CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede Steven M Nybegynder
23. juni 2010 - 08:37 Der er 30 kommentarer

Hijackthis help :)

Så er den gal igen.. Nogen der gidder tjekker min log..

Min mus virker ikke, og mit tastetur virker meget få gange.
Jeg har rebootet mit system 117 gange, men intet har hjulpet.
MEN :) Lige pluselig så virker alt igen, meget mærkeligt..



Logfile of HijackThis v1.99.1
Scan saved at 08:25:06, on 23-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21256)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Programmer\Virus\Avast\aswUpdSv.exe
E:\Programmer\Virus\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programmer\Virus\Avast\ashMaiSv.exe
E:\Programmer\Virus\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
E:\PROGRA~1\Virus\Avast\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programmer\StartsBar\StatBar\StatBar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Programmer\Virus\Adware fix\Hijackthis\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\Virus\ADWARE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Virus\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StatBar] E:\Programmer\StartsBar\StatBar\StatBar.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O15 - Trusted IP range: http://192.168.1.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CBFBEB-D593-46C0-962B-099524C64CF4}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programmer\Virus\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmer\Virus\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programmer\Virus\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programmer\Virus\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: bE2l57 - CPUID - E:\Programmer\PC Wizard 2010\Data\pcwizntl.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Avatar billede f-arn Guru
23. juni 2010 - 09:02 #1
Prøv at afinstallere StatBar. Se om det hjælper.

------

Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe

Eller her ->
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind.

NB Når du opdaterer Malwarebytes, så klik på "Tjek for opdatering" til den skriver at der ikke er flere opdateringer.
Avatar billede Steven M Nybegynder
23. juni 2010 - 09:28 #2
Har ikke fjernet statbar, da jeg bruger den.. :)

Her er den nye log du bad om..


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4227

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

23-06-2010 09:29:29
mbam-log-2010-06-23 (09-29-29).txt

Skanningstype: Hurtig skanning
Objekter skannet: 125544
Tid gået: 3 minut(ter), 37 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 1
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)
Avatar billede f-arn Guru
23. juni 2010 - 09:49 #3
Problemet med Statbar er, at den kan bruge enormt mange ressourcer. Det kan så få dit system til at "gå i stå". Det synes jeg passer meget godt med din beskrivelse.
Avatar billede Computer Hjælp (Gratis) Mester
23. juni 2010 - 10:59 #4
IE8 ? Samt efterfølgende mange opdateringer ?

Nyere HiJackThis ? -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Opdatér din [Avast] (Det er vist ver4 du kører med; der er ver5 fremme nu...)
http://www.spywarefri.dk/software/avast-antivirus-home-edition/
Avatar billede Steven M Nybegynder
24. juni 2010 - 08:48 #5
F-arn : Når men så må statbar ryge ud :)

Karise_larry : Jeg bruger slet ikke "IE", bruger firefox og safari.. Men skal jeg stadig opdatere til IE8 ?

Jeg henter nyere HJT og Avast.

Sig til hvis i vil ha en ny log eller andet.. ;)
Avatar billede Steven M Nybegynder
24. juni 2010 - 08:51 #6
Der kom lige en ny log ;)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:16, on 24-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21256)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Programmer\Virus\Avast\aswUpdSv.exe
E:\Programmer\Virus\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
E:\Programmer\Virus\Avast\ashMaiSv.exe
E:\Programmer\Virus\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
E:\PROGRA~1\Virus\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programmer\StartsBar\StatBar\StatBar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programmer\Virus\Adware fix\Hijackthis\HiJackThis_ny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\Virus\ADWARE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Virus\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StatBar] E:\Programmer\StartsBar\StatBar\StatBar.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.233
O15 - ESC Trusted IP range: http://192.168.1.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CBFBEB-D593-46C0-962B-099524C64CF4}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: hemimorphite - {12a31567-9883-4cc0-a684-ad5804394d69} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programmer\Virus\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmer\Virus\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programmer\Virus\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programmer\Virus\Avast\ashWebSv.exe
O23 - Service: bE2l57 - CPUID - E:\Programmer\PC Wizard 2010\Data\pcwizntl.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8028 bytes
Avatar billede Steven M Nybegynder
24. juni 2010 - 09:03 #7
Og Den nye ver5 Avast, den kan jeg ikke finde på det link du skrev, jo men den koster ;) Ingen free version...
Avatar billede f-arn Guru
24. juni 2010 - 12:23 #8
Du kan hente en gratis Avast 5 her:
http://www.avast.com/en-eu/free-antivirus-download

Den findes desværre ikke på dansk.

Når men så må statbar ryge ud

Statbar er stadig i din log?
Avatar billede Computer Hjælp (Gratis) Mester
24. juni 2010 - 16:07 #9
(IE skal alligevel være opdateret; 'banditerne' ude i verden kan nemlig finde vej gennem en ikke opdateret IE!!! Også selvom den aldrig har været i brug!!!)
Avatar billede Steven M Nybegynder
24. juni 2010 - 20:07 #10
Okay.. jeg har opdateret til IE8 og hentet Avast, og slettet Statbat, så der kommer lige en ny log, når jeg lige får genstartet ;)
Avatar billede Steven M Nybegynder
24. juni 2010 - 20:46 #11
Og der kom den nye log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:20, on 24-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programmer\Virus\Avast\AvastSvc.exe
E:\Programmer\Virus\Avast\avastUI.exe
C:\Program Files\Safari\Safari.exe
E:\Programmer\Virus\Adware fix\Hijackthis\HiJackThis_ny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\Virus\ADWARE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] E:\PROGRA~1\Virus\Avast\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StatBar] E:\Programmer\StartsBar\StatBar\StatBar.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.233
O15 - ESC Trusted IP range: http://192.168.1.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CBFBEB-D593-46C0-962B-099524C64CF4}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: hemimorphite - {12a31567-9883-4cc0-a684-ad5804394d69} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: bE2l57 - CPUID - E:\Programmer\PC Wizard 2010\Data\pcwizntl.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7566 bytes
Avatar billede Computer Hjælp (Gratis) Mester
24. juni 2010 - 20:59 #12
O4 - HKCU\..\Run: [StatBar] E:\Programmer\StartsBar\StatBar\StatBar.exe
???
Avatar billede f-arn Guru
24. juni 2010 - 21:09 #13
Den står heldigvis ikke længere under Running processes  :)

Start hijackthis, klik på "do  a system scan only" og sæt flueben ved følgende.

[bO4 - HKCU\..\Run: [StatBar] E:\Programmer\StartsBar\StatBar\StatBar.exe[/b]

Luk så alle andre vinduer og klik "fix checked"

Genstart og fortæl så hvordan computeren kører?
Avatar billede Steven M Nybegynder
24. juni 2010 - 21:36 #14
Ny log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:15, on 24-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programmer\Virus\Avast\AvastSvc.exe
E:\Programmer\Virus\Avast\avastUI.exe
C:\Program Files\Safari\Safari.exe
E:\Programmer\µTorrent\Downloads\Portable MS Office 2003 Word-Excel\Portable MS Office 2003 Word-Excel\Thinstall\Office 2003\10000001600002i\msiexec.exe
E:\Programmer\Virus\Adware fix\Hijackthis\HiJackThis_ny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\Virus\ADWARE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] E:\PROGRA~1\Virus\Avast\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.233
O15 - ESC Trusted IP range: http://192.168.1.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CBFBEB-D593-46C0-962B-099524C64CF4}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: hemimorphite - {12a31567-9883-4cc0-a684-ad5804394d69} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: bE2l57 - CPUID - E:\Programmer\PC Wizard 2010\Data\pcwizntl.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7647 bytes
Avatar billede Steven M Nybegynder
25. juni 2010 - 16:02 #15
Nu er den snart ved at falde helt fra hinanden...

Inden for de sidste par dage har den gået i blå skærm, og genstartet sig selv. Det ser ikke ud til at den gør mere end bare det..
Avatar billede f-arn Guru
25. juni 2010 - 17:21 #16
Det virker ikke som et malware problem, men:

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede Steven M Nybegynder
25. juni 2010 - 18:09 #17
F-arn.. Så er Combofix kørt igennem og der kom en bette log fil ud af det.. håber du kan se en evt fejl eller andet ;)




ComboFix 10-06-24.03 - Steven 25-06-2010  18:02:11.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2991 [GMT 2:00]
Running from: c:\documents and settings\Steven\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steven\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steven\Application Data\inst.exe
c:\documents and settings\Steven\g2mdlhlpx.exe
c:\windows\system32\msconfig.exe
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((  Files Created from 2010-05-25 to 2010-06-25  )))))))))))))))))))))))))))))))
.

2010-06-24 18:23 . 2010-06-24 18:23    --------    d-sh--w-    c:\documents and settings\Steven\PrivacIE
2010-06-24 18:23 . 2010-06-24 18:23    --------    d-sh--w-    c:\documents and settings\Steven\IECompatCache
2010-06-24 18:20 . 2010-05-06 20:39    164048    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-06-24 18:20 . 2010-05-06 20:33    19024    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-06-24 18:20 . 2010-05-06 20:34    23376    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-06-24 18:20 . 2010-05-06 20:39    46672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-06-24 18:20 . 2010-05-06 20:33    100432    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2010-06-24 18:20 . 2010-05-06 20:33    94800    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2010-06-24 18:20 . 2010-05-06 20:33    28880    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2010-06-24 18:20 . 2010-05-06 20:59    38848    ----a-w-    c:\windows\system32\avastSS.scr
2010-06-24 18:20 . 2010-05-06 20:59    165032    ----a-w-    c:\windows\system32\aswBoot.exe
2010-06-24 18:18 . 2010-06-24 18:18    --------    d-sh--w-    c:\documents and settings\Steven\IETldCache
2010-06-24 18:14 . 2010-06-24 18:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-24 18:06 . 2010-06-24 18:06    --------    d-----w-    c:\windows\ie8updates
2010-06-24 18:04 . 2010-06-24 18:05    --------    dc-h--w-    c:\windows\ie8
2010-06-24 18:01 . 2010-05-06 10:41    12800    ------w-    c:\windows\system32\dllcache\xpshims.dll
2010-06-24 18:01 . 2010-05-06 10:41    247808    ------w-    c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 18:01 . 2010-05-06 10:41    743424    ------w-    c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 18:00 . 2010-04-16 11:43    41984    ------w-    c:\windows\system32\dllcache\iecompat.dll
2010-06-24 17:24 . 2008-04-13 22:15    60032    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2010-06-24 17:24 . 2008-04-13 22:15    60032    ----a-w-    c:\windows\system32\dllcache\usbaudio.sys
2010-06-23 07:24 . 2010-06-23 07:24    --------    d-----w-    c:\documents and settings\Steven\Application Data\Malwarebytes
2010-06-23 07:23 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-23 07:23 . 2010-06-23 07:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-23 07:23 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-06-21 07:22 . 2010-06-21 08:07    --------    d-----w-    c:\windows\system32\Adobe
2010-06-21 06:35 . 2009-05-28 09:48    11776    ----a-w-    c:\windows\system32\mciqtz.drv
2010-06-11 11:02 . 2010-03-05 14:37    65536    ------w-    c:\windows\system32\dllcache\asycfilt.dll
2010-06-03 13:47 . 2010-06-03 13:47    --------    d-----w-    c:\documents and settings\Steven\Application Data\PC Tools
2010-05-31 14:25 . 2010-05-31 14:29    --------    d-----w-    c:\documents and settings\Steven\Application Data\TS3Client

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 13:59 . 2010-06-23 05:45    90112    ----a-w-    c:\windows\DUMP2f8b.tmp
2010-06-24 17:34 . 2010-06-23 05:45    90112    ----a-w-    c:\windows\DUMP3bff.tmp
2010-06-24 09:56 . 2010-03-03 12:15    --------    d-----w-    c:\documents and settings\Steven\Application Data\BitTorrent
2010-06-24 09:52 . 2009-03-10 20:08    0    -c--a-w-    c:\documents and settings\Steven\temp.dat
2010-06-23 06:16 . 2008-02-24 20:35    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 08:45 . 2009-10-08 15:46    --------    d-----w-    c:\documents and settings\Steven\Application Data\vlc
2010-06-10 18:35 . 2008-01-20 21:11    --------    d-----w-    c:\documents and settings\Steven\Application Data\Vso
2010-06-10 14:18 . 2008-01-19 14:25    --------    d-----w-    c:\documents and settings\Steven\Application Data\uTorrent
2010-05-31 15:04 . 2008-01-20 20:53    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-05-27 10:54 . 2010-04-11 19:24    --------    d-----w-    c:\documents and settings\Steven\Application Data\Apple Computer
2010-05-17 14:43 . 2009-11-17 11:44    --------    d-----w-    c:\documents and settings\Steven\Application Data\dvdcss
2010-05-11 10:06 . 2010-05-10 14:42    --------    d-----w-    c:\program files\PopCap Games
2010-05-10 15:42 . 2010-05-10 14:43    28    ----a-w-    c:\windows\popcinfot.dat
2010-05-06 10:41 . 2007-06-24 07:40    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-04 13:23 . 2010-04-28 16:27    --------    d-----w-    c:\documents and settings\Steven\Application Data\PopCapv1006
2010-05-02 05:22 . 2007-06-24 07:40    1851264    ----a-w-    c:\windows\system32\win32k.sys
2010-04-28 16:27 . 2010-04-28 16:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\PopCap Games
2010-04-28 16:14 . 2010-04-28 16:14    --------    d-----w-    c:\documents and settings\Steven\Application Data\TeamViewer
2010-04-28 16:14 . 2010-04-28 16:14    --------    d-----w-    c:\program files\TeamViewer
2010-04-20 05:30 . 2004-08-03 23:56    285696    ----a-w-    c:\windows\system32\atmfd.dll
2010-04-14 18:53 . 2008-01-18 04:34    90112    -c--a-w-    c:\windows\DUMP3a2a.tmp
2010-04-11 19:25 . 2010-04-11 19:25    14728    ---ha-w-    c:\windows\system32\mlfcache.dat
2010-03-30 22:16 . 2010-03-30 22:16    99176    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10    295264    ----a-w-    c:\windows\system32\PresentationHost.exe
.

------- Sigcheck -------


[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"avast5"="e:\progra~1\Virus\Avast\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Hurtigstart.lnk]
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17    952768    -c--a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42    36272    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05    81920    -c--a-w-    e:\programmer\Daemon Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    -c----w-    c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40    155648    -c--a-w-    c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-06-08 14:18    23233576    -c--a-r-    c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 10:43    2097488    -csha-r-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17    149280    -c--a-w-    c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmer\\µTorrent\\utorrent.exe"=
"e:\\Programmer\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Spil\\TrackMania\\TmNationsForever\\TmForever.exe"=
"e:\\Programmer\\BulletProof FTP\\G6 FTP Server\\G6FTPSrv.exe"=
"e:\\Programmer\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Programmer\\Simple port forwarding\\Simple Port Forwarding\\spf.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"f:\\Spil\\Operation Flashpoint - Dragon Rising\\OFDR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18417:TCP"= 18417:TCP:SPF Port 18417 TCP
"58820:TCP"= 58820:TCP:SPF Port 58820 TCP

