Hjælp!! Bærbar kan kun køre i fejlsikret tilstand....

Generelt - skal vi gætte:
Win98, W2000, XP, Vista, ... , ... ?

Vista

Jeps -> kør bare http://www.eksperten.dk/guide/1232 procedurene !!!

<mbrock>: DU skal ikke lægge det som [svar], det er 'forbeholdt' de andre som kommentar/besvare TIL dig...

skal jeg lave nogle sikkerhedskopier af dokumenter, billeder og div. inden jeg kører procedurene?

ok er helt ny herinde

Det burde ikke være nødvendigt / har aldrig være nødvendigt...

Velkommen til Eksperten.dk
Generelt -> http://expfaq.dk/ (Dog ikke helt opdateret pt. )

okay. tak for det.

(Jeg afventer så omtalte LOG filer/tekst her i denne tråd...)

Malwarebytes' Anti-Malware 1.34
Database version: 1848
Windows 6.0.6000

14-03-2009 18:47:06
mbam-log-2009-03-14 (18-47-06).txt

Skan type: Hurtig skanning
Objekter skannet: 69367
Tid tilbagelagt: 4 minute(s), 14 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)






ComboFix 09-03-13.02 - Brock 2009-03-14 19:11:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.1.1030.18.3070.1843 [GMT 1:00]
Kører fra: c:\users\Brock\Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG
D:\Autorun.inf

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-02-14 til 2009-03-14  )))))))))))))))))))))))))))))))))))
.

2009-03-14 19:19 . 2009-03-14 19:20    364,255,477    --a------    c:\windows\MEMORY.DMP
2009-03-14 17:32 . 2009-03-14 17:32    <DIR>    d--------    c:\users\Brock\AppData\Roaming\Uniblue
2009-03-14 17:31 . 2009-03-14 17:33    <DIR>    d--h-c---    c:\users\All Users\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-03-14 17:31 . 2009-03-14 17:33    <DIR>    d--h-c---    c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-03-14 15:55 . 2009-02-11 10:19    38,496    --a------    c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-14 15:55 . 2009-02-11 10:19    15,504    --a------    c:\windows\System32\drivers\mbam.sys
2009-03-14 15:29 . 2009-03-14 15:29    <DIR>    d--------    c:\users\Brock\AppData\Roaming\Malwarebytes
2009-03-14 15:29 . 2009-03-14 15:29    <DIR>    d--------    c:\users\All Users\Malwarebytes
2009-03-14 15:29 . 2009-03-14 15:29    <DIR>    d--------    c:\programdata\Malwarebytes
2009-03-14 15:17 . 2009-03-14 17:32    <DIR>    d--------    C:\virus
2009-03-14 14:47 . 2009-03-14 14:47    <DIR>    d--------    c:\program files\Burn4Free Toolbar
2009-03-14 14:47 . 2009-03-14 15:45    <DIR>    d--------    c:\program files\Burn4Free
2009-03-14 14:47 . 2009-03-14 14:47    232,075    --a------    c:\windows\Burn4Free_Toolbar_Uninstaller_7634.exe
2009-03-14 14:42 . 2009-03-14 14:42    <DIR>    d--------    c:\users\Brock\AppData\Roaming\Ashampoo
2009-03-14 14:39 . 2009-03-14 14:39    <DIR>    d--------    c:\users\All Users\ashampoo
2009-03-14 14:39 . 2009-03-14 14:39    <DIR>    d--------    c:\programdata\ashampoo
2009-03-14 14:39 . 2009-03-14 14:39    <DIR>    d--------    c:\program files\Ashampoo
2009-03-01 08:03 . 2009-03-01 08:29    <DIR>    d--------    c:\users\All Users\gedogeye
2009-03-01 08:03 . 2009-03-01 08:29    <DIR>    d--------    c:\programdata\gedogeye
2009-02-26 17:03 . 2009-03-01 08:22    <DIR>    d--------    c:\users\All Users\rurajiye
2009-02-26 17:03 . 2009-03-01 08:22    <DIR>    d--------    c:\programdata\rurajiye
2009-02-22 21:09 . 2009-02-22 21:09    <DIR>    d--------    c:\users\All Users\LightScribe
2009-02-22 21:09 . 2009-02-22 21:09    <DIR>    d--------    c:\programdata\LightScribe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 18:22    ---------    d-----w    c:\program files\Steam
2009-03-14 18:11    1,310,720    ----a-w    c:\users\Gæst\ntuser.dat
2009-03-14 18:11    1,310,720    ----a-w    c:\users\Gæst\ntuser.dat
2009-03-14 16:20    ---------    d-----w    c:\program files\Common Files\Steam
2009-03-10 20:14    98,247    ----a-w    c:\users\Brock\AppData\Roaming\nvModes.dat
2009-03-10 19:05    ---------    d-----w    c:\users\Brock\AppData\Roaming\LimeWire
2009-03-06 23:16    ---------    d-----w    c:\users\Gæst\AppData\Roaming\LimeWire
2009-02-10 19:48    ---------    d-----w    c:\program files\EPSON
2009-02-10 19:42    ---------    d-----w    c:\programdata\EPSON
2009-02-07 16:13    ---------    d-s---w    c:\users\Gæst\AppData\Roaming\Microsoft
2009-02-03 20:07    71,096    ----a-w    c:\users\Jette\AppData\Roaming\GDIPFONTCACHEV1.DAT
2009-01-28 12:08    325,128    ----a-w    c:\windows\system32\drivers\avgldx86.sys
2009-01-28 10:38    ---------    d-----w    c:\programdata\avg8
2009-01-25 16:37    ---------    d-----w    c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-25 16:37    ---------    d-----w    c:\program files\iTunes
2009-01-25 16:36    ---------    d-----w    c:\programdata\Apple Computer
2009-01-25 16:36    ---------    d-----w    c:\program files\iPod
2009-01-25 16:36    ---------    d-----w    c:\program files\Common Files\Apple
2009-01-25 16:31    ---------    d-----w    c:\program files\QuickTime
2009-01-23 18:40    ---------    d-----w    c:\program files\Google
2009-01-15 04:16    52,736    ----a-w    c:\windows\AppPatch\iebrshim.dll
2009-01-07 19:09    71,096    ----a-w    c:\users\Brock\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-12-13 06:27    174    --sha-w    c:\program files\desktop.ini
2008-06-19 19:22    27,240    ----a-w    c:\users\Gæst\AppData\Roaming\nvModes.dat
2008-06-08 16:16    0    ----a-w    c:\users\Brock\AppData\Roaming\wklnhst.dat
2008-06-07 12:34    27,335    ----a-w    c:\users\Jette\AppData\Roaming\nvModes.dat
2008-06-01 19:22    0    ----a-w    c:\users\Jette\AppData\Roaming\wklnhst.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-03-14 14:47    806912    --a------    c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2009-03-14 806912]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-04 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Google Update"="c:\users\Brock\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-22 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-21 39408]
"EPSON Stylus DX4400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"Uniblue RegistryBooster 2009"="c:\virus\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-09 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-18 144792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-28 1601304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ      scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{55F5EADE-378B-4F78-BA0A-E484B5B8B7BA}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9FFE76F7-5BFA-4AC5-AEE7-36831B3E8F7D}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{BB20DF44-E180-4C14-AE4C-C1251412241F}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C2C29F35-C114-4150-A8FE-A39C366F2662}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{BD434C13-436A-4660-97BF-32B43BE351CC}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{F8CF604C-C134-4BE5-AEB9-622BB5F9339D}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{104CA293-A090-446E-AC09-C2EF83D9F33C}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{58B01428-4144-4089-9ADD-0D649925AF30}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{E25BEBC6-A52D-473B-A3F4-A6D489D5F356}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{60E75C42-6272-4A06-8789-B358270A0B8B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C845133F-6662-46E2-ACC3-D885F542F07F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{56FF99D5-F8FF-48AA-B7D4-C5C24B86A973}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{567A3378-89C6-49F3-932F-F135EF1BC14A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{66A7C07E-4B26-48C8-9820-DBD6A46F0432}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AED19182-CD53-4D03-B3C0-283EBA85AA89}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D979F41A-C7DE-4BF8-994B-189BAE9267FA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{15DA3EA4-90E7-4219-A16B-56729A4E1449}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B8DA8659-A492-491B-919F-D112F7689409}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{9C29C992-3765-4267-8D86-BC2F2E1F363C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{80E64B3D-1515-49C2-A2CF-6FF7C0AFDF81}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{16298401-5A0D-492B-883A-A623B7251E5D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{92603D94-7BE4-418C-BEC1-0CECEFE3456B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{432FE235-D92B-4213-B9EA-4A2576712282}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{52D30B13-B9CD-4B28-90D2-353AF416576A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{87F8715D-8EAC-47C9-9105-5F6EBCCABC84}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{121DFA52-6716-4DC9-A4B5-F5238D78E6D6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{485249AC-B937-4CD7-9B35-F5C5FEDD901A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E070C6B4-855D-4F3C-8858-BAB4809FD4DA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{57926CEB-A7B2-471E-AB66-C37FC751F692}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DC5EB416-A14C-4BAD-8139-7CFFBE155A8B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{94ECBA98-27EF-463B-B9ED-D6CFF2F4739E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{09E5A2EB-7737-4BCD-848C-FC9E5515FAB9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{44F3C5BB-64DD-4913-B9EC-1EA9F3E926DD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E0E03AB2-5BE8-4FF4-AACF-C0CAD91CB995}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A11117CA-1C53-49C2-9CC5-246633D73814}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D73E7675-2CE8-40DA-A1E3-E12343A526CD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F87A6AE9-6E98-4AEA-A84B-28DD47C49B58}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EBE0DF7C-5B23-4B20-A3B6-18CD6EA20B51}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7C100642-ABE7-4415-ACC3-616AD439E0BA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CC773EEF-5D06-4EEE-9D8B-356BE85587F5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{62F1AC45-E886-42AD-8ADD-F439412DD1CD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{84D7A9EF-B850-40A3-870C-13769A694BE8}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{79209B90-8438-4F63-A269-9E1B04844D84}"= UDP:c:\program files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
"{F16D0A07-0232-4840-808F-361CC7C14C32}"= TCP:c:\program files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
"{B0991E45-4833-465E-A020-AA98E3A7C093}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B5D74F3F-4291-4763-9B35-2759F85724D9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CACE2097-34AE-456A-B3DF-E7478C9135FA}"= UDP:c:\program files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
"{2DA37B13-ACA6-49E0-A68E-C52B238FE26A}"= TCP:c:\program files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
"{4DE4C138-DBEE-45A0-9E69-032D3AC415E6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-07-22 325128]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-28 298264]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2008-04-20 354840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Indhold af mappen 'Planlagte Opgaver'

2009-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3816565689-1465325906-3994520160-1000.job
- c:\users\Brock\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 15:23]
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.bold.dk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: danskebank.dk
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://danid.dk/csp/authenticode/digitalsignatur-csp.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 19:26:43
Windows 6.0.6000  NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(4600)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Gennemført tid: 2009-03-14 19:32:53 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-03-14 18:32:24

Pre-Kørsel: 136.462.651.392 byte ledig
Post-Kørsel: 135,756,820,480 byte ledig

247    --- E O F ---    2009-02-17 16:13:05







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37, on 2009-03-14
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Users\Brock\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bold.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brock\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S5A61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\virus\uniblue\registrybooster\StartRegistryBooster.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldda-dk.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://danid.dk/csp/authenticode/digitalsignatur-csp.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 10623 bytes

Malware testen kunne jeg kun kører i en hurtigt test da en fuld test tager så lang tid at pc´en når at fryse.

PUHA - der er 'lidt af hvert' ...

Afinstaller

* Limewire
Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer reslutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=47308

* Bonjour
* Uniblue RegistryBooster 2009
* Google Updater Service

via
[Start][Indstilninger][Kontrolpanel]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Kør en scanning med Hijackthis, NB: VISTA: HøjreMusseTast på HiJackThis - KØR SOM [ADMINISTRATOR] !!!
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Brock\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\virus\uniblue\registrybooster\StartRegistryBooster.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

Genstart normalt...

------------------------------------------------------------------------

Desuden (VIGTIGT!) mangler du tilsyneladende alle elementer fra WindowsUpdate ?

Install alt fra WindowsUpdate (Findes et sted i din [Start]menu... og følg guiden...

Incl. M$ ServicePack1 til Vista -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=f559842a-9c9b-4579-b64a-09146a0ba746

------------------------------------------------------------------------

Ta' en oprydning med nævnte CCleaner...

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

PC´en kører rigtig fint nu.
Så super mange tak for hjælpen.

Vil da gerne se omtalte Log fra
* Malwarebytes
* Hijackthis

--------