\Windows\System32\ntkrnlpa.exe
2008-06-07 00:50    3,470,392    ----a-w    C:\Windows\System32\ntoskrnl.exe
2008-06-07 00:50    211,000    ----a-w    C:\Windows\system32\drivers\volsnap.sys
2008-06-07 00:50    21,560    ----a-w    C:\Windows\system32\drivers\atapi.sys
2008-06-07 00:50    17,464    ----a-w    C:\Windows\system32\drivers\intelide.sys
2008-06-07 00:50    154,624    ----a-w    C:\Windows\system32\drivers\nwifi.sys
2008-06-07 00:50    15,928    ----a-w    C:\Windows\system32\drivers\pciide.sys
2008-06-07 00:50    109,624    ----a-w    C:\Windows\system32\drivers\ataport.sys
2008-06-07 00:49    2,048    ----a-w    C:\Windows\System32\msxml3r.dll
2008-06-07 00:49    104,448    ----a-w    C:\Windows\System32\DWWIN.EXE
2008-06-07 00:49    1,191,936    ----a-w    C:\Windows\System32\msxml3.dll
2008-06-07 00:48    8,704    ----a-w    C:\Windows\System32\hcrstco.dll
2008-06-07 00:48    8,704    ----a-w    C:\Windows\System32\hccoin.dll
2008-06-07 00:48    73,216    ----a-w    C:\Windows\system32\drivers\usbccgp.sys
2008-06-07 00:48    5,888    ----a-w    C:\Windows\system32\drivers\usbd.sys
2008-06-07 00:48    38,400    ----a-w    C:\Windows\system32\drivers\usbehci.sys
2008-06-07 00:48    23,040    ----a-w    C:\Windows\system32\drivers\usbuhci.sys
.

(((((((((((((((((((((((((((((  snapshot@2008-07-01_18.00.06,41  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 15:30:41    67,584    --s-a-w    C:\Windows\bootstat.dat
+ 2008-07-01 17:18:45    67,584    --s-a-w    C:\Windows\bootstat.dat
- 2008-07-01 15:30:41    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-01 17:18:45    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-01 15:30:41    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-01 17:18:45    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-01 15:32:46    262,144    --sha-w    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-01 17:20:53    262,144    --sha-w    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-01 17:20:53    262,144    ---ha-w    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-01 15:32:51    262,144    --sha-w    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-01 17:20:59    262,144    --sha-w    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-01 17:20:59    262,144    ---ha-w    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-01 15:30:42    16,384    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-01 17:19:24    16,384    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-01 15:30:42    32,768    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-01 17:19:24    32,768    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-01 15:30:42    16,384    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-01 17:19:24    16,384    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-01 15:38:49    80,082    ----a-w    C:\Windows\System32\perfc006.dat
+ 2008-07-01 16:56:00    79,704    ----a-w    C:\Windows\System32\perfc006.dat
- 2008-07-01 15:38:49    103,726    ----a-w    C:\Windows\System32\perfc009.dat
+ 2008-07-01 16:56:00    103,314    ----a-w    C:\Windows\System32\perfc009.dat
- 2008-07-01 15:38:49    485,362    ----a-w    C:\Windows\System32\perfh006.dat
+ 2008-07-01 16:56:00    484,614    ----a-w    C:\Windows\System32\perfh006.dat
- 2008-07-01 15:38:49    609,944    ----a-w    C:\Windows\System32\perfh009.dat
+ 2008-07-01 16:56:00    609,532    ----a-w    C:\Windows\System32\perfh009.dat
- 2008-07-01 15:33:12    5,218    ----a-w    C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1949694332-3884498656-101436484-1000_UserData.bin
+ 2008-07-01 17:21:16    5,250    ----a-w    C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1949694332-3884498656-101436484-1000_UserData.bin
- 2008-07-01 15:33:12    46,162    ----a-w    C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-01 17:21:16    46,608    ----a-w    C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-01 15:33:11    26,806    ----a-w    C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-01 17:21:14    26,980    ----a-w    C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-01 16:48:42    63,828    ----a-w    C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
2008-06-13 17:24    2084864    --a------    C:\Program Files\PicLensIE\PicLens.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-07 02:37 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Users\Yoggi\Program Files\DNA\btdna.exe" [2008-06-13 19:49 289088]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-06-09 23:22 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-09 23:22 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-09 23:22 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC7CDC43-AC8C-4C52-897D-48A5C09AA7DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{ADEAF152-4E74-46E2-ADC8-E50514DB3F19}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{B6B6CDF2-91EC-4E24-BC1D-49362136F5C3}C:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:C:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"TCP Query User{9339CB30-7B43-42BB-8712-D565A718F6FA}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{A59F5263-9AAC-488D-842C-74954D52AE27}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{12D06FAA-089C-492C-9A6F-C8401BC87EB2}C:\\eve2\\bin\\exefile.exe"= UDP:C:\eve2\bin\exefile.exe:CCP ExeFile
"UDP Query User{F771BE93-C544-4769-A4A9-2E228A393766}C:\\eve2\\bin\\exefile.exe"= TCP:C:\eve2\bin\exefile.exe:CCP ExeFile
"{53412CCD-2026-4E1F-A2DA-F31DB902CCBF}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D05F5423-8061-4707-9BE2-6AF456C87159}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{C765EA13-1D0A-4276-8739-5ED7501DCC93}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{288B8C84-D405-48CC-9873-1BC49DC0F2AA}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{9E4764C2-C83D-4494-9535-4D6AC22C7CF7}C:\\users\\yoggi\\program files\\dna\\btdna.exe"= UDP:C:\users\yoggi\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5E3207DD-A9A6-4C71-88D4-62EE8EE62682}C:\\users\\yoggi\\program files\\dna\\btdna.exe"= TCP:C:\users\yoggi\program files\dna\btdna.exe:btdna.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-15 16:24]
R3 rt61x86;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-03-12 10:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd780fb9-3eb8-11dd-baee-001a92bd0550}]
\shell\AutoRun\command - patty.exe
\shell\explore\Command - patty.exe
\shell\find\Command - patty.exe
\shell\open\Command - patty.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 19:24:11
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-01 19:25:08
ComboFix-quarantined-files.txt  2008-07-01 17:24:58
ComboFix2.txt  2008-07-01 16:05:01
ComboFix3.txt  2008-07-01 16:00:33

      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.

218    --- E O F ---    2008-06-26 10:55:24

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2008 at 07:14 PM

Application Version : 4.15.1000

Core Rules Database Version : 3494
Trace Rules Database Version: 1485

Scan type      : Complete Scan
Total Scan Time : 00:23:30

Memory items scanned      : 206
Memory threats detected  : 0
Registry items scanned    : 5343
Registry threats detected : 0
File items scanned        : 21289
File threats detected    : 7

Adware.Tracking Cookie
    C:\Users\Yoggi\AppData\Roaming\Microsoft\Windows\Cookies\yoggi@serving-sys[2].txt
    C:\Users\Yoggi\AppData\Roaming\Microsoft\Windows\Cookies\yoggi@track.adform[2].txt
    C:\Users\Yoggi\AppData\Roaming\Microsoft\Windows\Cookies\yoggi@bs.serving-sys[2].txt
    C:\Users\Yoggi\AppData\Roaming\Microsoft\Windows\Cookies\Low\yoggi@doubleclick[1].txt
    C:\Users\Yoggi\AppData\Roaming\Microsoft\Windows\Cookies\Low\yoggi@adtech[1].txt
    C:\Users\Yoggi\AppData\Roaming\Microsoft\Windows\Cookies\Low\yoggi@track.adform[2].txt
    C:\Users\Yoggi\AppData\Roaming\Microsoft\Windows\Cookies\Low\yoggi@tribalfusion[1].txt

Logfile of HijackThis v1.99.1
Scan saved at 19:20:51, on 01-07-2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
C:\Users\Yoggi\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Yoggi\Downloads\Protection\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yoggi\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.piclens.com/shared/plinstll.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Avatar billede Computer Hjælp (Gratis) Mester
01. juli 2008 - 19:49 #5
(Du bør bruge en nyere version af HiJackThis -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe )

<levich> Fortsætter bare ... Men husk [01/07-2008 19:11:51] ...
Avatar billede ps76 Forsker
01. juli 2008 - 20:07 #6
jeg tror ikke jeg får en 15 årig teenage knægt til at droppe messenger....
Avatar billede levich Nybegynder
01. juli 2008 - 20:24 #7
Messenger Plus! er et ekstra program til MSN Messenger
Avatar billede levich Nybegynder
01. juli 2008 - 20:28 #8
Med mindre der dukker noget nyt op i loggen fra den nyeste version af Hijackthis, så ser der ikke ud til at være problemer med computeren.
Avatar billede Computer Hjælp (Gratis) Mester
01. juli 2008 - 20:41 #9
http://www.eksperten.dk/spm/528544
http://www.spywareinfo.dk/#/tests/messengerplus.htm
Avatar billede ps76 Forsker
01. juli 2008 - 21:09 #10
jamen det er da dejligt. Så må vi lige checke igen, for problemet opstod, da hans cpu kørte på næsten 100% når messenger var aktiv, og bare på de normale få procenter, når messenger var, ikke lukket, men bare minimeret. Nu ser det normalt ud. Han undrer sig bare over at hans cpu "score" - vista har et eller andet målesystem åbenbart - ikke har ændret sig. Stadig 3,7.
Men tak for hjælpen. Giv et svar begge, så skal vi give lidt point.
Avatar billede levich Nybegynder
01. juli 2008 - 21:59 #11
DEt lyder godt
Avatar billede Computer Hjælp (Gratis) Mester
01. juli 2008 - 22:02 #12
Med
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yoggi\Program Files\DNA\btdna.exe"
kørende aktivt HELE tiden i baggrunden anser jeg IKKE den for 'renset' !!!

Læs og forstå ->
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

* BitTorrent
* Limewire
* DNA

bør afinstaleres !!!

(Det er ikke nødvendigvis det at de er der; men det er RESLUTATET fra dem som let giver ballade)
Avatar billede ps76 Forsker
01. juli 2008 - 22:38 #13
Hvad er lige ***DNA\btdna.exe...?
Avatar billede levich Nybegynder
02. juli 2008 - 00:10 #14
Det er et fildelingsprogram - spørg evt. din søn
Avatar billede ps76 Forsker
02. juli 2008 - 09:32 #15
takker for info. Det må vi kigge på.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Password sikkerhed Af jhjorsal i Andet sikkerhed 2 13/07/202413:12 13/07/202422:46
Automatisering af certifikat proces - Danske virksomheder Af Søren i Andet sikkerhed 1 29/05/202414:23 30/05/202409:03
VPN i forhold til facebook? Af Novice-1 i Andet sikkerhed 2 26/05/202412:09 26/05/202420:54
Fjerne adgangskode Af Geo" søster i Andet sikkerhed 4 25/04/202418:19 26/04/202422:46
Krypetring af USB -stick Af FinBalance i Andet sikkerhed 16 04/03/202412:39 08/03/202415:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 09:22 Opret Windows 11 som lokalkonto Af Uvanga i Windows
I går 21:02 Google my maps Af 1Dorte i Andet software
I går 20:30 Fortnite PS5 Af Sshansen i Andet hardware
I går 16:27 Musikafspiller på Samsung S10 telefon Af mort1 i Mobiltelefoner
I går 14:44 Markere et område der ikke skal med i sum Af lurup i Excel
White papers
Flere white papers »


Premium
Teaser billede
Blodbad på børserne: Tech-aktierne nedsmelter og trækker hele det amerikanske aktiemarked ned
Læs mere »
OpenAI har udviklet et særligt værktøj, der med 99,9 procents sikkerhed kan identificere tekst skabt med ChatGPT
Din Azure-konto kan blive misbrugt til kryptomining - helt uskyldige virksomheder ender med kæmpe-elregning
Danske virksomheder mister konkurrence-evne, hvis de ikke investerer i AI, advarer IT-Branchen
Se alle »
Computerworld
Teaser billede
Første test: Denne helt nye wunder-CPU vil du have i din næste laptop
Læs mere »
Guide til det perfekte trådløse netværk: Wi-fi til 'prepper'-typer
’Apple Intelligence’ slippes løs: Her kommer første mulighed for at afprøve Apples kunstige intelligens
Flere statslige it-løsninger ramt af netværksproblemer - ansatte kunne ikke få mail-adgang
Se alle »
CIO
Teaser billede
Stor aftale gør Microsofts datacentre hurtigere - investerer i netværksudstyr
Læs mere »
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
NIS2 i Danmark udskydes med flere måneder: Her er den nye dato, hvor loven træder i kraft
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
KMD-direktør forlader selskabet: Det skal hun nu
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
IBM Danmark skifter ud i sin øverste ledelse - her er den nye direktion
Se alle »
White paper
Teaser billede
Sådan høster du forretningsfordelene ved Internet of Things
Læs mere »
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Sådan får du overblik og beskytter dine cloudapplikationer
Sådan: Sikker, hurtig og fleksibel storage til dine kritiske data
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »