Søg
Avatar billede wyxz Nybegynder
13. juni 2008 - 22:44 Der er 4 kommentarer og
1 løsning

Hijackthis Log

Har en bærbar her der ikke opfører sig som aftalt..

Er der en venlig sjæl der lige vil rende denne log igennem..

Jeg har kørt de anbefalede programmer her fra
http://www.ctrlaltdel.dk/SWF_hent.exe

Her kommer loggen

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:44, on 13-06-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\martin\Desktop\Spywarefri\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8971 bytes
Avatar billede wyxz Nybegynder
13. juni 2008 - 22:46 #1
Combofixloggen

ComboFix 08-06-11.7 - martin 2008-06-13 21:53:16.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.1.1030.18.1696 [GMT 2:00]
Running from: C:\Users\martin\Desktop\Spywarefri\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Fonts\CALIBRIB.TTF
C:\Windows\system32\KBL.LOG

.
(((((((((((((((((((((((((  Files Created from 2008-05-13 to 2008-06-13  )))))))))))))))))))))))))))))))
.

2008-06-13 21:36 . 2008-06-13 21:36    190,660    --a------    C:\cc_20080613_2135.reg
2008-06-13 21:34 . 2008-06-13 21:34    <DIR>    d--------    C:\Program Files\CCleaner
2008-06-13 16:37 . 2008-06-13 16:37    <DIR>    d--------    C:\Program Files\Vstplugins
2008-06-13 16:36 . 2008-06-13 16:36    <DIR>    d--------    C:\Program Files\Sony
2008-06-13 16:35 . 2008-06-13 16:35    <DIR>    d--------    C:\Program Files\Sony Setup
2008-06-13 16:33 . 2008-06-13 16:33    <DIR>    d--------    C:\Fraps(0)
2008-06-13 15:16 . 2008-06-13 15:16    <DIR>    d--------    C:\hpbi1200
2008-06-11 16:43 . 2008-06-11 16:54    <DIR>    d--------    C:\Program Files\RegCure
2008-06-10 16:30 . 2008-06-10 16:30    <DIR>    d--------    C:\Program Files\EA GAMES
2008-06-03 16:29 . 2008-06-03 16:30    <DIR>    d--------    C:\Users\Public\tekster
2008-06-03 15:35 . 2008-06-03 15:35    <DIR>    d--------    C:\Program Files\HyCam2
2008-06-03 14:43 . 2008-06-13 20:43    <DIR>    d--------    C:\Program Files\LimeWire
2008-06-01 15:43 . 2008-06-01 15:43    <DIR>    d--------    C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Pro
2008-06-01 12:36 . 2008-06-13 20:43    <DIR>    d--------    C:\Program Files\CamStudio
2008-06-01 11:35 . 2008-06-13 20:43    <DIR>    d--------    C:\Fraps
2008-05-31 19:42 . 2007-12-26 17:30    1,970,176    --a------    C:\Windows\System32\d3dx9.dll
2008-05-31 19:42 . 2007-12-26 17:30    679,936    --a------    C:\Windows\System32\D3DX81ab.dll
2008-05-29 00:08 . 2008-05-29 00:08    <DIR>    d--------    C:\Program Files\Max Movie Maker
2008-05-28 17:16 . 2008-05-30 19:09    <DIR>    d--------    C:\Users\All Users\eMule
2008-05-28 17:16 . 2008-05-30 19:09    <DIR>    d--------    C:\ProgramData\eMule
2008-05-28 17:09 . 2008-06-13 20:43    <DIR>    d--------    C:\Program Files\Audacity
2008-05-28 16:01 . 2008-03-08 02:37    4,247,552    --a------    C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 16:01 . 2008-03-08 06:30    1,686,528    --a------    C:\Windows\System32\gameux.dll
2008-05-27 17:35 . 2008-06-03 15:02    <DIR>    d--------    C:\Users\Public\yeah!
2008-05-27 17:06 . 2008-06-13 21:52    <DIR>    d--------    C:\Users\F’LLES
2008-05-20 18:21 . 2008-06-11 19:27    <DIR>    d--------    C:\billeder
2008-05-16 17:30 . 2008-05-16 17:30    <DIR>    d--------    C:\Windows\System32\Adobe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 20:05    ---------    d-----w    C:\Program Files\cFosSpeed
2008-06-13 19:48    ---------    d-----w    C:\Users\martin\AppData\Roaming\Skype
2008-06-13 19:23    68,878    ----a-w    C:\Users\martin\AppData\Roaming\nvModes.dat
2008-06-13 18:45    ---------    d-sh--w    C:\ProgramData\MPK
2008-06-13 18:43    ---------    d-----w    C:\Program Files\Hamachi
2008-06-13 18:43    ---------    d-----w    C:\Program Files\Common Files\Blizzard Entertainment
2008-06-13 18:43    ---------    d-----w    C:\Program Files\Cheat Engine
2008-06-13 15:22    ---------    d-----w    C:\Users\martin\AppData\Roaming\skypePM
2008-06-13 14:34    ---------    d---a-w    C:\ProgramData\TEMP
2008-06-10 14:30    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-06-06 05:32    ---------    d-----w    C:\Users\martin\AppData\Roaming\Hamachi
2008-06-05 20:22    ---------    d-----w    C:\Users\martin\AppData\Roaming\dvdcss
2008-06-03 14:28    ---------    d-----w    C:\Users\martin\AppData\Roaming\LimeWire
2008-05-31 21:28    ---------    d-----w    C:\Program Files\Google
2008-05-30 23:11    ---------    d-----w    C:\Program Files\Common Files\Steam
2008-05-30 16:52    ---------    d-----w    C:\Program Files\Frets on Fire
2008-05-18 18:23    214    ----a-w    C:\Users\martin\AppData\Roaming\wklnhst.dat
2008-05-15 04:03    ---------    d-----w    C:\Program Files\Windows Mail
2008-05-12 10:26    ---------    d-----w    C:\Users\martin\AppData\Roaming\uTorrent
2008-05-07 20:47    ---------    d-----w    C:\Program Files\Java
2008-05-06 16:56    ---------    dcsh--w    C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-06 16:56    ---------    d-----w    C:\Program Files\Windows Live
2008-05-06 16:53    ---------    d-----w    C:\ProgramData\WLInstaller
2008-05-03 23:18    25,280    ----a-w    C:\Windows\system32\drivers\hamachi.sys
2008-05-01 16:12    56    ---ha-w    C:\Users\All Users\ezsidmv.dat
2008-05-01 16:12    56    ---ha-w    C:\ProgramData\ezsidmv.dat
2008-05-01 16:11    ---------    d-----w    C:\ProgramData\Skype
2008-05-01 16:11    ---------    d-----w    C:\Program Files\Skype
2008-05-01 16:11    ---------    d-----w    C:\Program Files\Common Files\Skype
2008-05-01 00:09    ---------    d-----w    C:\Users\martin\AppData\Roaming\vlc
2008-05-01 00:08    ---------    d-----w    C:\Program Files\VideoLAN
2008-04-30 21:57    ---------    d-----w    C:\Program Files\ZD Soft
2008-04-30 20:01    ---------    d-----w    C:\ProgramData\pixelStorm
2008-04-30 19:54    ---------    d-----w    C:\Program Files\Windows Live Safety Center
2008-04-30 16:23    ---------    d-----w    C:\Program Files\ESET
2008-04-30 16:20    ---------    d-----w    C:\Users\martin\AppData\Roaming\TuneUp Software
2008-04-30 15:29    ---------    d-----w    C:\Program Files\Radar Screensaver
2008-04-30 15:15    ---------    d-----w    C:\Program Files\SpywareGuard
2008-04-30 15:09    512,096    ----a-w    C:\Windows\system32\drivers\amon.sys
2008-04-30 15:09    298,104    ----a-w    C:\Windows\System32\imon.dll
2008-04-30 15:09    15,424    ----a-w    C:\Windows\system32\drivers\nod32drv.sys
2008-04-30 15:02    ---------    d-----w    C:\Users\martin\AppData\Roaming\Grisoft
2008-04-30 15:02    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2008-04-30 14:59    ---------    d-----w    C:\ProgramData\Grisoft
2008-04-30 14:58    ---------    d-----w    C:\Program Files\SpywareBlaster
2008-04-30 14:55    ---------    d-----w    C:\ProgramData\Symantec
2008-04-29 17:55    ---------    d-----w    C:\Program Files\Common Files\Thraex Software
2008-04-28 18:54    ---------    d-----w    C:\Users\martin\AppData\Roaming\Template
2008-04-25 14:54    ---------    d-----w    C:\ProgramData\TrackMania
2008-04-23 12:46    43,520    ----a-w    C:\Windows\System32\CmdLineExt03.dll
2008-04-20 19:07    413,696    ----a-w    C:\Windows\System32\wrap_oal.dll
2008-04-20 19:07    110,592    ----a-w    C:\Windows\System32\OpenAL32.dll
2008-04-20 15:48    ---------    d-----w    C:\Program Files\World of Warcraft
2008-04-19 15:44    ---------    d--h--r    C:\Users\martin\AppData\Roaming\SecuROM
2008-04-19 15:20    ---------    d-----w    C:\Program Files\OpenAL
2008-04-19 12:02    ---------    d-----w    C:\ProgramData\Trymedia
2008-04-19 07:58    ---------    d-----w    C:\Program Files\NavigationTool
2008-04-19 07:58    ---------    d-----w    C:\Program Files\FBrowsingAdvisor
2008-04-19 07:58    ---------    d-----w    C:\Program Files\FBrowserAdvisor
2008-04-19 07:18    ---------    d-----w    C:\ProgramData\CyberLink
2008-04-19 00:10    ---------    d-----w    C:\Program Files\Game Cam V2
2008-04-18 19:33    ---------    d-----w    C:\Program Files\Valve
2008-04-18 16:49    ---------    d-----w    C:\ProgramData\Xerox
2008-04-18 16:32    ---------    d-----w    C:\Users\martin\AppData\Roaming\CyberLink
2008-04-18 14:03    ---------    d-----w    C:\Users\martin\AppData\Roaming\HP
2008-04-18 14:03    ---------    d-----w    C:\ProgramData\HP
2008-04-17 14:44    ---------    d-----w    C:\Program Files\CONEXANT
2008-04-17 14:32    ---------    d-----w    C:\Program Files\Windows Sidebar
2008-04-17 14:25    194,560    ----a-w    C:\Windows\System32\WebClnt.dll
2008-04-17 14:25    110,080    ----a-w    C:\Windows\system32\drivers\mrxdav.sys
2008-04-17 14:24    8,147,968    ----a-w    C:\Windows\System32\wmploc.DLL
2008-04-17 14:24    7,680    ----a-w    C:\Windows\System32\spwmp.dll
2008-04-17 14:24    41,984    ----a-w    C:\Windows\system32\drivers\monitor.sys
2008-04-17 14:24    4,096    ----a-w    C:\Windows\System32\dxmasf.dll
2008-04-17 14:24    356,864    ----a-w    C:\Windows\System32\MediaMetadataHandler.dll
2008-04-17 14:24    1,060,920    ----a-w    C:\Windows\system32\drivers\ntfs.sys
2008-04-17 14:22    803,328    ----a-w    C:\Windows\system32\drivers\tcpip.sys
2008-04-17 14:22    24,064    ----a-w    C:\Windows\System32\netcfg.exe
2008-04-17 14:22    22,016    ----a-w    C:\Windows\System32\netiougc.exe
2008-04-17 14:22    216,632    ----a-w    C:\Windows\system32\drivers\netio.sys
2008-04-17 14:22    167,424    ----a-w    C:\Windows\System32\tcpipcfg.dll
2008-04-17 14:22    1,327,104    ----a-w    C:\Windows\System32\quartz.dll
2008-04-17 14:19    2,027,008    ----a-w    C:\Windows\System32\win32k.sys
2008-04-17 14:18    9,728    ----a-w    C:\Windows\System32\LAPRXY.DLL
2008-04-17 14:18    296,448    ----a-w    C:\Windows\System32\gdi32.dll
2008-04-17 14:18    223,232    ----a-w    C:\Windows\System32\WMASF.DLL
2008-04-17 14:18    2,048    ----a-w    C:\Windows\System32\asferror.dll
2008-04-17 14:17    84,480    ----a-w    C:\Windows\System32\INETRES.dll
2008-04-17 14:17    737,792    ----a-w    C:\Windows\System32\inetcomm.dll
2008-04-17 14:17    11,776    ----a-w    C:\Windows\System32\sbunattend.exe
2008-04-17 14:15    84,992    ----a-w    C:\Windows\system32\drivers\srvnet.sys
2008-04-17 14:15    83,968    ----a-w    C:\Windows\System32\dnsrslvr.dll
2008-04-17 14:15    788,992    ----a-w    C:\Windows\System32\rpcrt4.dll
2008-04-17 14:15    58,368    ----a-w    C:\Windows\system32\drivers\mrxsmb20.sys
2008-04-17 14:15    24,576    ----a-w    C:\Windows\System32\dnscacheugc.exe
2008-04-17 14:15    130,048    ----a-w    C:\Windows\system32\drivers\srv2.sys
2008-04-17 14:15    101,888    ----a-w    C:\Windows\system32\drivers\mrxsmb.sys
2008-04-17 14:14    826,368    ----a-w    C:\Windows\System32\wininet.dll
2008-04-17 14:14    56,320    ----a-w    C:\Windows\System32\iesetup.dll
2008-04-17 14:14    52,736    ----a-w    C:\Windows\AppPatch\iebrshim.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-17 16:17 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 22:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 22:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 22:05 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 10:29 102400]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 04:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 23:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 22:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 08:13 218408]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 20:12 671744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 18:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-09 01:53 311296]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-30 17:05 6731312]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-30 17:09 949376]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2007-03-15 18:59 834776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 22:09:54 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.ZDSV"= scrvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DCF507BC-F4FE-4A10-A155-BD56F59B76C6}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9E8A7433-E2EA-46D3-A234-A3B820C82D95}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{678F45D6-A6C4-439B-8B1A-B5E5E32DD1F1}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{2310A2B0-7137-4676-9D8F-EF088118754E}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{477132C9-6F7F-45CC-85EB-EFA53E13A0BF}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{211E1B9C-BCCE-422C-BEEC-AA83B6E3223A}C:\\program files\\valve\\steam\\steamapps\\martin_schmidt1994\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\martin_schmidt1994\counter-strike source\hl2.exe:hl2
"UDP Query User{BC7C3CF1-1EC0-40DF-89EB-24C5B5E71556}C:\\program files\\valve\\steam\\steamapps\\martin_schmidt1994\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\martin_schmidt1994\counter-strike source\hl2.exe:hl2
"TCP Query User{AEA05428-B9FD-4510-885E-60FC9AED15DC}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{C056918A-B561-43FB-9775-99B3F2484AB0}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{8EDCD089-A179-4060-BC5A-4F907D275626}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{38DACCE0-96D6-4187-8390-DF01B1B7AD0B}C:\\program files\\valve\\steam\\steamapps\\martin_schmidt\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\martin_schmidt\counter-strike source\hl2.exe:hl2
"UDP Query User{726C3207-A4F2-4E33-8808-A4CC89D3C76C}C:\\program files\\valve\\steam\\steamapps\\martin_schmidt\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\martin_schmidt\counter-strike source\hl2.exe:hl2
"{72ADF54D-754B-4FA8-A5F1-17A294B0EB1C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{73DBB9DB-15AC-4AB4-B102-6B452EF192EB}C:\\program files\\valve\\steam\\steamapps\\the_sale_man\\source sdk base\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\the_sale_man\source sdk base\hl2.exe:hl2
"UDP Query User{2CEC386F-C98C-4545-AF95-A5DF16639D64}C:\\program files\\valve\\steam\\steamapps\\the_sale_man\\source sdk base\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\the_sale_man\source sdk base\hl2.exe:hl2
"TCP Query User{795704D4-6135-440D-8FB1-4F6C7807C39B}C:\\program files\\valve\\steam\\steamapps\\jacoblp\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\jacoblp\counter-strike source\hl2.exe:hl2
"UDP Query User{7200A40C-D533-40CE-9E23-C80EDFF67834}C:\\program files\\valve\\steam\\steamapps\\jacoblp\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\jacoblp\counter-strike source\hl2.exe:hl2
"{EE5526DA-A529-4E20-A3D9-85A2B0BED939}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{500E71DF-D99B-4345-86F4-680277E006DE}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-10-01 04:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-10-01 04:34]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 15:12]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 15:12]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 15:12]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 19:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-10 19:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66a58799-1dbb-11dd-bf7f-001e37bc31e3}]
\shell\AutoRun\command - F:\PMB_P.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 20:03:18 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-13 20:03:15 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-12 12:05:45 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 22:03:58
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Windows\TEMP\TMP000000395E97089FC719DF6C
C:\Users\martin\AppData\Local\Microsoft\Windows\WER\ReportArchive\store.lock 0 bytes
C:\Users\martin\AppData\Local\Microsoft\Windows\WER\ReportQueue\store.lock 0 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-06-13 22:10:12 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-13 20:09:49

Pre-Run: 148,470,898,688 byte ledig
Post-Run: 148,040,249,344 byte ledig

275    --- E O F ---    2008-06-06 19:40:55
Avatar billede Computer Hjælp (Gratis) Mester
14. juni 2008 - 08:06 #2
Afinstaller

* eMule
* Limewire

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Og en frisk HiJackThis Log ...
Avatar billede wyxz Nybegynder
14. juni 2008 - 11:16 #3
Vi lukker tråden.. 

Det var en bekendt (hans søn) som havde en maskine der var fyldt med cheatgenerators/cracks og som du selv skriver P2P programmer..
Dette opdagede jeg desværre først efter jeg havde smidt logs'ne op her...
Jeg har over flere gange forklaret ham at han skal holde sig fra den slags...  Det vil han åbenbart ikke, så nu ka han selv løse sit problem, eller finde en anden der vil hjælpe ham..  (ikke første gang han kommer med den)
Jeg vil ikke igen bruge min fritid... (og jeres) på at han konstant skal kludre/kegle rundt i det.
Jeg gør det jo uden at få noget for det... 

Points til Karise Larry, så vi kan få lukket her :o)

Go weekend
Avatar billede Computer Hjælp (Gratis) Mester
14. juni 2008 - 13:32 #4
Ping...
Avatar billede wyxz Nybegynder
15. juni 2008 - 13:43 #5
Pong... :o)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 14:46 Offline opdatering af co-working excell sheet Af morten vestergaard i Excel
27/1222:02 Låse brugt iPad op Af drstein i iOS, iPhone & iPad
27/1219:21 Hvor finder jeg en oversigt over mine spørgsmål Af KurtG i Hjælp og fejl
27/1211:31 TP-Link Wifi extender opsat som accesspoint giver 50% up- og download, Af Uvanga i Wifi
26/1213:05 Hvorfor bliver tiff-filer større ved konvertering til samme format Af KurtG i Billedbehandling
White papers
Flere white papers »