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [20-01-2008 23:14 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [20-01-2008 23:14 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24-06-2010 20:20 164048]
R1 SASDIFSV;SASDIFSV;e:\programmer\Virus\SUPERAntiSpyware\SASDIFSV.SYS [20-01-2008 22:37 5632]
R1 SASKUTIL;SASKUTIL;e:\programmer\Virus\SUPERAntiSpyware\SASKUTIL.SYS [20-01-2008 22:37 29184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24-06-2010 20:20 19024]
S3 bE2l57;bE2l57;e:\programmer\PC Wizard 2010\Data\pcwizntl.exe -s --> e:\programmer\PC Wizard 2010\Data\pcwizntl.exe -s [?]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [18-01-2008 06:40 171264]
S3 SASENUM;SASENUM;e:\programmer\Virus\SUPERAntiSpyware\SASENUM.SYS [20-01-2008 22:37 4096]

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
SRService
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN
napagent
hkmsvc
wscsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-25 c:\windows\Tasks\User_Feed_Synchronization-{B233390C-7B81-4C78-860B-64380D06D630}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: {81CBFBEB-D593-46C0-962B-099524C64CF4} = 193.162.153.164,194.239.134.83
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\2rkzl9v0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\2rkzl9v0.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - e:\programmer\Virus\Adware fix\Hijackthis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 18:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ACAD248]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80fcf28
\Driver\ACPI -> ACPI.sys @ 0xb7f59cb8
\Driver\atapi -> 0x8acad248
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C) -> SendCompleteHandler -> NDIS.sys @ 0xb7de1b0a
PacketIndicateHandler -> NDIS.sys @ 0xb7deca21
SendHandler -> NDIS.sys @ 0xb7de1949
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
e:\programmer\Virus\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2010-06-25  18:08:16 - machine was rebooted
ComboFix-quarantined-files.txt  2010-06-25 16:08

Pre-Run: 44.511.260.672 bytes free
Post-Run: 45.128.548.352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 002AE60A40ADD7EF603CCA3D78AED26A
Avatar billede f-arn Guru
25. juni 2010 - 18:56 #18
1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost /s

3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.
Avatar billede Steven M Nybegynder
25. juni 2010 - 21:40 #19
Super, det vil jeg lige gøre imorgen, da jeg ikke er ved min egen pc iaften.

Der kommer en log i morgen formiddag..
Avatar billede Steven M Nybegynder
26. juni 2010 - 14:46 #20
Her kommer den log du bad om...



SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:47 on 26/06/2010 by Steven (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"bthsvcs"="BthServ"
"DcomLaunch"="DcomLaunch TermService"
"dot3svc"="dot3svc"
"eapsvcs"="eaphost"
"HTTPFilter"="HTTPFilter"
"imgsvc"="StiSvc"
"LocalService"="WebClient LmHosts upnphost SSDPSRV"
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Netman Nla NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule SENS Sharedaccess SRService Tapisrv Themes WZCSVC Wmi WmdmPmSp winmgmt xmlprov BITS wuauserv ShellHWDetection WmdmPmSN napagent hkmsvc wscsvc"
"NetworkService"="DnsCache"
"rpcss"="RpcSs"
"termsvcs"="TermService"
"WudfServiceGroup"="WUDFSvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000008 (8)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\dot3svc]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\eapsvcs]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter]
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"AuthenticationCapabilities"= 0x0000002000 (8192)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000008 (8)


-=End Of File=-
Avatar billede f-arn Guru
26. juni 2010 - 18:27 #21
Den vil jeg så lige overveje, men kan du fortælle om du har en XP installations disk?

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
FCopy::
c:\windows\ServicePackFiles\i386\regsvc.dll | c:\windows\System32\regsvc.dll
Filelook::
c:\windows\system32\drivers\d347bus.sys
c:\windows\system32\drivers\d347prt.sys
Folder::
c:\documents and settings\Steven\Application Data\uTorrent
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"=-
Driver::
bE2l57
Mia::
c:\windows\System32\drivers\beep.sys
SRPeek::
c:\windows\System32\drivers\beep.sys
Restore::
c:\windows\System32\drivers\beep.sys

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede Steven M Nybegynder
26. juni 2010 - 22:15 #22
Jeg har ikke min xp cd desværre...

Her er den nye log..



ComboFix 10-06-24.03 - Steven 26-06-2010  22:03:29.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2992 [GMT 2:00]
Running from: e:\programmer\Virus\ComboFix.exe
Command switches used :: c:\documents and settings\Steven\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steven\Application Data\uTorrent
c:\documents and settings\Steven\Application Data\uTorrent\--==Gamle Dansk==--.torrent
c:\documents and settings\Steven\Application Data\uTorrent\18.WHEELS.OF.STEEL.EXTREME.TRUCKER-ADDICTION.torrent
c:\documents and settings\Steven\Application Data\uTorrent\According.to.Jim.-.COMPLETE.Xvid-Bryggerne.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Aliens_Vs_Predator_Proper-Razor1911.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Anders_Matthesen_Vender_Tilbage_Live_Paa_Det_Kongelige_Teater.DANiSH.2009.DVDRiP.XViD-HEJMEDMiG.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Anja.Og.Viktor.I.Medgang.Og.Modgang.HR.AC3.DANiSH.DVDRiP.XViD-DTTN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\AUTODESK.AUTOCAD.INVENTOR.SUITE.V2010.WIN32-ISO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\AUTODESK.AUTOCAD.V2009.WIN32-ISO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Autodesk_AutoCAD_Architecture_v2010-CYGiSO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Banned.From.Television.DVDRip.DivX.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Biker.Jens.Down.Under.E01.DANiSH.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Biker.Jens.Down.Under.E02.DANiSH.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Biker.Jens.Down.Under.E03.DANiSH.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Biker.Jens.Down.Under.E04.DANiSH.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Butterfly.Effect.Revelation.2009.DVDRip.XviD-BeStDivX.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Carsten.Bang.Bang.Jeg.Er.Doed.2009.REPACK.DANISH.DVDRip.XviD-SMOKEY.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Cool Runnings (1993) DVD RIP tabsman H33T release.torrent
c:\documents and settings\Steven\Application Data\uTorrent\CuteFTP.Pro.v8.3.1.Build.08.07.2008.1-NoPE.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E01.HR.DANiSH.PDTV.XViD-DTTN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E02.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E04.DANiSH.PDTV.XviD-DiViSiON.1.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E04.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E04.HR.DANiSH.PDTV.XViD-DTTN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E06.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E01.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E02.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E03.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E04.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E05.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E06.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E07.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E08.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\De.Udvalgte.2009.DVDRiP.XViD-PADAWiN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Det regner med frikadeller.torrent
c:\documents and settings\Steven\Application Data\uTorrent\dht.dat
c:\documents and settings\Steven\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Steven\Application Data\uTorrent\Die.Hard.1988.Extended.Version.INTERNAL.DVDRip.XviD-NEPTUNE.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Die.Hard.2.1990.INTERNAL.DVDRip.XviD-NEPTUNE.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Die.Hard.3.1995.INTERNAL.DVDRip.XviD-NEPTUNE.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Dragon.Hunter.2008.DVDRip.XviD-RUBY.torrent
c:\documents and settings\Steven\Application Data\uTorrent\elastomania.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.1.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.2.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.3.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.4.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.5.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.6.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.7.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.torrent
c:\documents and settings\Steven\Application Data\uTorrent\En.Enkelt.Til.Korsoer.Xvid.2008.DANiSH-Bryggerne.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Flashforward.S01E1-10.HDTV.Hardcoded.DKSUBS.XviD-BRYGGERNE.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Fort.Zombie-TiNYiSO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Freedom Fighters.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Fri.Os.Fra.Det.Onde.2009.DVDRIP.XViD-PADAWiN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\futanaria.Siterip.XXX.WMV-FNU.torrent
c:\documents and settings\Steven\Application Data\uTorrent\G.Force.2009.DANiSH.DVDRip.XviD-BiOCiTY.torrent
c:\documents and settings\Steven\Application Data\uTorrent\G.I.Joe.The.Rise.Of.Cobra.DVDRip.XviD-JUMANJi.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Himlen falder (divx).torrent
c:\documents and settings\Steven\Application Data\uTorrent\Himlen.Falder.DANISH.DVDRip.XviD-SMOKEY.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Ice.Age.Dawn.Of.The.Dinosaurs.DANISH.DVDRip.XviD-SMOKEY.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Inkheart.DVDRip.XviD-NeDiVx.1.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Inkheart.DVDRip.XviD-NeDiVx.2.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Inkheart.DVDRip.XviD-NeDiVx.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Jaegerne.Danmarks.Elitesoldater.DANiSH.PDTV.XviD-JUSTER.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Jan.Gintberg.Fremtid.Nu.2009.DANiSH.DVDRiP.XViD-RCDiVX.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Jydekompagniet.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E01.DANiSH.PDTV.XviD-DTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E02.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E03.DANiSH.PDTV.XviD-DTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E04.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E05.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E06.DANiSH.PDTV.XviD-DTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E07.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E08.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E09.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E10.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.Og.Leon.S01E01.PROPER.DANiSH.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.og.Leon.S01E02.Mehmet.Og.Rockerne.DANiSH.PDTV.XviD-DTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.og.Leon.S01E03.Leons.Alibi.DANiSH.PDTV.XviD-DTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.og.Leon.S01E04.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.og.Leon.S01E05.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.og.Leon.S01E06.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Mad Skills Motocross - PAG.torrent
c:\documents and settings\Steven\Application Data\uTorrent\MARINE3 SHARPSHOOTER.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Marley.And.Me.DVDRip.XviD-ARiGOLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Microsoft.Office.2007.ENTERPRiSE.DANiSH-DELiNQUENT.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Miljøstrup.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Need.For.Speed.Shift-RELOADED.torrent
c:\documents and settings\Steven\Application Data\uTorrent\NT-AVAST! 4.8.1358 PRO Latest Edition .Antivirus + Antyspyware.torrent
c:\documents and settings\Steven\Application Data\uTorrent\P3 Tjeklisten. Uge 51.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Peggle.Nights-FASiSO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Plants Vs Zombies + Crack.rar.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E01.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E02.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E03.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E04.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E05.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E06.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E07.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E08.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Polle Fiction.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Portable MS Office 2003 Word-Excel.torrent
c:\documents and settings\Steven\Application Data\uTorrent\resume.dat
c:\documents and settings\Steven\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Steven\Application Data\uTorrent\RevengeTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\rss.dat
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E01.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E02.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E03.DANiSH.WS.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E04.DANiSH.WS.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E05.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E06.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E07.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E08.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E09.DANISH.PDTV.XVID-BALLIN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Se.Min.Kjole.2009.DANiSH.DVDRip.XviD-PADAWiN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\settings.dat
c:\documents and settings\Steven\Application Data\uTorrent\settings.dat.1.bad
c:\documents and settings\Steven\Application Data\uTorrent\settings.dat.2.bad
c:\documents and settings\Steven\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Steven\Application Data\uTorrent\Sorte.Kugler.2009.DVDRip.XviD-MoA.torrent
c:\documents and settings\Steven\Application Data\uTorrent\South Park.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Splat Magazine Renegade Paintball - DVNiSO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Station.2.18.05.2009.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Station.2.Special.Biltyvenes.Nye.ABC.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Station.2.Special.Fartstroemer.Paa.MC.Jagt.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Strike Ball 3.exe.torrent
c:\documents and settings\Steven\Application Data\uTorrent\The.Dark.Knight.2008.TS.Custom.DKsubs.PAL.DVDR-DB4Ever.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Til.Middag.Hos.S01E19.DANiSH.PDTV.XviD-Allez.torrent
c:\documents and settings\Steven\Application Data\uTorrent\uploads.torrent
c:\documents and settings\Steven\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Steven\Application Data\uTorrent\Vores.Krig.Drengen.Der.Ville.I.Krig.E03.DANiSH.PDTV.XviD-JUSTER.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Vores.Krig.S01E01.Far.Far.Krigsmand.HR.DANiSH.PDTV.XViD-DTTN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Vores.Krig.S01E02.Skynd.Dig.Hjem.HR.DANiSH.PDTV.XViD-DTTN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Vores.Krig.S01E05.Krigsminister.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Zombie Driver.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Zombie.Shooter.RIP-Unleashed.torrent

c:\windows\System32\drivers\beep.sys . . . is infected!!

c:\windows\System32\drivers\beep.sys . . . is missing!!

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\regsvc.dll --> c:\windows\System32\regsvc.dll
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BE2L57
-------\Service_bE2l57


(((((((((((((((((((((((((  Files Created from 2010-05-26 to 2010-06-26  )))))))))))))))))))))))))))))))
.

2010-06-26 20:02 . 2008-04-14 00:12    59904    ----a-w-    c:\windows\system32\regsvc.dll
2010-06-26 20:02 . 2008-04-14 00:12    59904    ----a-w-    c:\windows\system32\dllcache\regsvc.dll
2010-06-24 18:23 . 2010-06-24 18:23    --------    d-sh--w-    c:\documents and settings\Steven\PrivacIE
2010-06-24 18:23 . 2010-06-24 18:23    --------    d-sh--w-    c:\documents and settings\Steven\IECompatCache
2010-06-24 18:20 . 2010-05-06 20:39    164048    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-06-24 18:20 . 2010-05-06 20:33    19024    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-06-24 18:20 . 2010-05-06 20:34    23376    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-06-24 18:20 . 2010-05-06 20:39    46672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-06-24 18:20 . 2010-05-06 20:33    100432    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2010-06-24 18:20 . 2010-05-06 20:33    94800    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2010-06-24 18:20 . 2010-05-06 20:33    28880    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2010-06-24 18:20 . 2010-05-06 20:59    38848    ----a-w-    c:\windows\system32\avastSS.scr
2010-06-24 18:20 . 2010-05-06 20:59    165032    ----a-w-    c:\windows\system32\aswBoot.exe
2010-06-24 18:18 . 2010-06-24 18:18    --------    d-sh--w-    c:\documents and settings\Steven\IETldCache
2010-06-24 18:14 . 2010-06-24 18:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-24 18:06 . 2010-06-24 18:06    --------    d-----w-    c:\windows\ie8updates
2010-06-24 18:04 . 2010-06-24 18:05    --------    dc-h--w-    c:\windows\ie8
2010-06-24 18:01 . 2010-05-06 10:41    12800    ------w-    c:\windows\system32\dllcache\xpshims.dll
2010-06-24 18:01 . 2010-05-06 10:41    247808    ------w-    c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 18:01 . 2010-05-06 10:41    743424    ------w-    c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 18:00 . 2010-04-16 11:43    41984    ------w-    c:\windows\system32\dllcache\iecompat.dll
2010-06-24 17:24 . 2008-04-13 22:15    60032    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2010-06-24 17:24 . 2008-04-13 22:15    60032    ----a-w-    c:\windows\system32\dllcache\usbaudio.sys
2010-06-23 07:24 . 2010-06-23 07:24    --------    d-----w-    c:\documents and settings\Steven\Application Data\Malwarebytes
2010-06-23 07:23 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-23 07:23 . 2010-06-23 07:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-23 07:23 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-06-21 07:22 . 2010-06-21 08:07    --------    d-----w-    c:\windows\system32\Adobe
2010-06-21 06:35 . 2009-05-28 09:48    11776    ----a-w-    c:\windows\system32\mciqtz.drv
2010-06-11 11:02 . 2010-03-05 14:37    65536    ------w-    c:\windows\system32\dllcache\asycfilt.dll
2010-06-03 13:47 . 2010-06-03 13:47    --------    d-----w-    c:\documents and settings\Steven\Application Data\PC Tools
2010-05-31 14:25 . 2010-05-31 14:29    --------    d-----w-    c:\documents and settings\Steven\Application Data\TS3Client

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 20:00 . 2010-03-03 12:15    --------    d-----w-    c:\documents and settings\Steven\Application Data\BitTorrent
2010-06-26 19:50 . 2008-01-20 21:11    --------    d-----w-    c:\documents and settings\Steven\Application Data\Vso
2010-06-25 13:59 . 2010-06-23 05:45    90112    ----a-w-    c:\windows\DUMP2f8b.tmp
2010-06-24 17:34 . 2010-06-23 05:45    90112    ----a-w-    c:\windows\DUMP3bff.tmp
2010-06-24 09:52 . 2009-03-10 20:08    0    -c--a-w-    c:\documents and settings\Steven\temp.dat
2010-06-23 06:16 . 2008-02-24 20:35    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 08:45 . 2009-10-08 15:46    --------    d-----w-    c:\documents and settings\Steven\Application Data\vlc
2010-05-31 15:04 . 2008-01-20 20:53    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-05-27 10:54 . 2010-04-11 19:24    --------    d-----w-    c:\documents and settings\Steven\Application Data\Apple Computer
2010-05-17 14:43 . 2009-11-17 11:44    --------    d-----w-    c:\documents and settings\Steven\Application Data\dvdcss
2010-05-11 10:06 . 2010-05-10 14:42    --------    d-----w-    c:\program files\PopCap Games
2010-05-10 15:42 . 2010-05-10 14:43    28    ----a-w-    c:\windows\popcinfot.dat
2010-05-06 10:41 . 2007-06-24 07:40    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-04 13:23 . 2010-04-28 16:27    --------    d-----w-    c:\documents and settings\Steven\Application Data\PopCapv1006
2010-05-02 05:22 . 2007-06-24 07:40    1851264    ----a-w-    c:\windows\system32\win32k.sys
2010-04-28 16:27 . 2010-04-28 16:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\PopCap Games
2010-04-28 16:14 . 2010-04-28 16:14    --------    d-----w-    c:\documents and settings\Steven\Application Data\TeamViewer
2010-04-28 16:14 . 2010-04-28 16:14    --------    d-----w-    c:\program files\TeamViewer
2010-04-20 05:30 . 2004-08-03 23:56    285696    ----a-w-    c:\windows\system32\atmfd.dll
2010-04-14 18:53 . 2008-01-18 04:34    90112    -c--a-w-    c:\windows\DUMP3a2a.tmp
2010-04-11 19:25 . 2010-04-11 19:25    14728    ---ha-w-    c:\windows\system32\mlfcache.dat
2010-03-30 22:16 . 2010-03-30 22:16    99176    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10    295264    ----a-w-    c:\windows\system32\PresentationHost.exe
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\d347bus.sys ---
Company:
File Description: PnP BIOS Extension
File Version: 3.47.0.0 built by: WinDDK
Product Name:
Copyright: Copyright (C) 2002-2004
Original Filename:
File size: 155136
Created time: 2008-01-20 21:14
Modified time: 2004-08-22 15:31
MD5: 5776322F93CDB91086111F5FFBFDA2A0
SHA1: CBF164E18401D4CDD1E3EAA416B67A4D4F7C5E70


--- c:\windows\system32\drivers\d347prt.sys ---
Company:
File Description: SCSI miniport
File Version: 3.47.0.0 built by: WinDDK
Product Name:
Copyright: Copyright (C) 2000-2004
Original Filename:
File size: 5248
Created time: 2008-01-20 21:14
Modified time: 2004-08-22 15:31
MD5: B49F79ACE459763F4E0380071BE9CB45
SHA1: 1786759AC4338C523480397F38F1EF1A42A63C8A


((((((((((((((((((((((((((((((((((((((((((  SR_Search  ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"avast5"="e:\progra~1\Virus\Avast\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Hurtigstart.lnk]
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17    952768    -c--a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42    36272    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05    81920    -c--a-w-    e:\programmer\Daemon Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    -c----w-    c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40    155648    -c--a-w-    c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-06-08 14:18    23233576    -c--a-r-    c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 10:43    2097488    -csha-r-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17    149280    -c--a-w-    c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmer\\µTorrent\\utorrent.exe"=
"e:\\Programmer\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Spil\\TrackMania\\TmNationsForever\\TmForever.exe"=
"e:\\Programmer\\BulletProof FTP\\G6 FTP Server\\G6FTPSrv.exe"=
"e:\\Programmer\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Programmer\\Simple port forwarding\\Simple Port Forwarding\\spf.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"f:\\Spil\\Operation Flashpoint - Dragon Rising\\OFDR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18417:TCP"= 18417:TCP:SPF Port 18417 TCP
"58820:TCP"= 58820:TCP:SPF Port 58820 TCP

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [20-01-2008 23:14 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [20-01-2008 23:14 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24-06-2010 20:20 164048]
R1 SASDIFSV;SASDIFSV;e:\programmer\Virus\SUPERAntiSpyware\SASDIFSV.SYS [20-01-2008 22:37 5632]
R1 SASKUTIL;SASKUTIL;e:\programmer\Virus\SUPERAntiSpyware\SASKUTIL.SYS [20-01-2008 22:37 29184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24-06-2010 20:20 19024]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [18-01-2008 06:40 171264]
S3 SASENUM;SASENUM;e:\programmer\Virus\SUPERAntiSpyware\SASENUM.SYS [20-01-2008 22:37 4096]

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
SRService
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN
napagent
hkmsvc
wscsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-26 c:\windows\Tasks\User_Feed_Synchronization-{B233390C-7B81-4C78-860B-64380D06D630}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: {81CBFBEB-D593-46C0-962B-099524C64CF4} = 193.162.153.164,194.239.134.83
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\2rkzl9v0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\2rkzl9v0.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 22:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AEA9D58]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80fcf28
\Driver\ACPI -> ACPI.sys @ 0xb7f59cb8
\Driver\atapi -> 0x8aea9d58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C) -> SendCompleteHandler -> NDIS.sys @ 0xb7de1b0a
PacketIndicateHandler -> NDIS.sys @ 0xb7deca21
SendHandler -> NDIS.sys @ 0xb7de1949
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2300)
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
e:\programmer\Virus\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-26  22:09:07 - machine was rebooted
ComboFix-quarantined-files.txt  2010-06-26 20:09
ComboFix2.txt  2010-06-25 16:08

Pre-Run: 53.123.014.656 bytes free
Post-Run: 53.015.678.976 bytes free

- - End Of File - - EC3595FFF68149B384BC28D74431FDA6
Avatar billede Computer Hjælp (Gratis) Mester
27. juni 2010 - 09:27 #23
*SUK* Sådan går det let når man leger med reslutater fra
* µTorrent
* LimeWire
* BitTorrent
*
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
Avatar billede Steven M Nybegynder
27. juni 2010 - 17:11 #24
Det er  jo chancen i brancen ;)

Men er der noget jeg kan gøre, udover self ikke at bruge de programmer...
Avatar billede Computer Hjælp (Gratis) Mester
27. juni 2010 - 18:15 #25
<f-arn> fortsætter herfra ...
Avatar billede f-arn Guru
28. juni 2010 - 05:14 #26
Har du mulighed for at låne en XP cd?
Jeg skal bruge en ren kopi af beep.sys

Det er jo chancen i brancen ;)

Det er det jo, men så er man jo egentlig selv ude om det.
Avatar billede Steven M Nybegynder
28. juni 2010 - 11:12 #27
Desværre ikke, da dem jeg kender har win7.

kan jeg ikke hente filen fra nettet, eller har du evt mulighed for at ligge den op ?


Ja det er jo så rigtig nok :)
Avatar billede f-arn Guru
30. juni 2010 - 10:56 #28
Hvis vi skal videre, er du nødt til at finde en ren beep.sys. Personligt, kunne jeg ikke drømme om, at hente sådan en fil fra nettet.
Avatar billede Steven M Nybegynder
30. juni 2010 - 15:10 #29
Okay, når jeg finder den fil, hva skal jeg så gøre ?
Avatar billede f-arn Guru
30. juni 2010 - 15:35 #30
Læg den i:  C:\
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 10 I går 20:49 I dag 10:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
6 min siden Underlig meddelelse på skærmen Af Jordegern i E-mail programmer
I dag 15:56 Navigation i Peugeot 3-2008 fra 2017 Af arnepedersen i Andet software
I dag 14:10 Outlook henter ikke mails Af TTA i Office & Kontorpakker
I dag 13:58 vise billeder i kartotek med store ikoner inklusive optagelsesdato Af Malm i Billedbehandling
I dag 13:35 Adobe Elements 2019, Organizer Crasher Af mort1 i Billedbehandling
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Telegigant klar med AI-baseret mormor: Holder telefon-svindlere fast i røret med sniksnak og dumme spørgsmål
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Tre vigtige erkendelser, som Computerworld tog med hjem fra Gartners store topmøde i Barcelona
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Topchef Sara Green mener, at der er brug for et radikalt nyt syn på it-ledelse - særligt én ny trend hader hun som pesten
Se alle »
White paper
Teaser billede
Er din cybersikkerhed klar til AI-revolutionen?
Læs mere »
Managed Detection & Response: Forsvar din virksomhed mod cybertrusler døgnet rundt
SMB og cybertrusler: Brug sikkerhedsressourcerne optimalt
MDR: Transparent sikkerhed og overvågning i realtid
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »