HP med Vista skaber sig - selv efter system recovery

ComboFix 09-06-07.05 - Stegger 08-06-2009 13:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.45.1030.18.3070.2266 [GMT 2:00]
Kører fra: c:\users\Stegger\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG
E:\Desktop.ini

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-05-08 til 2009-06-08  )))))))))))))))))))))))))))))))))))
.

2009-06-08 12:00 . 2009-06-08 12:00    --------    d-----w-    c:\users\Stegger\AppData\Local\temp
2009-06-08 11:56 . 2009-06-08 12:00    --------    d-s---w-    \ComboFix
2009-06-08 11:55 . 2009-06-08 11:58    --------    d---a-w-    \Qoobox
2009-06-08 11:54 . 2009-06-08 11:54    --------    d-----w-    c:\users\Stegger\AppData\Roaming\Malwarebytes
2009-06-08 11:54 . 2009-05-26 11:20    40160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 11:53 . 2009-06-08 11:54    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-06-08 11:50 . 2009-05-26 11:19    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-06-08 07:49 . 2009-06-08 07:49    --------    d-----w-    c:\program files\CCleaner
2009-06-08 07:45 . 2009-06-08 11:46    3219578880    --sha-w-    \hiberfil.sys
2009-06-04 08:36 . 2009-06-04 08:36    --------    d-----w-    c:\windows\system32\AGEIA
2009-06-04 08:36 . 2009-06-04 08:37    --------    d-----w-    c:\program files\AGEIA Technologies
2009-06-04 08:34 . 2009-06-04 08:35    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2009-06-04 08:18 . 2009-06-04 08:18    --------    d-----w-    C:\NVIDIA
2009-06-04 08:18 . 2009-06-04 08:18    --------    d-----w-    \NVIDIA
2009-06-03 20:58 . 2009-03-09 13:27    453456    ----a-w-    c:\windows\system32\d3dx10_41.dll
2009-06-03 20:58 . 2009-03-09 13:27    1846632    ----a-w-    c:\windows\system32\D3DCompiler_41.dll
2009-06-03 20:58 . 2009-03-09 13:27    4178264    ----a-w-    c:\windows\system32\D3DX9_41.dll
2009-06-03 20:58 . 2009-03-16 12:18    69448    ----a-w-    c:\windows\system32\XAPOFX1_3.dll
2009-06-03 20:58 . 2009-03-16 12:18    517448    ----a-w-    c:\windows\system32\XAudio2_4.dll
2009-06-03 20:58 . 2009-03-16 12:18    235352    ----a-w-    c:\windows\system32\xactengine3_4.dll
2009-06-03 20:57 . 2009-03-16 12:18    22360    ----a-w-    c:\windows\system32\X3DAudio1_6.dll
2009-06-03 20:57 . 2008-10-10 02:52    452440    ----a-w-    c:\windows\system32\d3dx10_40.dll
2009-06-03 20:57 . 2008-10-10 02:52    2036576    ----a-w-    c:\windows\system32\D3DCompiler_40.dll
2009-06-03 20:57 . 2008-10-10 02:52    4379984    ----a-w-    c:\windows\system32\D3DX9_40.dll
2009-06-03 20:57 . 2008-10-27 08:04    514384    ----a-w-    c:\windows\system32\XAudio2_3.dll
2009-06-03 20:57 . 2008-10-27 08:04    70992    ----a-w-    c:\windows\system32\XAPOFX1_2.dll
2009-06-03 20:56 . 2008-10-27 08:04    235856    ----a-w-    c:\windows\system32\xactengine3_3.dll
2009-06-03 20:56 . 2008-10-27 08:04    23376    ----a-w-    c:\windows\system32\X3DAudio1_5.dll
2009-06-03 20:56 . 2008-07-30 04:20    68616    ----a-w-    c:\windows\system32\XAPOFX1_1.dll
2009-06-03 20:56 . 2008-07-30 04:20    509448    ----a-w-    c:\windows\system32\XAudio2_2.dll
2009-06-03 20:56 . 2008-07-30 04:20    238088    ----a-w-    c:\windows\system32\xactengine3_2.dll
2009-06-03 20:56 . 2008-07-10 09:01    467984    ----a-w-    c:\windows\system32\d3dx10_39.dll
2009-06-03 20:56 . 2008-07-10 09:00    1493528    ----a-w-    c:\windows\system32\D3DCompiler_39.dll
2009-06-03 20:55 . 2008-07-10 09:00    3851784    ----a-w-    c:\windows\system32\D3DX9_39.dll
2009-06-03 20:55 . 2008-05-30 12:19    507400    ----a-w-    c:\windows\system32\XAudio2_1.dll
2009-06-03 20:55 . 2008-05-30 12:17    65032    ----a-w-    c:\windows\system32\XAPOFX1_0.dll
2009-06-03 20:55 . 2008-05-30 12:18    238088    ----a-w-    c:\windows\system32\xactengine3_1.dll
2009-06-03 20:55 . 2008-05-30 12:17    25608    ----a-w-    c:\windows\system32\X3DAudio1_4.dll
2009-06-03 20:54 . 2008-05-30 12:11    467984    ----a-w-    c:\windows\system32\d3dx10_38.dll
2009-06-03 20:54 . 2008-05-30 12:11    1491992    ----a-w-    c:\windows\system32\D3DCompiler_38.dll
2009-06-03 20:53 . 2008-05-30 12:11    3850760    ----a-w-    c:\windows\system32\D3DX9_38.dll
2009-06-03 20:53 . 2008-03-05 14:03    479752    ----a-w-    c:\windows\system32\XAudio2_0.dll
2009-06-03 20:53 . 2008-03-05 14:03    238088    ----a-w-    c:\windows\system32\xactengine3_0.dll
2009-06-03 20:53 . 2008-03-05 14:00    25608    ----a-w-    c:\windows\system32\X3DAudio1_3.dll
2009-06-03 20:53 . 2008-03-05 13:56    1420824    ----a-w-    c:\windows\system32\D3DCompiler_37.dll
2009-06-03 20:53 . 2008-02-05 21:07    462864    ----a-w-    c:\windows\system32\d3dx10_37.dll
2009-06-03 20:52 . 2009-06-03 23:58    --------    d-----w-    C:\Warhammer Online - Age of Reckoning
2009-06-03 20:52 . 2009-06-03 23:58    --------    d-----w-    \Warhammer Online - Age of Reckoning
2009-06-03 20:52 . 2008-03-05 13:56    3786760    ----a-w-    c:\windows\system32\D3DX9_37.dll
2009-06-03 20:52 . 2007-10-22 01:39    267272    ----a-w-    c:\windows\system32\xactengine2_10.dll
2009-06-03 20:52 . 2007-10-22 01:37    17928    ----a-w-    c:\windows\system32\X3DAudio1_2.dll
2009-06-03 20:51 . 2007-10-12 13:14    1374232    ----a-w-    c:\windows\system32\D3DCompiler_36.dll
2009-06-03 20:51 . 2007-10-02 07:56    444776    ----a-w-    c:\windows\system32\d3dx10_36.dll
2009-06-03 20:51 . 2007-10-12 13:14    3734536    ----a-w-    c:\windows\system32\d3dx9_36.dll
2009-06-03 20:50 . 2007-07-19 22:57    267112    ----a-w-    c:\windows\system32\xactengine2_9.dll
2009-06-03 20:50 . 2007-07-19 16:14    444776    ----a-w-    c:\windows\system32\d3dx10_35.dll
2009-06-03 20:50 . 2007-07-19 16:14    1358192    ----a-w-    c:\windows\system32\D3DCompiler_35.dll
2009-06-03 20:49 . 2007-07-19 16:14    3727720    ----a-w-    c:\windows\system32\d3dx9_35.dll
2009-06-03 20:49 . 2007-06-20 18:46    266088    ----a-w-    c:\windows\system32\xactengine2_8.dll
2009-06-03 20:49 . 2007-05-16 14:45    443752    ----a-w-    c:\windows\system32\d3dx10_34.dll
2009-06-03 20:49 . 2007-05-16 14:45    1124720    ----a-w-    c:\windows\system32\D3DCompiler_34.dll
2009-06-03 20:49 . 2007-05-16 14:45    3497832    ----a-w-    c:\windows\system32\d3dx9_34.dll
2009-06-03 20:49 . 2007-04-04 16:53    81768    ----a-w-    c:\windows\system32\xinput1_3.dll
2009-06-03 20:48 . 2007-04-04 16:55    261480    ----a-w-    c:\windows\system32\xactengine2_7.dll
2009-06-03 20:48 . 2007-03-05 10:42    15128    ----a-w-    c:\windows\system32\x3daudio1_1.dll
2009-06-03 20:48 . 2007-03-15 14:57    443752    ----a-w-    c:\windows\system32\d3dx10_33.dll
2009-06-03 20:48 . 2007-03-12 14:42    1123696    ----a-w-    c:\windows\system32\D3DCompiler_33.dll
2009-06-03 20:47 . 2007-03-12 14:42    3495784    ----a-w-    c:\windows\system32\d3dx9_33.dll
2009-06-03 20:47 . 2007-01-24 13:27    255848    ----a-w-    c:\windows\system32\xactengine2_6.dll
2009-06-03 20:47 . 2006-12-08 10:02    251672    ----a-w-    c:\windows\system32\xactengine2_5.dll
2009-06-03 20:47 . 2006-11-29 11:06    440080    ----a-w-    c:\windows\system32\d3dx10.dll
2009-06-03 20:46 . 2006-11-29 11:06    3426072    ----a-w-    c:\windows\system32\d3dx9_32.dll
2009-06-03 20:46 . 2006-09-28 14:05    237848    ----a-w-    c:\windows\system32\xactengine2_4.dll
2009-06-03 20:46 . 2006-09-28 14:05    2414360    ----a-w-    c:\windows\system32\d3dx9_31.dll
2009-06-03 20:46 . 2006-07-28 07:30    236824    ----a-w-    c:\windows\system32\xactengine2_3.dll
2009-06-03 20:46 . 2006-07-28 07:30    62744    ----a-w-    c:\windows\system32\xinput1_2.dll
2009-06-03 20:39 . 2005-05-26 13:34    2297552    ----a-w-    c:\windows\system32\d3dx9_26.dll
2009-06-03 20:35 . 2009-06-03 20:35    --------    d-----w-    c:\program files\SystemRequirementsLab
2009-06-03 20:19 . 2009-06-03 20:30    --------    d--h--w-    c:\windows\msdownld.tmp
2009-06-03 06:41 . 2009-06-03 06:41    680    ----a-w-    c:\users\Stegger\AppData\Local\d3d9caps.dat
2009-06-03 00:43 . 2009-06-08 11:46    3533504512    --sha-w-    \pagefile.sys
2009-06-02 23:45 . 2009-06-02 23:45    --------    d-----w-    c:\users\Stegger\Bluetooth Software
2009-06-02 21:43 . 2009-06-02 21:43    11952    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-06-02 21:43 . 2009-06-02 21:43    108552    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2009-06-02 21:43 . 2009-06-02 21:43    325896    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-06-02 21:33 . 2009-06-08 07:45    --------    d-----w-    c:\windows\system32\drivers\Avg
2009-06-02 21:33 . 2009-06-02 21:33    27784    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-06-02 21:31 . 2009-06-02 21:31    --------    d-----w-    c:\program files\AVG
2009-06-02 21:15 . 2009-06-02 21:15    51224    ----a-w-    c:\windows\system32\wuauclt.exe
2009-06-02 21:15 . 2009-06-02 21:15    43544    ----a-w-    c:\windows\system32\wups2.dll
2009-06-02 21:15 . 2009-06-02 21:15    1809944    ----a-w-    c:\windows\system32\wuaueng.dll
2009-06-02 21:15 . 2009-06-02 21:15    1524736    ----a-w-    c:\windows\system32\wucltux.dll
2009-06-02 20:47 . 2009-06-02 20:47    31232    ----a-w-    c:\windows\system32\wuapp.exe
2009-06-02 20:47 . 2009-06-02 20:47    162064    ----a-w-    c:\windows\system32\wuwebv.dll
2009-06-02 19:37 . 2009-06-02 20:43    --------    d-----w-    c:\users\Stegger\AppData\Local\QuickPlay
2009-06-02 19:36 . 2009-06-08 11:47    67496    ----a-w-    c:\users\Stegger\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-02 19:36 . 2009-06-02 19:36    --------    d-----w-    c:\users\Stegger\AppData\Roaming\Symantec
2009-06-02 19:32 . 2009-06-02 19:32    44    ----a-w-    c:\windows\system\hpsysdrv.dat
2009-06-02 17:48 . 2009-06-02 17:48    --------    d-----w-    c:\users\Stegger\AppData\Roaming\Hewlett-Packard
2009-06-02 17:28 . 2009-06-02 17:40    --------    d-----w-    c:\program files\Microsoft Works
2009-06-02 17:21 . 2009-06-02 17:21    --------    d-----w-    c:\users\Stegger\AppData\Local\Adobe
2009-06-02 17:02 . 2009-06-02 17:11    --------    d-----w-    c:\program files\Common Files\Adobe
2009-06-02 16:53 . 2009-06-02 16:54    --------    d-----w-    c:\program files\MSN Messenger
2009-06-02 16:53 . 2009-06-02 16:53    --------    d-----w-    c:\windows\PCHEALTH
2009-06-02 16:50 . 2009-06-02 19:36    --------    d-----w-    c:\users\Stegger\AppData\Local\VirtualStore
2009-06-02 16:49 . 2009-06-02 16:50    --------    d-----w-    c:\program files\Common Files\LightScribe
2009-06-02 16:06 . 2009-06-08 08:01    --------    d-sh--w-    \System Volume Information

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 11:46 . 2009-06-08 07:45    3219578880    --sha-w-    \hiberfil.sys
2009-06-08 11:46 . 2009-06-03 00:43    3533504512    --sha-w-    \pagefile.sys
2009-06-03 20:08 . 2008-08-08 20:01    --------    d-----w-    c:\program files\HP
2009-06-03 18:56 . 2007-11-28 01:57    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2009-06-03 18:54 . 2008-08-08 19:45    12    ----a-w-    c:\windows\bthservsdp.dat
2009-06-02 23:44 . 2007-11-28 01:26    463874    ----a-w-    c:\windows\system32\perfh01D.dat
2009-06-02 23:44 . 2007-11-28 01:26    81394    ----a-w-    c:\windows\system32\perfc01D.dat
2009-06-02 23:44 . 2007-11-28 01:18    79320    ----a-w-    c:\windows\system32\perfc014.dat
2009-06-02 23:44 . 2007-11-28 01:18    468364    ----a-w-    c:\windows\system32\perfh014.dat
2009-06-02 23:44 . 2007-11-28 01:12    451034    ----a-w-    c:\windows\system32\perfh00B.dat
2009-06-02 23:44 . 2007-11-28 01:12    83788    ----a-w-    c:\windows\system32\perfc00B.dat
2009-06-02 23:44 . 2007-11-28 01:06    80288    ----a-w-    c:\windows\system32\perfc006.dat
2009-06-02 23:44 . 2007-11-28 01:06    485600    ----a-w-    c:\windows\system32\perfh006.dat
2009-06-02 16:51 . 2008-08-08 20:02    --------    d-----w-    c:\program files\HPQ
2009-06-02 16:41 . 2009-06-02 16:41    0    --sha-r-    c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF8312SM7_E459053-DH3_4A_I30D2_SQuanta_V79.2E_F.58_T080616_WV3-0_L406_M3070_J250_7Intel_8676_92.40_#071127_N10EC8136;80864229_(KU127EA#UUW)_XMOBILE_CN10_Z.MRK
2009-04-26 07:32 . 2007-09-19 20:05    457248    ----a-w-    c:\windows\system32\nvuninst.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-02 1947928]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-17 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AB811D15-C610-48A4-9697-6B7F0F613395}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9C2B3C71-5D67-4663-AE2E-0B030CCD1FC8}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{E0BA8F9E-98F4-4F0A-B450-C640D9774DC4}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{82E6BFBA-D891-4A10-957D-6CAC33F69829}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{25FC8D7C-61B8-4365-B8A3-C3485A0445F9}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{56A63BC0-5696-4452-A3ED-8648E040AFF9}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{41CF59D2-5605-42B7-832B-4B4DEF1337C2}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [02-06-2009 23:43 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [02-06-2009 23:43 108552]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [08-08-2008 21:54 354840]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02-06-2009 23:32 908568]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02-06-2009 23:32 298776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-procexp90.Sys


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 14:00
Windows 6.0.6000  NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk 743 bytes
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini 174 bytes

scanning gennemført med succes
skjulte filer: 2

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Gennemført tid: 2009-06-08 14:01
ComboFix-quarantined-files.txt  2009-06-08 12:01

Pre-Kørsel: 206.513.569.792 byte ledig
Post-Kørsel: 206.459.392.000 byte ledig

230

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:41, on 08-06-2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6614 bytes

Håber i kan hjælpe mig


Mvh Peter

Jeg havde også på et tidspunkt brug for at reinstallere Vista pga. virus - recovery kunne jeg ikke få til at virke. Ringede til HP support og fik i løbet af få dage tilsendt en DVD med Vista Business som er det OS jeg har på min laptop.
Nemt og bekvemt - nu har jeg aldrig problemer med at lave en ren installation når/hvis det bliver nødvendigt.

Med de problemer du har ville jeg straks kopiere vigtige filer til en ekstern harddisk og derefter formatere og reinstallere Vista. At forsøge at reparere kan være meget tricky. Husk derefter som det allerførste, at få installeret de nødvendige sikkerhedsopdateringer fra Microsoft og - ikke mindst - installere et antivirus program.

Mvh.

Må jeg anbefale dig at på en eller anden måde rense PC'en for nuller-mænd/damer... bare for at evt. udelukke et varmeproblem...

Derefter Download M$ ServicePack1 til Vista -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=f559842a-9c9b-4579-b64a-09146a0ba746 - gem på et passende ANDET medie.

AVG* er ikke det mest populære Sikkerhedsprogram pt.
http://www.spywarefri.dk/sikkerhedspakken/ - evt. [Avast!] og have den instalationspakke liggende på passende ANDET medie.

Begynd forfra med nævnte [komplet system recovery] UDEN at have nogen form for internetforbindelse igang. Når DET er gennemført så INSTALL Vista SP1 + [Avast!] fra nævnte passende medie. Efter en genstart eller to SÅ internetforbindelse på og straks til WindowsUpdate for de MANGE efterfølgende opdateringer (bla. IE8) samt opdatering af [Avast!] ...