Avatar billede Steven M Nybegynder
23. juni 2010 - 08:37 Der er 30 kommentarer

Hijackthis help :)

Så er den gal igen.. Nogen der gidder tjekker min log..

Min mus virker ikke, og mit tastetur virker meget få gange.
Jeg har rebootet mit system 117 gange, men intet har hjulpet.
MEN :) Lige pluselig så virker alt igen, meget mærkeligt..



Logfile of HijackThis v1.99.1
Scan saved at 08:25:06, on 23-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21256)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Programmer\Virus\Avast\aswUpdSv.exe
E:\Programmer\Virus\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programmer\Virus\Avast\ashMaiSv.exe
E:\Programmer\Virus\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
E:\PROGRA~1\Virus\Avast\ashDisp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programmer\StartsBar\StatBar\StatBar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Programmer\Virus\Adware fix\Hijackthis\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\Virus\ADWARE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Virus\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StatBar] E:\Programmer\StartsBar\StatBar\StatBar.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O15 - Trusted IP range: http://192.168.1.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CBFBEB-D593-46C0-962B-099524C64CF4}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programmer\Virus\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmer\Virus\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programmer\Virus\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Programmer\Virus\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: bE2l57 - CPUID - E:\Programmer\PC Wizard 2010\Data\pcwizntl.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Avatar billede f-arn Guru
23. juni 2010 - 09:02 #1
Prøv at afinstallere StatBar. Se om det hjælper.

------

Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe

Eller her ->
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind.

NB Når du opdaterer Malwarebytes, så klik på "Tjek for opdatering" til den skriver at der ikke er flere opdateringer.
Avatar billede Steven M Nybegynder
23. juni 2010 - 09:28 #2
Har ikke fjernet statbar, da jeg bruger den.. :)

Her er den nye log du bad om..


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4227

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

23-06-2010 09:29:29
mbam-log-2010-06-23 (09-29-29).txt

Skanningstype: Hurtig skanning
Objekter skannet: 125544
Tid gået: 3 minut(ter), 37 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 1
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)
Avatar billede f-arn Guru
23. juni 2010 - 09:49 #3
Problemet med Statbar er, at den kan bruge enormt mange ressourcer. Det kan så få dit system til at "gå i stå". Det synes jeg passer meget godt med din beskrivelse.
23. juni 2010 - 10:59 #4
IE8 ? Samt efterfølgende mange opdateringer ?

Nyere HiJackThis ? -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Opdatér din [Avast] (Det er vist ver4 du kører med; der er ver5 fremme nu...)
http://www.spywarefri.dk/software/avast-antivirus-home-edition/
Avatar billede Steven M Nybegynder
24. juni 2010 - 08:48 #5
F-arn : Når men så må statbar ryge ud :)

Karise_larry : Jeg bruger slet ikke "IE", bruger firefox og safari.. Men skal jeg stadig opdatere til IE8 ?

Jeg henter nyere HJT og Avast.

Sig til hvis i vil ha en ny log eller andet.. ;)
Avatar billede Steven M Nybegynder
24. juni 2010 - 08:51 #6
Der kom lige en ny log ;)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:16, on 24-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21256)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Programmer\Virus\Avast\aswUpdSv.exe
E:\Programmer\Virus\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
E:\Programmer\Virus\Avast\ashMaiSv.exe
E:\Programmer\Virus\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
E:\PROGRA~1\Virus\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Programmer\StartsBar\StatBar\StatBar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programmer\Virus\Adware fix\Hijackthis\HiJackThis_ny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\Virus\ADWARE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\Virus\Avast\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StatBar] E:\Programmer\StartsBar\StatBar\StatBar.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.233
O15 - ESC Trusted IP range: http://192.168.1.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CBFBEB-D593-46C0-962B-099524C64CF4}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: hemimorphite - {12a31567-9883-4cc0-a684-ad5804394d69} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programmer\Virus\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmer\Virus\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programmer\Virus\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programmer\Virus\Avast\ashWebSv.exe
O23 - Service: bE2l57 - CPUID - E:\Programmer\PC Wizard 2010\Data\pcwizntl.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8028 bytes
Avatar billede Steven M Nybegynder
24. juni 2010 - 09:03 #7
Og Den nye ver5 Avast, den kan jeg ikke finde på det link du skrev, jo men den koster ;) Ingen free version...
Avatar billede f-arn Guru
24. juni 2010 - 12:23 #8
Du kan hente en gratis Avast 5 her:
http://www.avast.com/en-eu/free-antivirus-download

Den findes desværre ikke på dansk.

Når men så må statbar ryge ud

Statbar er stadig i din log?
24. juni 2010 - 16:07 #9
(IE skal alligevel være opdateret; 'banditerne' ude i verden kan nemlig finde vej gennem en ikke opdateret IE!!! Også selvom den aldrig har været i brug!!!)
Avatar billede Steven M Nybegynder
24. juni 2010 - 20:07 #10
Okay.. jeg har opdateret til IE8 og hentet Avast, og slettet Statbat, så der kommer lige en ny log, når jeg lige får genstartet ;)
Avatar billede Steven M Nybegynder
24. juni 2010 - 20:46 #11
Og der kom den nye log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:20, on 24-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programmer\Virus\Avast\AvastSvc.exe
E:\Programmer\Virus\Avast\avastUI.exe
C:\Program Files\Safari\Safari.exe
E:\Programmer\Virus\Adware fix\Hijackthis\HiJackThis_ny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\Virus\ADWARE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] E:\PROGRA~1\Virus\Avast\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StatBar] E:\Programmer\StartsBar\StatBar\StatBar.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.233
O15 - ESC Trusted IP range: http://192.168.1.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CBFBEB-D593-46C0-962B-099524C64CF4}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: hemimorphite - {12a31567-9883-4cc0-a684-ad5804394d69} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: bE2l57 - CPUID - E:\Programmer\PC Wizard 2010\Data\pcwizntl.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7566 bytes
24. juni 2010 - 20:59 #12
O4 - HKCU\..\Run: [StatBar] E:\Programmer\StartsBar\StatBar\StatBar.exe
???
Avatar billede f-arn Guru
24. juni 2010 - 21:09 #13
Den står heldigvis ikke længere under Running processes  :)

Start hijackthis, klik på "do  a system scan only" og sæt flueben ved følgende.

[bO4 - HKCU\..\Run: [StatBar] E:\Programmer\StartsBar\StatBar\StatBar.exe[/b]

Luk så alle andre vinduer og klik "fix checked"

Genstart og fortæl så hvordan computeren kører?
Avatar billede Steven M Nybegynder
24. juni 2010 - 21:36 #14
Ny log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:15, on 24-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programmer\Virus\Avast\AvastSvc.exe
E:\Programmer\Virus\Avast\avastUI.exe
C:\Program Files\Safari\Safari.exe
E:\Programmer\µTorrent\Downloads\Portable MS Office 2003 Word-Excel\Portable MS Office 2003 Word-Excel\Thinstall\Office 2003\10000001600002i\msiexec.exe
E:\Programmer\Virus\Adware fix\Hijackthis\HiJackThis_ny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\Virus\ADWARE~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G DWL-G510] C:\Program Files\D-Link\AirPlus G DWL-G510\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] E:\PROGRA~1\Virus\Avast\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: http://192.168.1.233
O15 - ESC Trusted IP range: http://192.168.1.233
O17 - HKLM\System\CCS\Services\Tcpip\..\{81CBFBEB-D593-46C0-962B-099524C64CF4}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: hemimorphite - {12a31567-9883-4cc0-a684-ad5804394d69} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programmer\Virus\Avast\AvastSvc.exe
O23 - Service: bE2l57 - CPUID - E:\Programmer\PC Wizard 2010\Data\pcwizntl.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7647 bytes
Avatar billede Steven M Nybegynder
25. juni 2010 - 16:02 #15
Nu er den snart ved at falde helt fra hinanden...

Inden for de sidste par dage har den gået i blå skærm, og genstartet sig selv. Det ser ikke ud til at den gør mere end bare det..
Avatar billede f-arn Guru
25. juni 2010 - 17:21 #16
Det virker ikke som et malware problem, men:

Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede Steven M Nybegynder
25. juni 2010 - 18:09 #17
F-arn.. Så er Combofix kørt igennem og der kom en bette log fil ud af det.. håber du kan se en evt fejl eller andet ;)




ComboFix 10-06-24.03 - Steven 25-06-2010  18:02:11.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2991 [GMT 2:00]
Running from: c:\documents and settings\Steven\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steven\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steven\Application Data\inst.exe
c:\documents and settings\Steven\g2mdlhlpx.exe
c:\windows\system32\msconfig.exe
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((  Files Created from 2010-05-25 to 2010-06-25  )))))))))))))))))))))))))))))))
.

2010-06-24 18:23 . 2010-06-24 18:23    --------    d-sh--w-    c:\documents and settings\Steven\PrivacIE
2010-06-24 18:23 . 2010-06-24 18:23    --------    d-sh--w-    c:\documents and settings\Steven\IECompatCache
2010-06-24 18:20 . 2010-05-06 20:39    164048    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-06-24 18:20 . 2010-05-06 20:33    19024    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-06-24 18:20 . 2010-05-06 20:34    23376    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-06-24 18:20 . 2010-05-06 20:39    46672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-06-24 18:20 . 2010-05-06 20:33    100432    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2010-06-24 18:20 . 2010-05-06 20:33    94800    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2010-06-24 18:20 . 2010-05-06 20:33    28880    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2010-06-24 18:20 . 2010-05-06 20:59    38848    ----a-w-    c:\windows\system32\avastSS.scr
2010-06-24 18:20 . 2010-05-06 20:59    165032    ----a-w-    c:\windows\system32\aswBoot.exe
2010-06-24 18:18 . 2010-06-24 18:18    --------    d-sh--w-    c:\documents and settings\Steven\IETldCache
2010-06-24 18:14 . 2010-06-24 18:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-24 18:06 . 2010-06-24 18:06    --------    d-----w-    c:\windows\ie8updates
2010-06-24 18:04 . 2010-06-24 18:05    --------    dc-h--w-    c:\windows\ie8
2010-06-24 18:01 . 2010-05-06 10:41    12800    ------w-    c:\windows\system32\dllcache\xpshims.dll
2010-06-24 18:01 . 2010-05-06 10:41    247808    ------w-    c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 18:01 . 2010-05-06 10:41    743424    ------w-    c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 18:00 . 2010-04-16 11:43    41984    ------w-    c:\windows\system32\dllcache\iecompat.dll
2010-06-24 17:24 . 2008-04-13 22:15    60032    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2010-06-24 17:24 . 2008-04-13 22:15    60032    ----a-w-    c:\windows\system32\dllcache\usbaudio.sys
2010-06-23 07:24 . 2010-06-23 07:24    --------    d-----w-    c:\documents and settings\Steven\Application Data\Malwarebytes
2010-06-23 07:23 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-23 07:23 . 2010-06-23 07:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-23 07:23 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-06-21 07:22 . 2010-06-21 08:07    --------    d-----w-    c:\windows\system32\Adobe
2010-06-21 06:35 . 2009-05-28 09:48    11776    ----a-w-    c:\windows\system32\mciqtz.drv
2010-06-11 11:02 . 2010-03-05 14:37    65536    ------w-    c:\windows\system32\dllcache\asycfilt.dll
2010-06-03 13:47 . 2010-06-03 13:47    --------    d-----w-    c:\documents and settings\Steven\Application Data\PC Tools
2010-05-31 14:25 . 2010-05-31 14:29    --------    d-----w-    c:\documents and settings\Steven\Application Data\TS3Client

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 13:59 . 2010-06-23 05:45    90112    ----a-w-    c:\windows\DUMP2f8b.tmp
2010-06-24 17:34 . 2010-06-23 05:45    90112    ----a-w-    c:\windows\DUMP3bff.tmp
2010-06-24 09:56 . 2010-03-03 12:15    --------    d-----w-    c:\documents and settings\Steven\Application Data\BitTorrent
2010-06-24 09:52 . 2009-03-10 20:08    0    -c--a-w-    c:\documents and settings\Steven\temp.dat
2010-06-23 06:16 . 2008-02-24 20:35    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 08:45 . 2009-10-08 15:46    --------    d-----w-    c:\documents and settings\Steven\Application Data\vlc
2010-06-10 18:35 . 2008-01-20 21:11    --------    d-----w-    c:\documents and settings\Steven\Application Data\Vso
2010-06-10 14:18 . 2008-01-19 14:25    --------    d-----w-    c:\documents and settings\Steven\Application Data\uTorrent
2010-05-31 15:04 . 2008-01-20 20:53    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-05-27 10:54 . 2010-04-11 19:24    --------    d-----w-    c:\documents and settings\Steven\Application Data\Apple Computer
2010-05-17 14:43 . 2009-11-17 11:44    --------    d-----w-    c:\documents and settings\Steven\Application Data\dvdcss
2010-05-11 10:06 . 2010-05-10 14:42    --------    d-----w-    c:\program files\PopCap Games
2010-05-10 15:42 . 2010-05-10 14:43    28    ----a-w-    c:\windows\popcinfot.dat
2010-05-06 10:41 . 2007-06-24 07:40    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-04 13:23 . 2010-04-28 16:27    --------    d-----w-    c:\documents and settings\Steven\Application Data\PopCapv1006
2010-05-02 05:22 . 2007-06-24 07:40    1851264    ----a-w-    c:\windows\system32\win32k.sys
2010-04-28 16:27 . 2010-04-28 16:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\PopCap Games
2010-04-28 16:14 . 2010-04-28 16:14    --------    d-----w-    c:\documents and settings\Steven\Application Data\TeamViewer
2010-04-28 16:14 . 2010-04-28 16:14    --------    d-----w-    c:\program files\TeamViewer
2010-04-20 05:30 . 2004-08-03 23:56    285696    ----a-w-    c:\windows\system32\atmfd.dll
2010-04-14 18:53 . 2008-01-18 04:34    90112    -c--a-w-    c:\windows\DUMP3a2a.tmp
2010-04-11 19:25 . 2010-04-11 19:25    14728    ---ha-w-    c:\windows\system32\mlfcache.dat
2010-03-30 22:16 . 2010-03-30 22:16    99176    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10    295264    ----a-w-    c:\windows\system32\PresentationHost.exe
.

------- Sigcheck -------


[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"avast5"="e:\progra~1\Virus\Avast\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Hurtigstart.lnk]
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17    952768    -c--a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42    36272    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05    81920    -c--a-w-    e:\programmer\Daemon Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    -c----w-    c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40    155648    -c--a-w-    c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-06-08 14:18    23233576    -c--a-r-    c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 10:43    2097488    -csha-r-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17    149280    -c--a-w-    c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmer\\µTorrent\\utorrent.exe"=
"e:\\Programmer\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Spil\\TrackMania\\TmNationsForever\\TmForever.exe"=
"e:\\Programmer\\BulletProof FTP\\G6 FTP Server\\G6FTPSrv.exe"=
"e:\\Programmer\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Programmer\\Simple port forwarding\\Simple Port Forwarding\\spf.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"f:\\Spil\\Operation Flashpoint - Dragon Rising\\OFDR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18417:TCP"= 18417:TCP:SPF Port 18417 TCP
"58820:TCP"= 58820:TCP:SPF Port 58820 TCP

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [20-01-2008 23:14 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [20-01-2008 23:14 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24-06-2010 20:20 164048]
R1 SASDIFSV;SASDIFSV;e:\programmer\Virus\SUPERAntiSpyware\SASDIFSV.SYS [20-01-2008 22:37 5632]
R1 SASKUTIL;SASKUTIL;e:\programmer\Virus\SUPERAntiSpyware\SASKUTIL.SYS [20-01-2008 22:37 29184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24-06-2010 20:20 19024]
S3 bE2l57;bE2l57;e:\programmer\PC Wizard 2010\Data\pcwizntl.exe -s --> e:\programmer\PC Wizard 2010\Data\pcwizntl.exe -s [?]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [18-01-2008 06:40 171264]
S3 SASENUM;SASENUM;e:\programmer\Virus\SUPERAntiSpyware\SASENUM.SYS [20-01-2008 22:37 4096]

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
SRService
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN
napagent
hkmsvc
wscsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-25 c:\windows\Tasks\User_Feed_Synchronization-{B233390C-7B81-4C78-860B-64380D06D630}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: {81CBFBEB-D593-46C0-962B-099524C64CF4} = 193.162.153.164,194.239.134.83
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\2rkzl9v0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\2rkzl9v0.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - e:\programmer\Virus\Adware fix\Hijackthis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 18:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ACAD248]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80fcf28
\Driver\ACPI -> ACPI.sys @ 0xb7f59cb8
\Driver\atapi -> 0x8acad248
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C) -> SendCompleteHandler -> NDIS.sys @ 0xb7de1b0a
PacketIndicateHandler -> NDIS.sys @ 0xb7deca21
SendHandler -> NDIS.sys @ 0xb7de1949
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
e:\programmer\Virus\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2010-06-25  18:08:16 - machine was rebooted
ComboFix-quarantined-files.txt  2010-06-25 16:08

Pre-Run: 44.511.260.672 bytes free
Post-Run: 45.128.548.352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 002AE60A40ADD7EF603CCA3D78AED26A
Avatar billede f-arn Guru
25. juni 2010 - 18:56 #18
1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost /s


3. Klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.
Avatar billede Steven M Nybegynder
25. juni 2010 - 21:40 #19
Super, det vil jeg lige gøre imorgen, da jeg ikke er ved min egen pc iaften.

Der kommer en log i morgen formiddag..
Avatar billede Steven M Nybegynder
26. juni 2010 - 14:46 #20
Her kommer den log du bad om...



SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:47 on 26/06/2010 by Steven (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"bthsvcs"="BthServ"
"DcomLaunch"="DcomLaunch TermService"
"dot3svc"="dot3svc"
"eapsvcs"="eaphost"
"HTTPFilter"="HTTPFilter"
"imgsvc"="StiSvc"
"LocalService"="WebClient LmHosts upnphost SSDPSRV"
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Netman Nla NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule SENS Sharedaccess SRService Tapisrv Themes WZCSVC Wmi WmdmPmSp winmgmt xmlprov BITS wuauserv ShellHWDetection WmdmPmSN napagent hkmsvc wscsvc"
"NetworkService"="DnsCache"
"rpcss"="RpcSs"
"termsvcs"="TermService"
"WudfServiceGroup"="WUDFSvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\DComLaunch]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000008 (8)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\dot3svc]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\eapsvcs]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\HTTPFilter]
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService]
"AuthenticationCapabilities"= 0x0000002000 (8192)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000008 (8)


-=End Of File=-
Avatar billede f-arn Guru
26. juni 2010 - 18:27 #21
Den vil jeg så lige overveje, men kan du fortælle om du har en XP installations disk?

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
FCopy::
c:\windows\ServicePackFiles\i386\regsvc.dll | c:\windows\System32\regsvc.dll
Filelook::
c:\windows\system32\drivers\d347bus.sys
c:\windows\system32\drivers\d347prt.sys
Folder::
c:\documents and settings\Steven\Application Data\uTorrent
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"=-
Driver::
bE2l57
Mia::
c:\windows\System32\drivers\beep.sys
SRPeek::
c:\windows\System32\drivers\beep.sys
Restore::
c:\windows\System32\drivers\beep.sys


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede Steven M Nybegynder
26. juni 2010 - 22:15 #22
Jeg har ikke min xp cd desværre...

Her er den nye log..



ComboFix 10-06-24.03 - Steven 26-06-2010  22:03:29.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2992 [GMT 2:00]
Running from: e:\programmer\Virus\ComboFix.exe
Command switches used :: c:\documents and settings\Steven\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steven\Application Data\uTorrent
c:\documents and settings\Steven\Application Data\uTorrent\--==Gamle Dansk==--.torrent
c:\documents and settings\Steven\Application Data\uTorrent\18.WHEELS.OF.STEEL.EXTREME.TRUCKER-ADDICTION.torrent
c:\documents and settings\Steven\Application Data\uTorrent\According.to.Jim.-.COMPLETE.Xvid-Bryggerne.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Aliens_Vs_Predator_Proper-Razor1911.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Anders_Matthesen_Vender_Tilbage_Live_Paa_Det_Kongelige_Teater.DANiSH.2009.DVDRiP.XViD-HEJMEDMiG.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Anja.Og.Viktor.I.Medgang.Og.Modgang.HR.AC3.DANiSH.DVDRiP.XViD-DTTN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\AUTODESK.AUTOCAD.INVENTOR.SUITE.V2010.WIN32-ISO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\AUTODESK.AUTOCAD.V2009.WIN32-ISO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Autodesk_AutoCAD_Architecture_v2010-CYGiSO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Banned.From.Television.DVDRip.DivX.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Biker.Jens.Down.Under.E01.DANiSH.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Biker.Jens.Down.Under.E02.DANiSH.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Biker.Jens.Down.Under.E03.DANiSH.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Biker.Jens.Down.Under.E04.DANiSH.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Butterfly.Effect.Revelation.2009.DVDRip.XviD-BeStDivX.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Carsten.Bang.Bang.Jeg.Er.Doed.2009.REPACK.DANISH.DVDRip.XviD-SMOKEY.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Cool Runnings (1993) DVD RIP tabsman H33T release.torrent
c:\documents and settings\Steven\Application Data\uTorrent\CuteFTP.Pro.v8.3.1.Build.08.07.2008.1-NoPE.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E01.HR.DANiSH.PDTV.XViD-DTTN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E02.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E04.DANiSH.PDTV.XviD-DiViSiON.1.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E04.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E04.HR.DANiSH.PDTV.XViD-DTTN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S01E06.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E01.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E02.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E03.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E04.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E05.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E06.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E07.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Danmark.Ifoelge.Bubber.S02E08.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\De.Udvalgte.2009.DVDRiP.XViD-PADAWiN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Det regner med frikadeller.torrent
c:\documents and settings\Steven\Application Data\uTorrent\dht.dat
c:\documents and settings\Steven\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Steven\Application Data\uTorrent\Die.Hard.1988.Extended.Version.INTERNAL.DVDRip.XviD-NEPTUNE.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Die.Hard.2.1990.INTERNAL.DVDRip.XviD-NEPTUNE.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Die.Hard.3.1995.INTERNAL.DVDRip.XviD-NEPTUNE.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Dragon.Hunter.2008.DVDRip.XviD-RUBY.torrent
c:\documents and settings\Steven\Application Data\uTorrent\elastomania.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.1.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.2.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.3.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.4.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.5.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.6.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.7.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Eliten.1993.DANiSH.PAL.DVDR.torrent
c:\documents and settings\Steven\Application Data\uTorrent\En.Enkelt.Til.Korsoer.Xvid.2008.DANiSH-Bryggerne.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Flashforward.S01E1-10.HDTV.Hardcoded.DKSUBS.XviD-BRYGGERNE.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Fort.Zombie-TiNYiSO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Freedom Fighters.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Fri.Os.Fra.Det.Onde.2009.DVDRIP.XViD-PADAWiN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\futanaria.Siterip.XXX.WMV-FNU.torrent
c:\documents and settings\Steven\Application Data\uTorrent\G.Force.2009.DANiSH.DVDRip.XviD-BiOCiTY.torrent
c:\documents and settings\Steven\Application Data\uTorrent\G.I.Joe.The.Rise.Of.Cobra.DVDRip.XviD-JUMANJi.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Himlen falder (divx).torrent
c:\documents and settings\Steven\Application Data\uTorrent\Himlen.Falder.DANISH.DVDRip.XviD-SMOKEY.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Ice.Age.Dawn.Of.The.Dinosaurs.DANISH.DVDRip.XviD-SMOKEY.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Inkheart.DVDRip.XviD-NeDiVx.1.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Inkheart.DVDRip.XviD-NeDiVx.2.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Inkheart.DVDRip.XviD-NeDiVx.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Jaegerne.Danmarks.Elitesoldater.DANiSH.PDTV.XviD-JUSTER.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Jan.Gintberg.Fremtid.Nu.2009.DANiSH.DVDRiP.XViD-RCDiVX.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Jydekompagniet.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E01.DANiSH.PDTV.XviD-DTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E02.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E03.DANiSH.PDTV.XviD-DTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E04.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E05.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E06.DANiSH.PDTV.XviD-DTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E07.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E08.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E09.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Laerkevej.S01E10.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.Og.Leon.S01E01.PROPER.DANiSH.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.og.Leon.S01E02.Mehmet.Og.Rockerne.DANiSH.PDTV.XviD-DTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.og.Leon.S01E03.Leons.Alibi.DANiSH.PDTV.XviD-DTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.og.Leon.S01E04.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.og.Leon.S01E05.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Lulu.og.Leon.S01E06.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Mad Skills Motocross - PAG.torrent
c:\documents and settings\Steven\Application Data\uTorrent\MARINE3 SHARPSHOOTER.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Marley.And.Me.DVDRip.XviD-ARiGOLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Microsoft.Office.2007.ENTERPRiSE.DANiSH-DELiNQUENT.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Miljøstrup.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Need.For.Speed.Shift-RELOADED.torrent
c:\documents and settings\Steven\Application Data\uTorrent\NT-AVAST! 4.8.1358 PRO Latest Edition .Antivirus + Antyspyware.torrent
c:\documents and settings\Steven\Application Data\uTorrent\P3 Tjeklisten. Uge 51.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Peggle.Nights-FASiSO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Plants Vs Zombies + Crack.rar.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E01.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E02.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E03.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E04.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E05.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E06.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E07.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Politijagt.S01E08.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Polle Fiction.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Portable MS Office 2003 Word-Excel.torrent
c:\documents and settings\Steven\Application Data\uTorrent\resume.dat
c:\documents and settings\Steven\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Steven\Application Data\uTorrent\RevengeTV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\rss.dat
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E01.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E02.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E03.DANiSH.WS.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E04.DANiSH.WS.PDTV.XviD-t0matl0ve.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E05.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E06.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E07.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E08.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Rune.Klans.Trylleshow.S01E09.DANISH.PDTV.XVID-BALLIN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Se.Min.Kjole.2009.DANiSH.DVDRip.XviD-PADAWiN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\settings.dat
c:\documents and settings\Steven\Application Data\uTorrent\settings.dat.1.bad
c:\documents and settings\Steven\Application Data\uTorrent\settings.dat.2.bad
c:\documents and settings\Steven\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Steven\Application Data\uTorrent\Sorte.Kugler.2009.DVDRip.XviD-MoA.torrent
c:\documents and settings\Steven\Application Data\uTorrent\South Park.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Splat Magazine Renegade Paintball - DVNiSO.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Station.2.18.05.2009.DANiSH.PDTV.XviD-ViLD.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Station.2.Special.Biltyvenes.Nye.ABC.DANiSH.PDTV.XviD-DFV.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Station.2.Special.Fartstroemer.Paa.MC.Jagt.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Strike Ball 3.exe.torrent
c:\documents and settings\Steven\Application Data\uTorrent\The.Dark.Knight.2008.TS.Custom.DKsubs.PAL.DVDR-DB4Ever.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Til.Middag.Hos.S01E19.DANiSH.PDTV.XviD-Allez.torrent
c:\documents and settings\Steven\Application Data\uTorrent\uploads.torrent
c:\documents and settings\Steven\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Steven\Application Data\uTorrent\Vores.Krig.Drengen.Der.Ville.I.Krig.E03.DANiSH.PDTV.XviD-JUSTER.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Vores.Krig.S01E01.Far.Far.Krigsmand.HR.DANiSH.PDTV.XViD-DTTN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Vores.Krig.S01E02.Skynd.Dig.Hjem.HR.DANiSH.PDTV.XViD-DTTN.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Vores.Krig.S01E05.Krigsminister.DANiSH.PDTV.XviD-DiViSiON.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Zombie Driver.torrent
c:\documents and settings\Steven\Application Data\uTorrent\Zombie.Shooter.RIP-Unleashed.torrent

c:\windows\System32\drivers\beep.sys . . . is infected!!

c:\windows\System32\drivers\beep.sys . . . is missing!!

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\regsvc.dll --> c:\windows\System32\regsvc.dll
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BE2L57
-------\Service_bE2l57


(((((((((((((((((((((((((  Files Created from 2010-05-26 to 2010-06-26  )))))))))))))))))))))))))))))))
.

2010-06-26 20:02 . 2008-04-14 00:12    59904    ----a-w-    c:\windows\system32\regsvc.dll
2010-06-26 20:02 . 2008-04-14 00:12    59904    ----a-w-    c:\windows\system32\dllcache\regsvc.dll
2010-06-24 18:23 . 2010-06-24 18:23    --------    d-sh--w-    c:\documents and settings\Steven\PrivacIE
2010-06-24 18:23 . 2010-06-24 18:23    --------    d-sh--w-    c:\documents and settings\Steven\IECompatCache
2010-06-24 18:20 . 2010-05-06 20:39    164048    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-06-24 18:20 . 2010-05-06 20:33    19024    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-06-24 18:20 . 2010-05-06 20:34    23376    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-06-24 18:20 . 2010-05-06 20:39    46672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-06-24 18:20 . 2010-05-06 20:33    100432    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2010-06-24 18:20 . 2010-05-06 20:33    94800    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2010-06-24 18:20 . 2010-05-06 20:33    28880    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2010-06-24 18:20 . 2010-05-06 20:59    38848    ----a-w-    c:\windows\system32\avastSS.scr
2010-06-24 18:20 . 2010-05-06 20:59    165032    ----a-w-    c:\windows\system32\aswBoot.exe
2010-06-24 18:18 . 2010-06-24 18:18    --------    d-sh--w-    c:\documents and settings\Steven\IETldCache
2010-06-24 18:14 . 2010-06-24 18:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-24 18:06 . 2010-06-24 18:06    --------    d-----w-    c:\windows\ie8updates
2010-06-24 18:04 . 2010-06-24 18:05    --------    dc-h--w-    c:\windows\ie8
2010-06-24 18:01 . 2010-05-06 10:41    12800    ------w-    c:\windows\system32\dllcache\xpshims.dll
2010-06-24 18:01 . 2010-05-06 10:41    247808    ------w-    c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 18:01 . 2010-05-06 10:41    743424    ------w-    c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 18:00 . 2010-04-16 11:43    41984    ------w-    c:\windows\system32\dllcache\iecompat.dll
2010-06-24 17:24 . 2008-04-13 22:15    60032    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2010-06-24 17:24 . 2008-04-13 22:15    60032    ----a-w-    c:\windows\system32\dllcache\usbaudio.sys
2010-06-23 07:24 . 2010-06-23 07:24    --------    d-----w-    c:\documents and settings\Steven\Application Data\Malwarebytes
2010-06-23 07:23 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-23 07:23 . 2010-06-23 07:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-23 07:23 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-06-21 07:22 . 2010-06-21 08:07    --------    d-----w-    c:\windows\system32\Adobe
2010-06-21 06:35 . 2009-05-28 09:48    11776    ----a-w-    c:\windows\system32\mciqtz.drv
2010-06-11 11:02 . 2010-03-05 14:37    65536    ------w-    c:\windows\system32\dllcache\asycfilt.dll
2010-06-03 13:47 . 2010-06-03 13:47    --------    d-----w-    c:\documents and settings\Steven\Application Data\PC Tools
2010-05-31 14:25 . 2010-05-31 14:29    --------    d-----w-    c:\documents and settings\Steven\Application Data\TS3Client

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 20:00 . 2010-03-03 12:15    --------    d-----w-    c:\documents and settings\Steven\Application Data\BitTorrent
2010-06-26 19:50 . 2008-01-20 21:11    --------    d-----w-    c:\documents and settings\Steven\Application Data\Vso
2010-06-25 13:59 . 2010-06-23 05:45    90112    ----a-w-    c:\windows\DUMP2f8b.tmp
2010-06-24 17:34 . 2010-06-23 05:45    90112    ----a-w-    c:\windows\DUMP3bff.tmp
2010-06-24 09:52 . 2009-03-10 20:08    0    -c--a-w-    c:\documents and settings\Steven\temp.dat
2010-06-23 06:16 . 2008-02-24 20:35    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-22 08:45 . 2009-10-08 15:46    --------    d-----w-    c:\documents and settings\Steven\Application Data\vlc
2010-05-31 15:04 . 2008-01-20 20:53    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-05-27 10:54 . 2010-04-11 19:24    --------    d-----w-    c:\documents and settings\Steven\Application Data\Apple Computer
2010-05-17 14:43 . 2009-11-17 11:44    --------    d-----w-    c:\documents and settings\Steven\Application Data\dvdcss
2010-05-11 10:06 . 2010-05-10 14:42    --------    d-----w-    c:\program files\PopCap Games
2010-05-10 15:42 . 2010-05-10 14:43    28    ----a-w-    c:\windows\popcinfot.dat
2010-05-06 10:41 . 2007-06-24 07:40    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-04 13:23 . 2010-04-28 16:27    --------    d-----w-    c:\documents and settings\Steven\Application Data\PopCapv1006
2010-05-02 05:22 . 2007-06-24 07:40    1851264    ----a-w-    c:\windows\system32\win32k.sys
2010-04-28 16:27 . 2010-04-28 16:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\PopCap Games
2010-04-28 16:14 . 2010-04-28 16:14    --------    d-----w-    c:\documents and settings\Steven\Application Data\TeamViewer
2010-04-28 16:14 . 2010-04-28 16:14    --------    d-----w-    c:\program files\TeamViewer
2010-04-20 05:30 . 2004-08-03 23:56    285696    ----a-w-    c:\windows\system32\atmfd.dll
2010-04-14 18:53 . 2008-01-18 04:34    90112    -c--a-w-    c:\windows\DUMP3a2a.tmp
2010-04-11 19:25 . 2010-04-11 19:25    14728    ---ha-w-    c:\windows\system32\mlfcache.dat
2010-03-30 22:16 . 2010-03-30 22:16    99176    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10    295264    ----a-w-    c:\windows\system32\PresentationHost.exe
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\d347bus.sys ---
Company:
File Description: PnP BIOS Extension
File Version: 3.47.0.0 built by: WinDDK
Product Name:
Copyright: Copyright (C) 2002-2004
Original Filename:
File size: 155136
Created time: 2008-01-20 21:14
Modified time: 2004-08-22 15:31
MD5: 5776322F93CDB91086111F5FFBFDA2A0
SHA1: CBF164E18401D4CDD1E3EAA416B67A4D4F7C5E70


--- c:\windows\system32\drivers\d347prt.sys ---
Company:
File Description: SCSI miniport
File Version: 3.47.0.0 built by: WinDDK
Product Name:
Copyright: Copyright (C) 2000-2004
Original Filename:
File size: 5248
Created time: 2008-01-20 21:14
Modified time: 2004-08-22 15:31
MD5: B49F79ACE459763F4E0380071BE9CB45
SHA1: 1786759AC4338C523480397F38F1EF1A42A63C8A


((((((((((((((((((((((((((((((((((((((((((  SR_Search  ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2009-08-22 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"D-Link AirPlus G DWL-G510"="c:\program files\D-Link\AirPlus G DWL-G510\AirGCFG.exe" [2007-10-24 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"avast5"="e:\progra~1\Virus\Avast\avastUI.exe" [2010-05-06 2815192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Hurtigstart.lnk]
backup=c:\windows\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17    952768    -c--a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42    36272    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 16:05    81920    -c--a-w-    e:\programmer\Daemon Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    -c----w-    c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40    155648    -c--a-w-    c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-06-08 14:18    23233576    -c--a-r-    c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 10:43    2097488    -csha-r-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17    149280    -c--a-w-    c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmer\\µTorrent\\utorrent.exe"=
"e:\\Programmer\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Spil\\TrackMania\\TmNationsForever\\TmForever.exe"=
"e:\\Programmer\\BulletProof FTP\\G6 FTP Server\\G6FTPSrv.exe"=
"e:\\Programmer\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Programmer\\Simple port forwarding\\Simple Port Forwarding\\spf.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"f:\\Spil\\Operation Flashpoint - Dragon Rising\\OFDR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18417:TCP"= 18417:TCP:SPF Port 18417 TCP
"58820:TCP"= 58820:TCP:SPF Port 58820 TCP

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [20-01-2008 23:14 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [20-01-2008 23:14 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24-06-2010 20:20 164048]
R1 SASDIFSV;SASDIFSV;e:\programmer\Virus\SUPERAntiSpyware\SASDIFSV.SYS [20-01-2008 22:37 5632]
R1 SASKUTIL;SASKUTIL;e:\programmer\Virus\SUPERAntiSpyware\SASKUTIL.SYS [20-01-2008 22:37 29184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24-06-2010 20:20 19024]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [18-01-2008 06:40 171264]
S3 SASENUM;SASENUM;e:\programmer\Virus\SUPERAntiSpyware\SASENUM.SYS [20-01-2008 22:37 4096]

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
SENS
Sharedaccess
SRService
Tapisrv
Themes
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
wuauserv
ShellHWDetection
WmdmPmSN
napagent
hkmsvc
wscsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-06-26 c:\windows\Tasks\User_Feed_Synchronization-{B233390C-7B81-4C78-860B-64380D06D630}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: {81CBFBEB-D593-46C0-962B-099524C64CF4} = 193.162.153.164,194.239.134.83
FF - ProfilePath - c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\2rkzl9v0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\documents and settings\Steven\Application Data\Mozilla\Firefox\Profiles\2rkzl9v0.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 22:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AEA9D58]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80fcf28
\Driver\ACPI -> ACPI.sys @ 0xb7f59cb8
\Driver\atapi -> 0x8aea9d58
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C) -> SendCompleteHandler -> NDIS.sys @ 0xb7de1b0a
PacketIndicateHandler -> NDIS.sys @ 0xb7deca21
SendHandler -> NDIS.sys @ 0xb7de1949
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2300)
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
e:\programmer\Virus\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-26  22:09:07 - machine was rebooted
ComboFix-quarantined-files.txt  2010-06-26 20:09
ComboFix2.txt  2010-06-25 16:08

Pre-Run: 53.123.014.656 bytes free
Post-Run: 53.015.678.976 bytes free

- - End Of File - - EC3595FFF68149B384BC28D74431FDA6
27. juni 2010 - 09:27 #23
*SUK* Sådan går det let når man leger med reslutater fra
* µTorrent
* LimeWire
* BitTorrent
*
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
Avatar billede Steven M Nybegynder
27. juni 2010 - 17:11 #24
Det er  jo chancen i brancen ;)

Men er der noget jeg kan gøre, udover self ikke at bruge de programmer...
27. juni 2010 - 18:15 #25
<f-arn> fortsætter herfra ...
Avatar billede f-arn Guru
28. juni 2010 - 05:14 #26
Har du mulighed for at låne en XP cd?
Jeg skal bruge en ren kopi af beep.sys

Det er jo chancen i brancen ;)

Det er det jo, men så er man jo egentlig selv ude om det.
Avatar billede Steven M Nybegynder
28. juni 2010 - 11:12 #27
Desværre ikke, da dem jeg kender har win7.

kan jeg ikke hente filen fra nettet, eller har du evt mulighed for at ligge den op ?


Ja det er jo så rigtig nok :)
Avatar billede f-arn Guru
30. juni 2010 - 10:56 #28
Hvis vi skal videre, er du nødt til at finde en ren beep.sys. Personligt, kunne jeg ikke drømme om, at hente sådan en fil fra nettet.
Avatar billede Steven M Nybegynder
30. juni 2010 - 15:10 #29
Okay, når jeg finder den fil, hva skal jeg så gøre ?
Avatar billede f-arn Guru
30. juni 2010 - 15:35 #30
Læg den i:  C:\
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester