CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

SlySlasher Nybegynder

31. maj 2009 - 18:59 Der er 69 kommentarer

Virus på Min bærbar Malware

Hej
Hver gang jeg logger på min bærbar (Dell) popper en lille ting nede i værktøjslinje der hedder Malware Doctor.
Kan godt komme på nettet men når jeg afspiller musik på Youtube eller andre sider så virker det ikke.
Og Joblisten virker heller ikke.

Synes godt om

johnstigers Seniormester

31. maj 2009 - 19:22 #1

Hent Ccleaner her > Klik ude til højre på "Download Latest Version".
http://www.filehippo.com/download_ccleaner/
Der er en manual her > http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Der er en lille forskel "Problemer" er udskiftet med "Register".
Sæt de flueben som vist i manualen punkt 11 inden du kører "Renser".
PS.: Dette program vil jeg anbefale dig at beholde, det er fremragende til at rydde op med.

Under installationen får du tilbudt [Yahoo Toolbar]. Sig "Nej" til den.
Lad programmer foretage en oprydning i Renser og Register, og lad den slette det den finder.
Jeg skal ikke se log fra Ccleaner.

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Manual for HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

Hent Hijackthis her: http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

PS: Vistabrugere skal klikke med højre-musetast på filen og vælge (Kør som administrator)

Synes godt om

SlySlasher Nybegynder

31. maj 2009 - 20:59 #2

Her er en log fra Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:05, on 31-05-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Documents and Settings\LocalService\Application Data\691447002.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fighters\configservice.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Documents and Settings\Patrick\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\csrss.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {d9ff282a-c26c-4b3f-9436-5fa1751fac48} - C:\WINDOWS\system32\dirupahu.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - lklf32.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_14_Download_version\TrayServer.exe
O4 - HKLM\..\Run: [mswinlogon] C:\WINDOWS\mscsrss.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [10f4bf9d] rundll32.exe "C:\WINDOWS\system32\ruwiwuli.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [vutovisiyi] Rundll32.exe "C:\WINDOWS\system32\wofomobu.dll",s
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKLM\..\Run: [CPM13c78c01] Rundll32.exe "c:\windows\system32\kidamore.dll",a
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [18WoS_AASetup.exe] C:\DOCUME~1\Patrick\MYDOCU~1\MYCOMP~1\18WOS_~1.EXE /r
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Patrick\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BEBA1B-5FB6-423B-80B7-99D925472D3A}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{94E50A14-BEAE-41E0-B079-25C01AE12319}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\janobubu.dll c:\windows\system32\kidamore.dll,c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: __c00BD410 - C:\WINDOWS\system32\__c00BD410.dat
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kidamore.dll
O22 - SharedTaskScheduler: coexpire - {d4c4bc43-0974-4dec-a669-9f7bfcb3503d} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kidamore.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 16082 bytes

Synes godt om

johnstigers Seniormester

31. maj 2009 - 21:04 #3

En speciel grund til du ikke har opdateret XP???

Synes godt om

johnstigers Seniormester

31. maj 2009 - 21:21 #4

Du kører med 3 x antivirus???

Afinstaller AVG + PC Tools AntiVirus - genstart.
Lav en fuldstændig scanning med Avast og se om det hjælper.

Synes godt om

SlySlasher Nybegynder

31. maj 2009 - 22:45 #5

Ja- er ik et computer geni med opdateringer eller andet så ha brug for en masse vejledning :P

Synes godt om

SlySlasher Nybegynder

31. maj 2009 - 22:54 #6

Og hvad er Avast?

Synes godt om

Computer Hjælp (Gratis) Mester

01. juni 2009 - 00:38 #7

Afinstall:
* AVG
* PC Tools
* AskBAR
* AIM Toolbar Loader
* Bonjour-tjeneste (Bonjour Service)
* [Malware Doctor] (Hvis den er der ?)

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Der er meget 'snavs' (Virus / uønskede elementer) på din PC ifølge ovenstående log tekst...
Derfor -> ... desuden skal vi se loggen fra nævnte [Malwarebytes] ...

---------------------------------------

[Avast] er det sikkerhedsprogram som du (tilsyneladende) også kører. Og så anbefales at beholde; husk bare at have det opdateret...

---------------------------------------

Du mangler også en MASSE fra WindowsUpdate; det vender vi tilbage til... først ovenstående procedure...

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 00:54 #8

Som sagt er jeg ikke det størst computer geni så 2 spørgsmål

------
Hvordan finder jeg loggen fra Malwarebytes

------
og hvordan finder jeg det program Avast og opdater?

Synes godt om

Computer Hjælp (Gratis) Mester

01. juni 2009 - 11:55 #9

Start Malwarebytes programmet og laes ALLE faneblade, et eller anden sted staar "logfiler" ... Efter beskrevne scanning procedure...

Avast er nok et eller andet sted i din Start menu...

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 13:59 #10

og hvordan finder jeg Malwarebytes programmet?

og Avast kan jeg heller ikke finde (eller skal jeg bare downloade det igen?)

Synes godt om

Computer Hjælp (Gratis) Mester

01. juni 2009 - 14:10 #11

HAR du gennemfort Malwarebytes proceduren i #1 ???

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 14:52 #12

Du ved jeg virkelig ikke? hvordan finder jeg ud af det?

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 17:01 #13

Kan det her hjælpe?

----------------------------------------------------------------------------------------------------
Version 8.0.0.900
----------------------------------------------------------------------------------------------------
Engine: 3.0.0.850
----------------------------------------------------------------------------------------------------
Start of Scan
01-06-2009 16:56:14

Your System Information :
CPU: Intel Pentium
IE: 7.0.5730.11
MEMORY FREE: 322040
MEMORY TOTAL: 1038712
VIRTUAL FREE: 1992992
VIRTUAL TOTAL: 2097024
Windows XP 5.1 (2600) Professional Edition Service Pack 2.0
----------------------------------------------------------------------------------------------------
Running processes: Process ID
----------------------------------------------------------------------------------------------------
[System Process] 0
System 4
smss.exe 696
csrss.exe 748
winlogon.exe 772
services.exe 816
lsass.exe 836
svchost.exe 1036
svchost.exe 1108
svchost.exe 1168
svchost.exe 1296
svchost.exe 1500
spoolsv.exe 1668
userinit.exe 416
explorer.exe 460
ehtray.exe 716
AppleMobileDeviceService.exe 724
hkcmd.exe 884
AskService.exe 984
ASKUpgrade.exe 1188
igfxpers.exe 1280
igfxsrvc.exe 1324
stsystra.exe 1288
avast!Antivirus.exe 1308
quickset.exe 1436
DVDLauncher.exe 1452
tfswctrl.exe 1460
cisvc.exe 1592
MediaDetect.exe 1772
hpwuSchd2.exe 1804
ehrecvr.exe 1828
jusched.exe 1852
LVCOMSX.EXE 1872
ehSched.exe 1476
LogiTray.exe 2016
svchost.exe 2060
iTunesHelper.exe 2204
FxSvr2.exe 2352
inetinfo.exe 2400
SpywarefighterUser.exe 2432
691447002.exe 2504
ctfmon.exe 2572
jqs.exe 2620
ISUSPM.exe 2680
fumoei.exe 2696
aim6.exe 2708
NicConfigSvc.exe 2800
DLG.exe 2896
aolsoftware.exe 3212
PnkBstrA.exe 3260
ConfigService.exe 3312
tcpsvcs.exe 3416
snmp.exe 3460
svchost.exe 3488
svchost.exe 3716
ULCDRSvr.exe 3888
wdfmgr.exe 3928
ViewpointService.exe 3952
LicenseService.exe 4040
UpdateService.exe 156
ScannerService.exe 404
wmiprvse.exe 420
dllhost.exe 2812
SpywarefighterTray.exe 2116
wmiprvse.exe 3084
wscntfy.exe 436
iPodService.exe 3972
alg.exe 4400
svchost.exe 4652
ehmsas.exe 4972
cidaemon.exe 5784
firefox.exe 4276
RegMech.exe 1940
----------------------------------------------------------------------------------------------------
Sections Scanned:
----------------------------------------------------------------------------------------------------
SUP - 1
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value : 18WoS_AASetup.exe = C:\DOCUME~1\Patrick\MYDOCU~1\MYCOMP~1\18WOS_~1.EXE /r
Parsed : c:\docume~1\patrick\mydocu~1\mycomp~1\18wos_~1.exe

SUP - 2
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value : MsnMsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Parsed : c:\program files\windows live\messenger\msnmsgr.exe

SUP - 3
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Value : TrayServer = C:\Program Files\MAGIX\Movie_Edit_Pro_14_Download_version\TrayServer.exe
Parsed : c:\program files\magix\movie_edit_pro_14_download_version\trayserver.exe

SUP - 4
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Value : mswinlogon = C:\WINDOWS\mscsrss.exe
Parsed : c:\windows\mscsrss.exe

SUP - 5
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Value : net = "C:\WINDOWS\system32\net.net"
Parsed : c:\windows\system32\net.net

SUP - 6
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Value : 10f4bf9d = rundll32.exe "C:\WINDOWS\system32\ruwiwuli.dll",b
Parsed : c:\windows\system32\ruwiwuli.dll

SUP - 7
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Value : vutovisiyi = Rundll32.exe "C:\WINDOWS\system32\wofomobu.dll",s
Parsed : c:\windows\system32\wofomobu.dll

SUP - 8
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Value : pp = C:\windows\pp10.exe
Parsed : c:\windows\pp10.exe

SUP - 9
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Startupreg\Netlog Music Tool
Value : command = "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
Parsed : c:\program files\netlog music tool\netlogmusictool.exe

SUP - 10
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Startupreg\Skype
Value : command = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Parsed : c:\program files\skype\phone\skype.exe

ARP - 11
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0
Value : InstallSource = C:\Documents and Settings\Patrick\Local Settings\Temp\pft51~tmp\
Parsed : c:\documents and settings\patrick\local settings\temp\pft51~tmp

ARP - 12
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0
Value : ModifyPath = "C:\Documents and Settings\Patrick\Local Settings\Temp\pft51~tmp\Setup.exe"
Parsed : c:\documents and settings\patrick\local settings\temp\pft51~tmp\setup.exe

ARP - 13
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Value : DisplayIcon = %ProgramFiles%\Vuze\Vuze.ico
Parsed : c:\program files\vuze\vuze.ico

ARP - 14
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Security Suite
Value : DisplayIcon = C:\Documents and Settings\All Users\Application Data\{0A2AEA4E-9E1B-4B65-85F2-49A0595F0CA4}\SafeITSecuritySuite.exe
Parsed : c:\documents and settings\all users\application data\{0a2aea4e-9e1b-4b65-85f2-49a0595f0ca4}\safeitsecuritysuite.exe

ARP - 15
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Security Suite
Value : UninstallString = "C:\Documents and Settings\All Users\Application Data\{0A2AEA4E-9E1B-4B65-85F2-49A0595F0CA4}\SafeITSecuritySuite.exe" REMOVE=TRUE MODIFY=FALSE
Parsed : c:\documents and settings\all users\application data\{0a2aea4e-9e1b-4b65-85f2-49a0595f0ca4}\safeitsecuritysuite.exe

ARP - 16
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Security Suite
Value : ModifyPath = C:\Documents and Settings\All Users\Application Data\{0A2AEA4E-9E1B-4B65-85F2-49A0595F0CA4}\SafeITSecuritySuite.exe
Parsed : c:\documents and settings\all users\application data\{0a2aea4e-9e1b-4b65-85f2-49a0595f0ca4}\safeitsecuritysuite.exe

ARP - 17
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Security Suite
Value : InstallLocation = C:\Program Files\SafeIT Security\Digital Security Suite
Parsed : c:\program files\safeit security\digital security suite

ARP - 18
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Heroes of Might and Magic III Complete
Value : TargetDir = C:\Program Files\3DO\Heroes 3 Complete\
Parsed : c:\program files\3do\heroes 3 complete

ARP - 19
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Heroes of Might and Magic III Complete
Value : DFolder0 = C:\Documents and Settings\All Users\Start Menu\Programs\3DO
Parsed : c:\documents and settings\all users\start menu\programs\3do

ARP - 20
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Heroes of Might and Magic III Complete
Value : D3doDepFile0 = C:\Documents and Settings\All Users\Start Menu\Programs\3DO\GameUpdate.lnk
Parsed : c:\documents and settings\all users\start menu\programs\3do\gameupdate.lnk

ARP - 21
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Heroes of Might and Magic III Complete
Value : D3doDepFile1 = C:\Documents and Settings\All Users\Start Menu\Programs\3DO\Support.lnk
Parsed : c:\documents and settings\all users\start menu\programs\3do\support.lnk

ARP - 22
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Heroes of Might and Magic III Complete
Value : D3doDepFile2 = C:\Documents and Settings\All Users\Start Menu\Programs\3DO\System Information.lnk
Parsed : c:\documents and settings\all users\start menu\programs\3do\system information.lnk

ARP - 23
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hijackthis
Value : UninstallString = "C:\Documents and Settings\Patrick\Desktop\HijackThis.exe" /uninstall
Parsed : c:\documents and settings\patrick\desktop\hijackthis.exe

ARP - 24
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hijackthis
Value : DisplayIcon = C:\Documents and Settings\Patrick\Desktop\HijackThis.exe
Parsed : c:\documents and settings\patrick\desktop\hijackthis.exe

ARP - 25
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{06F80017-8F98-4C94-B868-52358569FC32}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{06F80017-8F98-4C94-B868-52358569FC32}\Setup.ilg
Parsed : c:\program files\installshield installation information\{06f80017-8f98-4c94-b868-52358569fc32}\setup.ilg

ARP - 26
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{1F86581E-AD75-4EAD-9B8C-75DC27C66632}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{1F86581E-AD75-4EAD-9B8C-75DC27C66632}\Setup.ilg
Parsed : c:\program files\installshield installation information\{1f86581e-ad75-4ead-9b8c-75dc27c66632}\setup.ilg

ARP - 27
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information\{EF7E931D-DC84-471B-8DB6-A83358095474}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{EF7E931D-DC84-471B-8DB6-A83358095474}\Setup.ilg
Parsed : c:\program files\installshield installation information\{ef7e931d-dc84-471b-8db6-a83358095474}\setup.ilg

ARP - 28
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{06F80017-8F98-4C94-B868-52358569FC32}\Setup.ilg
Parsed : c:\program files\installshield installation information\{06f80017-8f98-4c94-b868-52358569fc32}\setup.ilg

ARP - 29
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{1F86581E-AD75-4EAD-9B8C-75DC27C66632}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{1F86581E-AD75-4EAD-9B8C-75DC27C66632}\Setup.ilg
Parsed : c:\program files\installshield installation information\{1f86581e-ad75-4ead-9b8c-75dc27c66632}\setup.ilg

ARP - 30
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{EF7E931D-DC84-471B-8DB6-A83358095474}\Setup.ilg
Parsed : c:\program files\installshield installation information\{ef7e931d-dc84-471b-8db6-a83358095474}\setup.ilg

ARP - 31
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net
Value : UninstallString = C:\WINDOWS\system32\net.net Uninstall
Parsed : c:\windows\system32\net.net uninstall

ARP - 32
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeColorNA_Recommended2-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobecolorna_recommended2-mul

ARP - 33
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeAUM6.0All\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobeaum6.0all

ARP - 34
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{098727E1-775A-4450-B573-3F441F1CA243}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\kuler2.0-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\kuler2.0-mul

ARP - 35
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeColorJA_ExtraSettings2-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobecolorja_extrasettings2-mul

ARP - 36
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4

ARP - 37
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Value : InstallSource = C:\WINDOWS\TEMP\IXP000.TMP\
Parsed : c:\windows\temp\ixp000.tmp

ARP - 38
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F723FC1-7606-4867-866C-CE80AD292DAF}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeCSIAll\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobecsiall

ARP - 39
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1618734A-3957-4ADD-8199-F973763109A8}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeALMAnchorService2-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobealmanchorservice2-mul

ARP - 40
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeColorCommonSetRGB2-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobecolorcommonsetrgb2-mul

ARP - 41
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\AIR9B.tmp\
Parsed : c:\docume~1\patrick\locals~1\temp\air9b.tmp

ARP - 42
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F528948-0E80-4C96-B455-DE4167CB1DF7}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.ilg
Parsed : c:\program files\installshield installation information\{1f528948-0e80-4c96-b455-de4167cb1df7}\setup.ilg

ARP - 43
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2447500B-22D7-47BD-9B13-1A927F43A267}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\setup.ilg
Parsed : c:\program files\installshield installation information\{2447500b-22d7-47bd-9b13-1a927f43a267}\setup.ilg

ARP - 44
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}
Value : ModifyPath = C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x0006
Parsed : c:\program files\installshield installation information\{2758691a-2cde-4942-a4ac-0e8f61fe2067}\setup.exe

ARP - 45
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}
Value : UninstallString = C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x0006 -removeonly
Parsed : c:\program files\installshield installation information\{2758691a-2cde-4942-a4ac-0e8f61fe2067}\setup.exe

ARP - 46
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.ilg
Parsed : c:\program files\installshield installation information\{2758691a-2cde-4942-a4ac-0e8f61fe2067}\setup.ilg

ARP - 47
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}
Value : InstallLocation = C:\Program Files\eMPIA\USB Video Device Driver
Parsed : c:\program files\empia\usb video device driver

ARP - 48
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobePDFSettings9-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobepdfsettings9-mul

ARP - 49
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\7zS44E6\
Parsed : c:\docume~1\patrick\locals~1\temp\7zs44e6

ARP - 50
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Value : InstallSource = c:\0d67db043511c0cc2791981855d9\
Parsed : c:\0d67db043511c0cc2791981855d9

ARP - 51
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Value : InstallSource = C:\Documents and Settings\Patrick\Local Settings\Temp\fla1F6.tmp\
Parsed : c:\documents and settings\patrick\local settings\temp\fla1f6.tmp

ARP - 52
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeXMPPanelsAll\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobexmppanelsall

ARP - 53
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3BB529C7-855D-11D7-8444-0050BA1D384D}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{3BB529C7-855D-11D7-8444-0050BA1D384D}\setup.ilg
Parsed : c:\program files\installshield installation information\{3bb529c7-855d-11d7-8444-0050ba1d384d}\setup.ilg

ARP - 54
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3BB529C7-855D-11D7-8444-0050BA1D384D}
Value : InstallLocation = C:\Program Files\NewSoft\Service
Parsed : c:\program files\newsoft\service

ARP - 55
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeColorPhotoshop2-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobecolorphotoshop2-mul

ARP - 56
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeWinSoftLinguisticsPluginAll\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobewinsoftlinguisticspluginall

ARP - 57
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3F92ABBB-6BBF-11D5-B229-002078017FBF}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.ilg
Parsed : c:\program files\installshield installation information\{3f92abbb-6bbf-11d5-b229-002078017fbf}\setup.ilg

ARP - 58
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeServiceManager-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobeservicemanager-mul

ARP - 59
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{49FC50FC-F965-40D9-89B4-CBFF80941033}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\IXP000.TMP\
Parsed : c:\docume~1\patrick\locals~1\temp\ixp000.tmp

ARP - 60
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeColorEU_ExtraSettings2-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobecoloreu_extrasettings2-mul

ARP - 61
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{626713B4-F070-4605-9DF6-31783A5AEAAE}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{626713B4-F070-4605-9DF6-31783A5AEAAE}\setup.ilg
Parsed : c:\program files\installshield installation information\{626713b4-f070-4605-9df6-31783a5aeaae}\setup.ilg

ARP - 62
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{626713B4-F070-4605-9DF6-31783A5AEAAE}
Value : InstallSource = C:\Documents and Settings\Patrick\Local Settings\Temp\{120764CB-0B90-4433-9408-0B1EE7A859F6}\{D6D425D2-803F-40E8-9D65-3DC00D577C11}\ENFUNS Updater Install.exe
Parsed : c:\documents and settings\patrick\local settings\temp\{120764cb-0b90-4433-9408-0b1ee7a859f6}\{d6d425d2-803f-40e8-9d65-3dc00d577c11}\enfuns updater install.exe

ARP - 63
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{637099FB-45FD-4BC7-9651-6FB540DBB749}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\pft3AA.tmp\
Parsed : c:\docume~1\patrick\locals~1\temp\pft3aa.tmp

ARP - 64
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeVideoProfilesCS2-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobevideoprofilescs2-mul

ARP - 65
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobePhotoshop11-Support\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobephotoshop11-support

ARP - 66
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{672856C0-A328-49AD-9AB0-FB62B4FD0BB7}
Value : InstallSource = C:\Program Files\Samsung\Samsung PC Studio 3\{672856C0-A328-49AD-9AB0-FB62B4FD0BB7}\
Parsed : c:\program files\samsung\samsung pc studio 3\{672856c0-a328-49ad-9ab0-fb62b4fd0bb7}

ARP - 67
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.ilg
Parsed : c:\program files\installshield installation information\{6811caa0-bf12-11d4-9ea1-0050bae317e1}\setup.ilg

ARP - 68
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeColorCommonSetCMYK2-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobecolorcommonsetcmyk2-mul

ARP - 69
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\IXP000.TMP\
Parsed : c:\docume~1\patrick\locals~1\temp\ixp000.tmp

ARP - 70
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\IXP000.TMP\
Parsed : c:\docume~1\patrick\locals~1\temp\ixp000.tmp

ARP - 71
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Value : InstallSource = C:\Program Files\Microsoft Games\Halo Trial\redist\
Parsed : c:\program files\microsoft games\halo trial\redist

ARP - 72
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\IXP000.TMP\
Parsed : c:\docume~1\patrick\locals~1\temp\ixp000.tmp

ARP - 73
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7F142D56-3326-11D5-B229-002078017FBF}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.ilg
Parsed : c:\program files\installshield installation information\{7f142d56-3326-11d5-b229-002078017fbf}\setup.ilg

ARP - 74
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeTypeSupport9-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobetypesupport9-mul

ARP - 75
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeBridge3All\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobebridge3all

ARP - 76
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeSuiteSharedConfiguration-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobesuitesharedconfiguration-mul

ARP - 77
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Value : InstallSource = c:\87f35bbb3bf5c6a23ec2a96b065356ef\
Parsed : c:\87f35bbb3bf5c6a23ec2a96b065356ef

ARP - 78
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}\setup.ilg
Parsed : c:\program files\installshield installation information\{8f8d9297-fdd2-405a-97e7-e52c7b2f97b3}\setup.ilg

ARP - 79
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{907B4640-266B-4A21-92FB-CD1A86CD0F63}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\setup.ilg
Parsed : c:\program files\installshield installation information\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\setup.ilg

ARP - 80
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeLinguisticsAll\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobelinguisticsall

ARP - 81
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeCMaps2-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobecmaps2-mul

ARP - 82
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
Value : InstallSource = C:\Program Files\Common Files\Windows Live\.cache\b7e6e38e1c92ec8\
Parsed : c:\program files\common files\windows live\.cache\b7e6e38e1c92ec8

ARP - 83
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{973F8409-F8DA-4A40-ACB4-12B02F3399D7}
Value : InstallSource = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP001.TMP\
Parsed : c:\docume~1\admini~1\locals~1\temp\ixp001.tmp

ARP - 84
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A797D552-D80F-4EE1-8806-C2EB397A1E52}
Value : InstallSource = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
Parsed : c:\docume~1\admini~1\locals~1\temp\ixp000.tmp

ARP - 85
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1030-7B44-A91000000001}
Value : InstallSource = C:\Documents and Settings\Patrick\Desktop\Installationsprogram til Adobe Reader 9\
Parsed : c:\documents and settings\patrick\desktop\installationsprogram til adobe reader 9

ARP - 86
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B29AD377-CC12-490A-A480-1452337C618D}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeConnect-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobeconnect-mul

ARP - 87
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4B4A031-C95B-46D4-9EAE-2763356D212D}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\mia1\
Parsed : c:\docume~1\patrick\locals~1\temp\mia1

ARP - 88
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobePhotoshop11-Core\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobephotoshop11-core

ARP - 89
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\724825-HPU-DTSS-v10\DTSS_Extract\setup\DTSS\
Parsed : c:\docume~1\patrick\locals~1\temp\724825-hpu-dtss-v10\dtss_extract\setup\dtss

ARP - 90
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeOutputModuleAll\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobeoutputmoduleall

ARP - 91
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Value : InstallSource = c:\7b48e9569b3e39e7df9090fb\
Parsed : c:\7b48e9569b3e39e7df9090fb

ARP - 92
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.ilg
Parsed : c:\program files\installshield installation information\{c43048a9-742c-4dad-90d2-e3b53c9db825}\setup.ilg

ARP - 93
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}
Value : DisplayIcon = C:\Program Files\Logitech\Video\MainApp.ico
Parsed : c:\program files\logitech\video\mainapp.ico

ARP - 94
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C5074CC4-0E26-4716-A307-960272A90040}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.ilg
Parsed : c:\program files\installshield installation information\{c5074cc4-0e26-4716-a307-960272a90040}\setup.ilg

ARP - 95
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeDefaultLanguage2-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobedefaultlanguage2-mul

ARP - 96
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Value : InstallSource = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
Parsed : c:\docume~1\admini~1\locals~1\temp\ixp000.tmp

ARP - 97
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeCameraRaw5.0All\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobecameraraw5.0all

ARP - 98
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D041EB9E-890A-4098-8F94-51DA194AC72A}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX03.671\Pinnacle Sudio 12 Ultimate by Mick\Studio12Plus\Studio\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex03.671\pinnacle sudio 12 ultimate by mick\studio12plus\studio

ARP - 99
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D050D7362D214723AD585B541FFB6C11}
Value : DisplayIcon = C:\Program Files\DivX\DivXContentUploaderUninstall.exe\someicon.ico,0
Parsed : c:\program files\divx\divxcontentuploaderuninstall.exe\someicon.ico

ARP - 100
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Value : InstallSource = C:\dell\M8192\
Parsed : c:\dell\m8192

ARP - 101
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4848436-0345-47E2-B648-8B522FCDA623}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobePhotoshop11-Driver\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobephotoshop11-driver

ARP - 102
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E646DCF0-5A68-11D5-B229-002078017FBF}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.ilg
Parsed : c:\program files\installshield installation information\{e646dcf0-5a68-11d5-b229-002078017fbf}\setup.ilg

ARP - 103
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EEFD47F3-3122-4A9C-8FFA-199F624378C6}
Value : LogFile = C:\Program Files\InstallShield Installation Information\{EEFD47F3-3122-4A9C-8FFA-199F624378C6}\setup.ilg
Parsed : c:\program files\installshield installation information\{eefd47f3-3122-4a9c-8ffa-199f624378c6}\setup.ilg

ARP - 104
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeSearchforHelp-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobesearchforhelp-mul

ARP - 105
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeExtendScriptToolkit3.0.0All\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobeextendscripttoolkit3.0.0all

ARP - 106
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobePDFL9-mul\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobepdfl9-mul

ARP - 107
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Value : InstallSource = c:\fd2999f7447be1d320f507f107cc\setup\
Parsed : c:\fd2999f7447be1d320f507f107cc\setup

ARP - 108
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\Rar$EX85.719\Adobe Photoshop CS4 Extended [CLEAN] [blaze69]\Adobe CS4\payloads\AdobeFontsAll\
Parsed : c:\docume~1\patrick\locals~1\temp\rar$ex85.719\adobe photoshop cs4 extended [clean] [blaze69]\adobe cs4\payloads\adobefontsall

ARP - 109
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE57DE70-95DE-4B64-9266-84DA811053DB}
Value : InstallSource = C:\DOCUME~1\Patrick\LOCALS~1\Temp\pft151.tmp\
Parsed : c:\docume~1\patrick\locals~1\temp\pft151.tmp

ARP - 110
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Music\Rosie Thomas\Only With Laughter Can You Win\ =
Parsed : c:\documents and settings\all users\documents\my music\rosie thomas\only with laughter can you win

ARP - 111
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Music\Rosie Thomas\ =
Parsed : c:\documents and settings\all users\documents\my music\rosie thomas

ARP - 112
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Music\The Shins\Chutes Too Narrow\ =
Parsed : c:\documents and settings\all users\documents\my music\the shins\chutes too narrow

ARP - 113
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Music\The Shins\ =
Parsed : c:\documents and settings\all users\documents\my music\the shins

ARP - 114
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Music\Deardorf Peterson Group\Portal\ =
Parsed : c:\documents and settings\all users\documents\my music\deardorf peterson group\portal

ARP - 115
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Music\Deardorf Peterson Group\ =
Parsed : c:\documents and settings\all users\documents\my music\deardorf peterson group

ARP - 116
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\Synchro Series\ =
Parsed : c:\documents and settings\all users\documents\my music\king sunny ade & his african beats\synchro series

ARP - 117
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Music\King Sunny Ade & His African Beats\ =
Parsed : c:\documents and settings\all users\documents\my music\king sunny ade & his african beats

ARP - 118
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Pictures\Impressionism - GalleryPlayer\ =
Parsed : c:\documents and settings\all users\documents\my pictures\impressionism

ARP - 119
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\ =
Parsed : c:\documents and settings\all users\documents\my pictures\landscapes

ARP - 120
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\ =
Parsed : c:\documents and settings\all users\documents\my pictures\masterpieces

ARP - 121
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\ =
Parsed : c:\documents and settings\all users\documents\my pictures\nature

ARP - 122
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Pictures\Travel - GalleryPlayer\ =
Parsed : c:\documents and settings\all users\documents\my pictures\travel

ARP - 123
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Documents\My Pictures\Vintage - GalleryPlayer\ =
Parsed : c:\documents and settings\all users\documents\my pictures\vintage

ARP - 124
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mce language pack\ =
Parsed : c:\docume~1\admini~1\locals~1\temp\mce language pack

ARP - 125
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mce language pack\sampleplaylist\ =
Parsed : c:\docume~1\admini~1\locals~1\temp\mce language pack\sampleplaylist

ARP - 126
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mce language pack\syncplaylist\ =
Parsed : c:\docume~1\admini~1\locals~1\temp\mce language pack\syncplaylist

ARP - 127
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mce language pack\EULA\ =
Parsed : c:\docume~1\admini~1\locals~1\temp\mce language pack\eula

ARP - 128
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mce language pack\EPGTOS\ =
Parsed : c:\docume~1\admini~1\locals~1\temp\mce language pack\epgtos

ARP - 129
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mce language pack\OOBE\ =
Parsed : c:\docume~1\admini~1\locals~1\temp\mce language pack\oobe

ARP - 130
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Java\j2re1.4.2_03\ =
Parsed : c:\program files\java\j2re1.4.2_03

ARP - 131
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Intel\Wireless\AutoImport\ = 1
Parsed : c:\program files\intel\wireless\autoimport

ARP - 132
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Application Data\Intel\Wireless\WLANProfiles\ = 1
Parsed : c:\documents and settings\all users\application data\intel\wireless\wlanprofiles

ARP - 133
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\Administrator\My Documents\My Music\Corel Sample Music\ =
Parsed : c:\documents and settings\administrator\my documents\my music\corel sample music

ARP - 134
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Dell\McAfee\ = 1
Parsed : c:\program files\dell\mcafee

ARP - 135
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\support\ =
Parsed : c:\program files\ea games\command & conquer generals zero hour\support

ARP - 136
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : c:\Program Files\MSXML 4.0\ = 1
Parsed : c:\program files\msxml 4.0

ARP - 137
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\WINDOWS\winsxs\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\ =
Parsed : c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb

ARP - 138
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Electronic Arts\EA Link\ = 1
Parsed : c:\program files\electronic arts\ea link

ARP - 139
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\WINDOWS\winsxs\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867\ =
Parsed : c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867

ARP - 140
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\ = 1
Parsed : c:\windows\pchealth\errorrep\qheadles

ARP - 141
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\ = 1
Parsed : c:\windows\pchealth\errorrep\qsignoff

ARP - 142
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Sierra\SWAT 4\ =
Parsed : c:\program files\sierra\swat 4

ARP - 143
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Sierra\ =
Parsed : c:\program files\sierra

ARP - 144
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Sierra\SWAT 4\Content\ =
Parsed : c:\program files\sierra\swat 4\content

ARP - 145
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\Sierra\SWAT 4\Content\System\ =
Parsed : c:\program files\sierra\swat 4\content\system

ARP - 146
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\GameSpy\Comrade\ = 1
Parsed : c:\program files\gamespy\comrade

ARP - 147
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\GameSpy\ = 1
Parsed : c:\program files\gamespy

ARP - 148
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\GameSpy\Comrade\166\Skins\ =
Parsed : c:\program files\gamespy\comrade\166\skins

ARP - 149
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\GameSpy\Comrade\166\ =
Parsed : c:\program files\gamespy\comrade\166

ARP - 150
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\GameSpy\Comrade\166\Skins\BF2142\ =
Parsed : c:\program files\gamespy\comrade\166\skins\bf2142

ARP - 151
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Data\ =
Parsed : c:\documents and settings\all users\application data\kaspersky lab\avp7\data

ARP - 152
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\UserData\Maps\ = 1
Parsed : c:\program files\ea games\command and conquer generals\userdata\maps

ARP - 153
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\UserData\ = 1
Parsed : c:\program files\ea games\command and conquer generals\userdata

ARP - 154
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\Data\english\Movies\ =
Parsed : c:\program files\ea games\command and conquer generals\data\english\movies

ARP - 155
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\Data\english\ =
Parsed : c:\program files\ea games\command and conquer generals\data\english

ARP - 156
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\Data\ =
Parsed : c:\program files\ea games\command and conquer generals\data

ARP - 157
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\support\ =
Parsed : c:\program files\ea games\command and conquer generals\support

ARP - 158
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\Data\Scripts\ =
Parsed : c:\program files\ea games\command and conquer generals\data\scripts

ARP - 159
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\Data\Cursors\ =
Parsed : c:\program files\ea games\command and conquer generals\data\cursors

ARP - 160
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\Data\WaterPlane\ =
Parsed : c:\program files\ea games\command and conquer generals\data\waterplane

ARP - 161
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\MSS\ =
Parsed : c:\program files\ea games\command and conquer generals\mss

ARP - 162
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\EA Games\Command and Conquer Generals\Data\Movies\ =
Parsed : c:\program files\ea games\command and conquer generals\data\movies

ARP - 163
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\WINDOWS\winsxs\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\ =
Parsed : c:\windows\winsxs\policies\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_x-ww_b7353f75

ARP - 164
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Program Files\CyberLink\PowerDirector\ = 1
Parsed : c:\program files\cyberlink\powerdirector

ARP - 165
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc\Encoding\ =
Parsed : c:\documents and settings\all users\application data\smartsound software inc\encoding

ARP - 166
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
Value : C:\SmartSound Software\Quicktracks\Library\ =
Parsed : c:\smartsound software\quicktracks\library

FX - 167
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.016\OpenWithList
Value : default =
Parsed :

FX - 168
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.726\OpenWithList
Value : default =
Parsed :

FX - 169
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.big\OpenWithList
Value : default =
Parsed :

FX - 170
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bkf\OpenWithList
Value : default =
Parsed :

FX - 171
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cache\OpenWithList
Value : default =
Parsed :

FX - 172
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.con\OpenWithList
Value : default =
Parsed :

FX - 173
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cos2\OpenWithList
Value : default =
Parsed :

FX - 174
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cts\OpenWithList
Value : default =
Parsed :

FX - 175
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dap\OpenWithList
Value : default =
Parsed :

FX - 176
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat\OpenWithList
Value : default =
Parsed :

FX - 177
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IND\OpenWithList
Value : default =
Parsed :

FX - 178
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.md5\OpenWithList
Value : default =
Parsed :

FX - 179
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mdl\OpenWithList
Value : default =
Parsed :

FX - 180
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpi\OpenWithList
Value : default =
Parsed :

FX - 181
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\OpenWithList
Value : default =
Parsed :

FX - 182
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PBP\OpenWithList
Value : default =
Parsed :

FX - 183
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.props\OpenWithList
Value : default =
Parsed :

FX - 184
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ser\OpenWithList
Value : default =
Parsed :

FX - 185
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfl\OpenWithList
Value : default =
Parsed :

FX - 186
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfvidcap\OpenWithList
Value : default =
Parsed :

FX - 187
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\OpenWithList
Value : default =
Parsed :

FX - 188
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TMP\OpenWithList
Value : default =
Parsed :

FX - 189
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Trashes\OpenWithList
Value : default =
Parsed :

FX - 190
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.íèc\OpenWithList
Value : default =
Parsed :

FX - 191
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\OpenWithList
Value : default = OpenWithList
Parsed :

PS - 192
Location: C:\Documents and Settings\Patrick\Start Menu\EA Games\The Sims™ 2 H&M® Fashion Xtra pakke.lnk
Value : Shortcut = c:\program files\ea games\the sims 2 h&m® fashion xtra pakke\tsbin\sims2sp5.exe
Parsed : c:\program files\ea games\the sims 2 h&m® fashion xtra pakke\tsbin\sims2sp5.exe

PS - 193
Location: C:\Documents and Settings\Patrick\Start Menu\Programs\Genvej til Downloads\target.lnk
Value : Shortcut = c:\documents and settings\patrick\desktop\downloads
Parsed : c:\documents and settings\patrick\desktop\downloads

PS - 194
Location: C:\Documents and Settings\Patrick\Start Menu\Programs\Genvej til LINKIN\target.lnk
Value : Shortcut = c:\documents and settings\patrick\desktop\linkin
Parsed : c:\documents and settings\patrick\desktop\linkin

PS - 195
Location: C:\Documents and Settings\Patrick\Start Menu\Programs\IMVU\Run IMVU.lnk
Value : Shortcut = c:\program files\imvu\imvuclient.exe
Parsed : c:\program files\imvu\imvuclient.exe

PS - 196
Location: C:\Documents and Settings\Patrick\Start Menu\Programs\IMVU\Uninstall.lnk
Value : Shortcut = c:\program files\imvu\uninstall.exe
Parsed : c:\program files\imvu\uninstall.exe

PS - 197
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Corel Photo Center\Digital Photo Lab.lnk
Value : Shortcut = c:\program files\corel\corel paint shop pro x\digital photo lab.url
Parsed : c:\program files\corel\corel paint shop pro x\digital photo lab.url

PS - 198
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Corel Photo Center\KodakGallery.com.lnk
Value : Shortcut = c:\program files\corel\corel paint shop pro x\kodakgallery.com.url
Parsed : c:\program files\corel\corel paint shop pro x\kodakgallery.com.url

PS - 199
Location: C:\Documents and Settings\All Users\Start Menu\Programs\EA Games\Command & Conquer Generals\Command & Conquer Generals Readme.lnk
Value : Shortcut = c:\program files\ea games\command and conquer generals\support\readme.doc
Parsed : c:\program files\ea games\command and conquer generals\support\readme.doc

PS - 200
Location: C:\Documents and Settings\All Users\Start Menu\Programs\EA Games\Command & Conquer Generals\Command & Conquer Generals Worldbuilder.lnk
Value : Shortcut = c:\program files\ea games\command and conquer generals\worldbuilder.exe
Parsed : c:\program files\ea games\command and conquer generals\worldbuilder.exe

PS - 201
Location: C:\Documents and Settings\All Users\Start Menu\Programs\EA Games\Command & Conquer Generals\Command & Conquer Generals.lnk
Value : Shortcut = c:\program files\ea games\command and conquer generals\generals.exe
Parsed : c:\program files\ea games\command and conquer generals\generals.exe

PS - 202
Location: C:\Documents and Settings\All Users\Start Menu\Programs\EA Games\Command & Conquer Generals\EAsy System Info.lnk
Value : Shortcut = c:\program files\ea games\command and conquer generals\support\go_ez.exe
Parsed : c:\program files\ea games\command and conquer generals\support\go_ez.exe

PS - 203
Location: C:\Documents and Settings\All Users\Start Menu\Programs\EA Games\Command & Conquer Generals\Electronic Registration.lnk
Value : Shortcut = c:\program files\ea games\command and conquer generals\support\generals_ereg.exe
Parsed : c:\program files\ea games\command and conquer generals\support\generals_ereg.exe

PS - 204
Location: C:\Documents and Settings\All Users\Start Menu\Programs\EA Games\Command & Conquer Generals\Technical Support Europe and UK.lnk
Value : Shortcut = c:\program files\ea games\command and conquer generals\support\en-uk_eahelp.hlp
Parsed : c:\program files\ea games\command and conquer generals\support\en-uk_eahelp.hlp

PS - 205
Location: C:\Documents and Settings\All Users\Start Menu\Programs\EA Games\Command & Conquer Generals\Technical Support North America.lnk
Value : Shortcut = c:\program files\ea games\command and conquer generals\support\en-us_eahelp.hlp
Parsed : c:\program files\ea games\command and conquer generals\support\en-us_eahelp.hlp

PS - 206
Location: C:\Documents and Settings\All Users\Start Menu\Programs\MyPlayCity.com\Amusive Checkers\About AdVantage.lnk
Value : Shortcut = c:\program files\advantage\advuninst.exe
Parsed : c:\program files\advantage\advuninst.exe

PS - 207
Location: C:\Documents and Settings\All Users\Start Menu\Programs\MyPlayCity.com\Amusive Checkers\AdVantage Customer Support.lnk
Value : Shortcut = c:\program files\advantage\advuninst.exe
Parsed : c:\program fil

Synes godt om

Computer Hjælp (Gratis) Mester

01. juni 2009 - 17:58 #14

HAR du gennemfort Malwarebytes proceduren i #1 ???
(Ser ikke saadan ud ?)

Ovenstaaende logtekst kan jeg ikke bruge til noget ...

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 18:34 #15

Hvordan ''gennemføre'' jeg den procedure

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 18:42 #16

Glem #15

---------
Jeg har downloadet
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
(Første link virker ikke)

Men det er på engelsk

Så kan jeg ik få en lille guide hvordan Malwarebytes proceduren skal gennemføres

Synes godt om

johnstigers Seniormester

01. juni 2009 - 19:32 #17

Installer programmet - undervejs bliver du spurgt om du vil opdatere, sig ja til dette.
Gennemfør et fuldstændigt systemscan. Når den er færdig åbner loggen i en tekstfil. Kopier indholdet af tekstfilen herind (som du gjorde i #13)

ER malwarebytes allerede installeret, så gå i start - alle programmer - klik på Malwarebytes' Anti-Malware - klik på Malwarebytes' Anti-Malware - vælg fanebladet Opdater - klik på Tjek for opdateringer. Når programmet er opdateret, klikker du på fanebladet Scanner og vælger Kør en fuldstændig systemscan.
Når den er færdig åbner loggen i en tekstfil. Kopier indholdet af tekstfilen herind (som du gjorde i #13)

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 20:10 #18

Den siger at jeg ikke kan opdater??

'' Smart Update has encountered a problem and generated an exception report. Please send this to PC Tools for Further inverstigation''

Synes godt om

Computer Hjælp (Gratis) Mester

01. juni 2009 - 20:21 #19

... gennemfør de ting du kan fra #1 ... i første omgang...

(Så napper vi/jeg resten derefter...)

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 20:39 #20

Okay har gjort alting i #1 bortset fra Malware pga. den ikke gad opdater

men her en ny log fra Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:44, on 01-06-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
C:\Documents and Settings\LocalService\Application Data\691447002.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fighters\configservice.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Program Files\Fighters\ScannerService.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Patrick\Desktop\Ubenyttede skrivebordsgenveje\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\csrss.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Chrome copyright - {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmck.dll (file missing)
O2 - BHO: (no name) - {d9ff282a-c26c-4b3f-9436-5fa1751fac48} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [CPM13c78c01] Rundll32.exe "c:\windows\system32\kidamore.dll",a
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Patrick\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BEBA1B-5FB6-423B-80B7-99D925472D3A}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{94E50A14-BEAE-41E0-B079-25C01AE12319}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS2\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS3\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS4\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS5\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS6\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O20 - AppInit_DLLs: C:\WINDOWS\system32\janobubu.dll c:\windows\system32\kidamore.dll,c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: __c00BD410 - C:\WINDOWS\system32\__c00BD410.dat
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kidamore.dll
O22 - SharedTaskScheduler: coexpire - {d4c4bc43-0974-4dec-a669-9f7bfcb3503d} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kidamore.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 14948 bytes

Synes godt om

johnstigers Seniormester

01. juni 2009 - 20:53 #21

scan med malwarebytes uden at opdatere programmet og se om den finder noget.
Gør den det, skal du huske at den også skal fjerne det den finder.

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 21:02 #22

Den fandt 1329 Problemer men den fjernede ingen af dem??

Synes godt om

Computer Hjælp (Gratis) Mester

01. juni 2009 - 21:02 #23

(UHA UHA - der er noget/meget at se til ifølge foreløbig Log!!!)

Husk også #7 afinstalationerne ...

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 21:03 #24

De afintalitioner skal det være nogle bestemte nogle for jeg bruger en del af dem og nogle ved jeg ik om jeg må fjerne??

Synes godt om

johnstigers Seniormester

01. juni 2009 - 22:35 #25

Hvem spørger du?
Vi er jo 2....

Synes godt om

SlySlasher Nybegynder

01. juni 2009 - 22:43 #26

Dig li nu

som sagt i #23

Hvad skal jeg gøre nu?

Synes godt om

Computer Hjælp (Gratis) Mester

01. juni 2009 - 23:39 #27

Hvis det er scanningsreslutatet fra MalwareBytes du mener så [Fjern det valgte] som vejledningen siger i #1 ... og DEREFTER lægge reslutatet her i tråden...

Hvis det er scanningsreslutatet fra HiJackThis skal DU ikke fjerne noget som helst, men lægge Log teksten her i tråden... som beskrevet i #1 ...

Derefter følger yderligere besked ...

Synes godt om

SlySlasher Nybegynder

02. juni 2009 - 01:25 #28

Ny fra HiJack

Jeg kan ikke fjerne noget med dette Malware Program
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

det eneste den viser er bare hvor mange fejl der er og den renser dem ikke.

hver gang jeg prøver at afinstaler noget siger den bare '' Fejl Invalid Floating Point Operation

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:20:28, on 02-06-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fighters\configservice.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\LocalService\Application Data\691447002.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Patrick\Desktop\Ubenyttede skrivebordsgenveje\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\csrss.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Chrome copyright - {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmck.dll (file missing)
O2 - BHO: (no name) - {d9ff282a-c26c-4b3f-9436-5fa1751fac48} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\Run: [CPM13c78c01] Rundll32.exe "c:\windows\system32\kidamore.dll",a
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Patrick\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BEBA1B-5FB6-423B-80B7-99D925472D3A}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{94E50A14-BEAE-41E0-B079-25C01AE12319}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS2\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS3\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS4\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS5\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O17 - HKLM\System\CS6\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.173
O20 - AppInit_DLLs: C:\WINDOWS\system32\janobubu.dll c:\windows\system32\kidamore.dll,c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: __c00BD410 - C:\WINDOWS\system32\__c00BD410.dat
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kidamore.dll
O22 - SharedTaskScheduler: coexpire - {d4c4bc43-0974-4dec-a669-9f7bfcb3503d} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kidamore.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 14689 bytes

Synes godt om

arkil Nybegynder

02. juni 2009 - 11:41 #29

Afinstaller "Ask Toolbar" fra kontrolpanel > Tilføj/fjjern programmer

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind, klik "Execute".

-----------------------------

Files to delete:
C:\Documents and Settings\LocalService\Application Data\691447002.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\system32\__c00BD410.dat

-----------------------------

-- Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Kopier den tekst herind.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\csrss.exe
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Chrome copyright - {aff01325-0fc2-4749-8914-fbf0565ad9cc} - jbnmck.dll (file missing)
O2 - BHO: (no name) - {d9ff282a-c26c-4b3f-9436-5fa1751fac48} - (no file)
0O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [CPM13c78c01] Rundll32.exe "c:\windows\system32\kidamore.dll",a
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Patrick\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing

Alle de linjer der begynder med 017

O17 - HKLM\System\CCS\Services\Tcpip\..\{306F74BB-7AB8-462F-9A72-96E945023BCE}: NameServer = 85.255.116.101,85.255.112.173
O20 - Winlogon Notify: __c00BD410 - C:\WINDOWS\system32\__c00BD410.dat
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exeO23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

Kør så Malwarebytes Anti-Malware

Der åbner et vindue, lad den opdater, du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis

Synes godt om

Computer Hjælp (Gratis) Mester

02. juni 2009 - 12:20 #30

(SlySlasher): Er du 100% sikker paa at det er MalwareBytes programmet du har downloaded/brugt fra http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html ??? Og ikke alt det andet skrammel paa samme side ???

Synes godt om

johnstigers Seniormester

02. juni 2009 - 19:00 #31

Direkte til malwarebytes: https://store.malwarebytes.org/342/cookie?affiliate=1879&product=29945&redirectto=http://files7.majorgeeks.com/files/4ef1169339d753629858ccdf58e1a810/spyware/mbam-setup.exe

Synes godt om

SlySlasher Nybegynder

03. juni 2009 - 16:52 #32

!!!! Nu er mit internet på min bærbar nede der MODTAGES internet med kan ikke gå på internettet

Alt det skete efter hvad jeg gjorde i #29

Hva skal jeg gøre (Skriver fra en anden com.)

-------------------------
Da jeg gjorde det som der stod i #29 Det med avenger genstartede jeg min com. og da den kom op igen kom der en blå skærm frem hvor den sagde ''Physical Dumb'' og en masse andet også genstartede den igen.

-------

har tænkt på om jeg ikke bare kan ´Reboot min PC så alt fjernes fra min com? jeg vil bare gerne ha en ud vej !!

Synes godt om

johnstigers Seniormester

03. juni 2009 - 20:01 #33

Vent på arkil - han ved med garanti hvor problemet ligger.

Synes godt om

arkil Nybegynder

03. juni 2009 - 20:44 #34

Jeg bliver ikke overrasket over at du ikke kan gå på nettet nu, der er næsten ikke andet end infektioner på din pc.
Har du kørt HijackThis og fixet alle de linje jeg skrev, ellers prøv lige dette igen >

Kør Hijackthis, scan, sæt flueben ved linierne listet her, hvis de er der, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

Genstart din pc, hvis du nu kan komme på nettet så hent og kør den Malwarebytes Anti-Malware og kom med den logfil.

Har du ikke Malwarebytes Anti-Malware til at ligge på den pc, prøv om du ikke kan køre en scan med den, husk at få den til fjerne det den finder når scanningen er slut.

Prøv om du ikke kan lægge en logfil herind fra HijackThis og Malwarebytes Anti-Malware.
Kan du ikke lægge dem på en usb nøgle eller andet medie og flytte dem over på den pc med netforbinelse.
Det er ikke nem at hjælpe uden logfiler.
Oprettede Avenger ikke en logfil?

Synes godt om

SlySlasher Nybegynder

03. juli 2009 - 23:07 #35

Er tilbage igen (Ferie)

Jo Avenger lavede en logfil men da den kom op genstartede min computer (poppede en blå skærm op)

Men hvordan får jeg internet på igen?

Og Min Jobliste er stadig væk og Når insetter et USB stik kan den ik finde den på Denne Computer

Synes godt om

SlySlasher Nybegynder

03. juli 2009 - 23:11 #36

NY LOG FIL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:05:04, on 03-07-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Patrick\Desktop\Ubenyttede skrivebordsgenveje\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\csrss.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40BEBA1B-5FB6-423B-80B7-99D925472D3A}: NameServer = 85.255.116.101,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{94E50A14-BEAE-41E0-B079-25C01AE12319}: NameServer = 85.255.116.101,85.255.112.173
O20 - AppInit_DLLs: C:\WINDOWS\system32\janobubu.dll c:\progra~1\ThunMail\testabd.dll
O22 - SharedTaskScheduler: coexpire - {d4c4bc43-0974-4dec-a669-9f7bfcb3503d} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PTK License-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\licenseservice.exe (file missing)
O23 - Service: PTK Live Update-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\updateservice.exe (file missing)
O23 - Service: PTK Scanner-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\ScannerService.exe (file missing)
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\configservice.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9920 bytes

Synes godt om

Computer Hjælp (Gratis) Mester

03. juli 2009 - 23:13 #37

En frisk log fra
* Malwarebytes
* HiJackThis

Synes godt om

SlySlasher Nybegynder

04. juli 2009 - 01:10 #38

<det er desværre blevet afinstalert og har intet internet på den computer

Synes godt om

SlySlasher Nybegynder

04. juli 2009 - 01:16 #39

Altså Anti Malwarebytes

Synes godt om

Computer Hjælp (Gratis) Mester

04. juli 2009 - 08:54 #40

... Download programmet/programmerne fra en anden PC og overfør med passende medie (USB 'dims' ...)

Synes godt om

johnstigers Seniormester

04. juli 2009 - 11:48 #41

Nemlig!

Synes godt om

SlySlasher Nybegynder

04. juli 2009 - 14:02 #42

Som sagt i #35 Computern kan ikke finde USB stikket

Synes godt om

johnstigers Seniormester

04. juli 2009 - 14:33 #43

Så brænd på dvd/cd/dvdrw/cdrw eller overfør via netværk.

Synes godt om

SlySlasher Nybegynder

25. juli 2009 - 19:26 #44

Det link som john_stigers gave mig (direkte til Download stedet) virker ikke den siger bare Internet Explore kan ikke vise siden

Synes godt om

Computer Hjælp (Gratis) Mester

25. juli 2009 - 20:08 #45

Citat fra #1 ->

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Synes godt om

Computer Hjælp (Gratis) Mester

25. juli 2009 - 20:10 #46

... og vær 100% sikker på at du får valgt det 'rigtige' MalwareBytes program - Ref #30 ...

Synes godt om

SlySlasher Nybegynder

25. juli 2009 - 20:31 #47

Okay ligger en en log fil fra Hijack, Avenger og Malware op i denne weekend

Synes godt om

johnstigers Seniormester

25. juli 2009 - 21:54 #48

#44 det virkede for 3 uger siden... :D

Synes godt om

SlySlasher Nybegynder

27. juli 2009 - 00:33 #49

Her er fra Malware

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

26-07-2009 23:32:21
mbam-log-2009-07-26 (23-32-15).txt

Skan type: Hurtig skanning
Objekter skannet: 100887
Tid tilbagelagt: 5 minute(s), 51 second(s)

Inficerede Hukommelses Processer: 1
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 18
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 28
Inficerede Mapper: 17
Inficerede Filer: 60

Inficerede Hukommelses Processer:
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Agent) -> No action taken.

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\82a40402 (Rootkit.Rustock) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusXP (Rogue.AntiVirusXP) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus (Trojan.Agent) -> No action taken.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdxfq.exe -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe C:\WINDOWS\csrss.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{306f74bb-7ab8-462f-9a72-96e945023bce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40beba1b-5fb6-423b-80b7-99d925472d3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94e50a14-beae-41e0-b079-25c01ae12319}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ed184246-98df-4b21-9046-019a406d5196}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{306f74bb-7ab8-462f-9a72-96e945023bce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{40beba1b-5fb6-423b-80b7-99d925472d3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{94e50a14-beae-41e0-b079-25c01ae12319}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ed184246-98df-4b21-9046-019a406d5196}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{306f74bb-7ab8-462f-9a72-96e945023bce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{40beba1b-5fb6-423b-80b7-99d925472d3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{94e50a14-beae-41e0-b079-25c01ae12319}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ed184246-98df-4b21-9046-019a406d5196}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{306f74bb-7ab8-462f-9a72-96e945023bce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{40beba1b-5fb6-423b-80b7-99d925472d3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{94e50a14-beae-41e0-b079-25c01ae12319}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ed184246-98df-4b21-9046-019a406d5196}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{306f74bb-7ab8-462f-9a72-96e945023bce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{40beba1b-5fb6-423b-80b7-99d925472d3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{94e50a14-beae-41e0-b079-25c01ae12319}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{ed184246-98df-4b21-9046-019a406d5196}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> No action taken.

Inficerede Mapper:
C:\Documents and Settings\Patrick\Application Data\ptidle (Trojan.Downloader) -> No action taken.
c:\documents and settings\Patrick\application data\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> No action taken.
c:\documents and settings\Patrick\application data\drivecleaner 2006 free\Logs (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\Patrick\Application Data\ErrorKiller (Rogue.ErrorKiller) -> No action taken.
c:\documents and settings\Patrick\application data\errorkiller\Log (Rogue.ErrorKiller) -> No action taken.
C:\Program Files\AntiVirusXP (Rogue.AntiVirusXP) -> No action taken.
c:\program files\antivirusxp\Infected (Rogue.AntiVirusXP) -> No action taken.
c:\program files\antivirusxp\Suspicious (Rogue.AntiVirusXP) -> No action taken.
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> No action taken.
C:\Program Files\Privacy center (Rogue.PrivacyCenter) -> No action taken.
c:\program files\privacy center\tools (Rogue.PrivacyCenter) -> No action taken.
c:\program files\privacy center\tools\sp (Rogue.PrivacyCenter) -> No action taken.
C:\Documents and Settings\Patrick\Application Data\Privacy center (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\dbases (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\keys (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\temp (Rogue.PrivacyCenter) -> No action taken.
C:\WINDOWS\system32\sysloc (Trojan.BHO) -> No action taken.

Inficerede Filer:
c:\WINDOWS\system32\jbnmcd.dll (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\system32\jbnmck.dll (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\system32\jhxm32.dll (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\system32\lklf32.dll (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\system32\drivers\1688ad89.sys (Rootkit.Rustock) -> No action taken.
c:\WINDOWS\system32\drivers\281c44e.sys (Rootkit.Rustock) -> No action taken.
c:\WINDOWS\system32\drivers\34e91a24.sys (Rootkit.Rustock) -> No action taken.
c:\WINDOWS\system32\drivers\5694d44d.sys (Rootkit.Rustock) -> No action taken.
c:\WINDOWS\system32\drivers\6261d9c5.sys (Rootkit.Rustock) -> No action taken.
c:\WINDOWS\system32\drivers\82a40402.sys (Rootkit.Rustock) -> No action taken.
c:\WINDOWS\system32\drivers\b5568db9.sys (Rootkit.Rustock) -> No action taken.
c:\WINDOWS\system32\drivers\e255bc3d.sys (Rootkit.Rustock) -> No action taken.
c:\WINDOWS\system32\drivers\e59d8ead.sys (Rootkit.Rustock) -> No action taken.
c:\WINDOWS\system32\drivers\f5196c7f.sys (Rootkit.Rustock) -> No action taken.
c:\documents and settings\Patrick\local settings\Temp\Rar$EX00.140\avenger.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\19.tmp (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\1A.tmp (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\1F.tmp (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\41EFB10F.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\48.tmp (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\6DBFC81F.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\75766E99.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\92.tmp (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\9C15839A.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\A9DB2FAF.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\AE410873.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\B06B39FC.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\B123E3D4.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\F21A8EA9.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\F3.tmp (Trojan.Dropper) -> No action taken.
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\F2278DIM\install_10[1].exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Patrick\application data\drivecleaner 2006 free\Logs\update.log (Rogue.DriveCleaner) -> No action taken.
c:\documents and settings\Patrick\application data\errorkiller\Log\2007 Sep 30 - 10_45_12 AM_593.log (Rogue.ErrorKiller) -> No action taken.
c:\documents and settings\Patrick\application data\errorkiller\Log\2007 Sep 30 - 10_45_18 AM_578.log (Rogue.ErrorKiller) -> No action taken.
c:\program files\privacy center\tools\sp\spbho.dll (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\dbases\cg.dat (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\dbases\mw.dat (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\dbases\rd.dat (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\dbases\sc.dat (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\dbases\sm.dat (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\dbases\sp.dat (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\keys\cg.key (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\keys\rd.key (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\keys\sc.key (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\keys\sp.key (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\temp\settings.ini (Rogue.PrivacyCenter) -> No action taken.
c:\documents and settings\Patrick\application data\privacy center\temp\spfilter (Rogue.PrivacyCenter) -> No action taken.
C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Patrick\Local Settings\Temp\mousehook.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> No action taken.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> No action taken.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> No action taken.
C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job (Rogue.ErrorKiller) -> No action taken.
C:\WINDOWS\system32\service-466.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\vp_setup.exe.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\avast!AntiVirus.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sonce122730.dat (Worm.KoobFace) -> No action taken.
C:\tj.vbs (Malware.Trace) -> No action taken.
c:\487656.bat (Malware.Trace) -> No action taken.

Synes godt om

SlySlasher Nybegynder

27. juli 2009 - 00:34 #50

Fra Avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "ovfsthigsyalxetlkbltoiqaivmpyqbttqxrdj" found!
ImagePath: \systemroot\system32\drivers\ovfsthxdlpqwwkxrqhtkkwpuesmqmigllpbnyc.sys
Start Type: 1 (System)

Rootkit scan completed.

File "C:\Documents and Settings\LocalService\Application Data\691447002.exe" deleted successfully.

Error: file "C:\WINDOWS\crss.exe" not found!
Deletion of file "C:\WINDOWS\crss.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\__c00BD410.dat" not found!
Deletion of file "C:\WINDOWS\system32\__c00BD410.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Synes godt om

Computer Hjælp (Gratis) Mester

27. juli 2009 - 06:36 #51

UHA - der er meget 'snavs' ...

Mht [MalwareBytes] hvad tror du at " -> No action taken " betyder ???
Du glemte denne vigtige detalje -> Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" -

Så NY scanning med Malwarebytes ...

------

Efter en genstart eller to en frisk Log fra nævnte HiJackThis ...

Synes godt om

SlySlasher Nybegynder

27. juli 2009 - 18:11 #52

Fra Malware

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

27-07-2009 15:50:39
mbam-log-2009-07-27 (15-50-39).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 205701
Tid tilbagelagt: 35 minute(s), 52 second(s)

Inficerede Hukommelses Processer: 1
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 18
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 28
Inficerede Mapper: 17
Inficerede Filer: 61

Inficerede Hukommelses Processer:
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Agent) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f30b5e7e-cfbb-44fb-a947-226e5a7a4290} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\82a40402 (Rootkit.Rustock) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVirusXP (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdxfq.exe -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe C:\WINDOWS\csrss.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{306f74bb-7ab8-462f-9a72-96e945023bce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40beba1b-5fb6-423b-80b7-99d925472d3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{94e50a14-beae-41e0-b079-25c01ae12319}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ed184246-98df-4b21-9046-019a406d5196}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{306f74bb-7ab8-462f-9a72-96e945023bce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{40beba1b-5fb6-423b-80b7-99d925472d3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{94e50a14-beae-41e0-b079-25c01ae12319}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ed184246-98df-4b21-9046-019a406d5196}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{306f74bb-7ab8-462f-9a72-96e945023bce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{40beba1b-5fb6-423b-80b7-99d925472d3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{94e50a14-beae-41e0-b079-25c01ae12319}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ed184246-98df-4b21-9046-019a406d5196}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{306f74bb-7ab8-462f-9a72-96e945023bce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{40beba1b-5fb6-423b-80b7-99d925472d3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{94e50a14-beae-41e0-b079-25c01ae12319}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ed184246-98df-4b21-9046-019a406d5196}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{306f74bb-7ab8-462f-9a72-96e945023bce}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{40beba1b-5fb6-423b-80b7-99d925472d3a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{94e50a14-beae-41e0-b079-25c01ae12319}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{ed184246-98df-4b21-9046-019a406d5196}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.101,85.255.112.173 -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Documents and Settings\Patrick\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\drivecleaner 2006 free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patrick\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\errorkiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirusXP (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.
c:\program files\antivirusxp\Infected (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.
c:\program files\antivirusxp\Suspicious (Rogue.AntiVirusXP) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\Program Files\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\program files\privacy center\tools (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\program files\privacy center\tools\sp (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patrick\Application Data\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\dbases (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\keys (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\temp (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloc (Trojan.BHO) -> Quarantined and deleted successfully.

Inficerede Filer:
c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\F2278DIM\install_10[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\local settings\Temp\Rar$EX00.140\avenger.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\my documents\zip files opener temp\avenger.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jbnmcd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jbnmck.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\jhxm32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lklf32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\1688ad89.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\281c44e.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\34e91a24.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\5694d44d.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\6261d9c5.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\82a40402.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\b5568db9.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\e255bc3d.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\e59d8ead.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\f5196c7f.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\19.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\41EFB10F.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\48.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\6DBFC81F.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\75766E99.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\92.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\9C15839A.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\A9DB2FAF.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\AE410873.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\B06B39FC.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\B123E3D4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\F21A8EA9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\F3.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\drivecleaner 2006 free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\errorkiller\Log\2007 Sep 30 - 10_45_12 AM_593.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\errorkiller\Log\2007 Sep 30 - 10_45_18 AM_578.log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
c:\program files\privacy center\tools\sp\spbho.dll (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\dbases\cg.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\dbases\mw.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\dbases\rd.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\dbases\sc.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\dbases\sm.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\dbases\sp.dat (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\keys\cg.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\keys\rd.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\keys\sc.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\keys\sp.key (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\temp\settings.ini (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
c:\documents and settings\Patrick\application data\privacy center\temp\spfilter (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patrick\Local Settings\Temp\mousehook.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\service-466.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vp_setup.exe.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avast!AntiVirus.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122730.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\tj.vbs (Malware.Trace) -> Quarantined and deleted successfully.
c:\487656.bat (Malware.Trace) -> Quarantined and deleted successfully.

Synes godt om

SlySlasher Nybegynder

27. juli 2009 - 18:12 #53

fra HiiJack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:30, on 27-07-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Trust\Ami Mouse 250S Cordless\Amoumain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Patrick\Desktop\Ubenyttede skrivebordsgenveje\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\janobubu.dll c:\progra~1\ThunMail\testabd.dll
O22 - SharedTaskScheduler: coexpire - {d4c4bc43-0974-4dec-a669-9f7bfcb3503d} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PTK License-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\licenseservice.exe (file missing)
O23 - Service: PTK Live Update-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\updateservice.exe (file missing)
O23 - Service: PTK Scanner-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\ScannerService.exe (file missing)
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\configservice.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9603 bytes

Synes godt om

Computer Hjælp (Gratis) Mester

27. juli 2009 - 20:12 #54

UHA - MalwareBytes fik noget at se til !!!

Der er stadig enkelte/mange 'detaljer' ->

Afinstall
* AskBar
* iPod-tjeneste (iPod Service)
* Bonjour-tjeneste (Bonjour Service)
* Apple Mobile Device -

Genstart normalt...

------------------------------------------------------------------------

Klik på Start->Kør skriv Services.msc (C:\Windows\System32\services.msc) og klik OK.
Find Tjenesten (Hvis den er der)
* Apple Mobile Device
* AVG Free8 E-mail Scanner
* AVG Free8 WatchDog
* Background Intelligent Transfer Service
* Bonjour-tjeneste (Bonjour Service)
* iPod-tjeneste (iPod Service)
* PC Tools AntiVirus Engine
* PTK License-FIGHTERS-297811811
* PTK Live Update-FIGHTERS-297811811
* PTK Scanner-FIGHTERS-297811811
* PTK SharedAccess-FIGHTERS-297811811
* Automatic Updates (wuauserv)
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') Er det noget du bruger ?

O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE
O4 - Startup: Registration Brothers In Arms.LNK = D:\Support\Register\RegistrationReminder.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\WINDOWS\system32\shdocvw.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\janobubu.dll c:\progra~1\ThunMail\testabd.dll

O22 - SharedTaskScheduler: coexpire - {d4c4bc43-0974-4dec-a669-9f7bfcb3503d} - (no file)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)

O23 - Service: PTK License-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\licenseservice.exe (file missing)
O23 - Service: PTK Live Update-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\updateservice.exe (file missing)
O23 - Service: PTK Scanner-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\ScannerService.exe (file missing)
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\configservice.exe (file missing)

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

Genstart normalt...

------------------------------------------------------------------------

Ta' en oprydning med nævnte CCleaner - specielt [Register] delen. Kør gerne flere gange...

------------------------------------------------------------------------

NB NB NB: Du mangler fuldstændig M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da
+ efterfølgende MANGE opdateringer fra WindowsUpdate !!! http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=da

Også IE8 (Internet Explorer 8)...

Gennemfør dette NU!!!

------------------------------------------------------------------------

Derefter en frisk Log fra HiJackThis...

Hvordan kører PC'en så nu ?

Synes godt om

SlySlasher Nybegynder

28. juli 2009 - 15:46 #55

Kunne ikke instaler Service Pack3 den sagde: Kan ikke Instaler Service Pack3 Da XP-Filerne er på et andet sprog end Service Pack 3

Og der er stadig intet Internet

Og her er en fra HiiJack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:52, on 28-07-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Trust\Ami Mouse 250S Cordless\Amoumain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Patrick\Desktop\Ubenyttede skrivebordsgenveje\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7167 bytes

Synes godt om

Computer Hjælp (Gratis) Mester

28. juli 2009 - 17:24 #56

Nå - ja ... Du har jo en US version af XP (hvor mon den kommer fra *S* ?)

Du skulle bare have valgt US i sprog menuen mht SP3 -> http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4

Hvad med de øvrigt elementer fra #54 ?

Synes godt om

SlySlasher Nybegynder

28. juli 2009 - 22:09 #57

Ja så prøvede jeg Den Engelske Version den stoppede bare pludselig og sagde Adgang Nægtet og begyndt at slette de filer som den nåede at instaler

Synes godt om

Computer Hjælp (Gratis) Mester

28. juli 2009 - 22:14 #58

... Hmmm...lige en hurtig - Ta' alle elementer fra WindowsUpdate UNDTAGEN ServicePack3 (hvis den nævnes?) ...

Synes godt om

SlySlasher Nybegynder

28. juli 2009 - 22:17 #59

hmm nu genstartede den bare automatisk Skulle den det`?

Synes godt om

SlySlasher Nybegynder

28. juli 2009 - 22:21 #60

Og som sagt har ikke internet på den computer så hvordan skal jeg hente Update min computer??

Synes godt om

johnstigers Seniormester

28. juli 2009 - 23:26 #61

Hmmm...???

Hvornår forsvandt internettet?

Synes godt om

SlySlasher Nybegynder

28. juli 2009 - 23:59 #62

Efter hvad jeg gjorde i nr. 29

Synes godt om

johnstigers Seniormester

29. juli 2009 - 00:17 #63

Fix denne i hijackthis, genstart og se om det hjælper...
O10 - Broken Internet access because of LSP provider 'c:\windows\temp\ntdll64.dll' missing

Synes godt om

SlySlasher Nybegynder

29. juli 2009 - 00:40 #64

Det virker ikke den siger:

HiijackThis cannot repair O10 Winsock LSP enteris You should use LSPFix for that wich is available from Http://www.cexx.org/spfix.htm

If the O10 item belongs to WebHancer, New.net or CommonName, Spybot S&D can remove it automatically avaliable from http://www.spybot.info/.

Synes godt om

SlySlasher Nybegynder

30. juli 2009 - 22:40 #65

Så noget nyt??

Synes godt om

SlySlasher Nybegynder

31. juli 2009 - 17:26 #66

Kan jeg få et svar???????

Synes godt om

SlySlasher Nybegynder

01. august 2009 - 02:02 #67

jamen tak så :/

Synes godt om

SlySlasher Nybegynder

01. august 2009 - 07:36 #68

Nå men tak for hjælpen alle sammen fik internet tilbage på min computer igen så vil gerne uddele point :P

Synes godt om

Computer Hjælp (Gratis) Mester

01. august 2009 - 09:18 #69

Hvad blev så pointen ?

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59
virusscanning Af JetteD i Virus	2	10/11/202312:55	10/11/202316:36

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS