CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede thegenuine Praktikant
27. oktober 2009 - 20:01 Der er 1 løsning

Underlig Vista PC - gennemse mbam, HJT og Combo Logs

Hej Experts,

Er der en venlig sjæl, der vil gennemse disse logs?

Min studievenindes Vista PC er totalt underlig. Hun kan ikke få lov til at installere iTunes eller Samsung tlfprg.

Hun har ikke haft problemer med andre installationer, som fx. Mbam, HJT eller Combo.

(Torrent anvendes til deling af studiearbejde)

Logs følger:

Malwarebytes' Anti-Malware 1.41
Database version: 3040
Windows 6.0.6002 Service Pack 2

27-10-2009 14:50:15
mbam-log-2009-10-27 (14-50-15).txt

Skan type: Hurtig skanning
Objekter skannet: 116126
Tid tilbagelagt: 13 minute(s), 25 second(s)

Inficerede Hukommelses Processer: 2
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 2
Inficerede Filer: 10

Inficerede Hukommelses Processer:
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Unloaded process successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Delete on reboot.

Inficerede Filer:
C:\$RECYCLE.BIN\S-1-5-21-3076172561-912673834-575587741-1000\$R39J7N2.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Delete on reboot.


ComboFix 09-10-26.06 - Ann 27-10-2009 18:29.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.3036.1871 [GMT 1:00]
Kører fra: c:\users\Ann\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{7EB6D433-8D45-4BFD-B3E6-D2790DEAC795}\setup.msi
c:\users\Ann\AppData\Roaming\.#
c:\users\Ann\AppData\Roaming\Desktopicon
c:\users\Ann\AppData\Roaming\Desktopicon\config.ini
c:\windows\Suyin.reg

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge


(((((((((((((((((((((((((((((  Filer skabt fra 2009-09-27 til 2009-10-27  )))))))))))))))))))))))))))))))))))
.

2009-10-27 17:39 . 2009-10-27 17:39    --------    d-----w-    c:\users\Gæst\AppData\Local\temp
2009-10-27 17:39 . 2009-10-27 17:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2009-10-27 13:34 . 2009-10-27 13:34    --------    d-----w-    c:\users\Ann\AppData\Roaming\Malwarebytes
2009-10-27 13:33 . 2009-09-10 13:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-27 13:33 . 2009-10-27 13:33    --------    d-----w-    c:\programdata\Malwarebytes
2009-10-27 13:33 . 2009-09-10 13:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-10-27 13:33 . 2009-10-27 13:34    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-10-26 20:06 . 2009-10-26 20:06    --------    d-----w-    c:\programdata\Installations
2009-10-26 19:22 . 2009-10-26 19:22    --------    d-----w-    c:\program files\MarkAny
2009-10-26 19:22 . 2009-10-26 19:22    --------    d-----w-    c:\program files\PC Connectivity Solution
2009-10-26 12:57 . 2009-10-26 13:04    --------    d-----w-    c:\users\Ann\dwhelper
2009-10-15 11:34 . 2009-09-10 16:48    218624    ----a-w-    c:\windows\system32\msv1_0.dll
2009-10-15 11:34 . 2009-08-04 12:34    3600456    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2009-10-15 11:34 . 2009-08-04 12:34    3548216    ----a-w-    c:\windows\system32\ntoskrnl.exe
2009-10-12 14:48 . 2009-10-12 14:48    --------    d-----w-    c:\program files\HP
2009-10-12 14:37 . 2003-04-06 05:45    16622    ------w-    c:\windows\hpomdl01.dat
2009-10-12 12:59 . 2009-10-12 14:42    77004    ----a-w-    c:\windows\system32\drivers\AFS.SYS
2009-10-12 12:57 . 2009-10-12 12:57    --------    d-----w-    c:\program files\Common Files\Hewlett-Packard
2009-10-12 12:56 . 2009-10-12 12:59    --------    d-----w-    c:\program files\Hewlett-Packard
2009-10-03 07:36 . 2009-10-01 09:29    195440    ------w-    c:\windows\system32\MpSigStub.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 17:40 . 2009-04-28 13:26    8496    ----a-w-    c:\windows\bthservsdp.dat
2009-10-27 17:40 . 2009-04-20 09:28    --------    d-----w-    c:\users\Ann\AppData\Roaming\DNA
2009-10-27 17:28 . 2009-07-31 18:43    786432    --sha-w-    c:\users\Gæst\ntuser.dat
2009-10-27 17:08 . 2009-07-12 20:12    --------    d-----w-    c:\users\Ann\AppData\Roaming\Samsung
2009-10-27 16:56 . 2008-01-21 05:51    77202    ----a-w-    c:\windows\system32\perfc006.dat
2009-10-27 16:56 . 2008-01-21 05:51    463344    ----a-w-    c:\windows\system32\perfh006.dat
2009-10-27 11:56 . 2009-04-04 19:28    31681    ----a-w-    c:\programdata\nvModes.dat
2009-10-26 20:07 . 2009-08-28 18:26    --------    d-----w-    c:\program files\Samsung
2009-10-26 19:22 . 2009-01-17 14:04    --------    d--h--w-    c:\program files\InstallShield Installation Information
2009-10-16 11:03 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-10-16 09:29 . 2009-01-17 14:18    --------    d-----w-    c:\programdata\Microsoft Help
2009-10-16 09:26 . 2009-01-17 14:19    --------    d-----w-    c:\program files\Microsoft Works
2009-10-12 14:42 . 2003-04-06 05:45    20458    ----a-w-    c:\windows\hpoins01.dat
2009-10-08 21:37 . 2009-04-20 09:29    --------    d-----w-    c:\users\Ann\AppData\Roaming\BitTorrent
2009-09-28 10:27 . 2009-04-06 09:45    --------    d-----w-    c:\program files\Java
2009-09-23 14:42 . 2009-01-17 14:30    --------    d-----w-    c:\program files\Google
2009-09-14 09:29 . 2009-10-15 11:33    144896    ----a-w-    c:\windows\system32\drivers\srv2.sys
2009-09-13 19:11 . 2009-01-17 14:40    --------    d-----w-    c:\program files\Windows Live
2009-09-13 19:10 . 2009-09-13 19:10    --------    d-----w-    c:\program files\Microsoft Sync Framework
2009-09-04 11:41 . 2009-10-15 11:33    60928    ----a-w-    c:\windows\system32\msasn1.dll
2009-08-29 07:53 . 2009-05-26 21:04    11952    ----a-w-    c:\windows\system32\avgrsstx.dll
2009-08-29 07:53 . 2009-05-26 21:04    335240    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2009-08-29 07:53 . 2009-05-26 21:04    27784    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-08-29 00:27 . 2009-09-02 19:31    4240384    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 19:31    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2009-08-28 18:37 . 2009-07-12 19:48    5632    ----a-w-    c:\windows\system32\drivers\StarOpen.sys
2009-08-27 05:22 . 2009-10-15 11:33    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 11:33    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-15 11:33    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-15 11:33    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2009-08-20 14:07 . 2009-04-03 14:47    105776    ----a-w-    c:\users\Ann\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-17 21:33 . 2009-08-17 21:33    1193832    ----a-w-    c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-09 18:23    904776    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 18:23    17920    ----a-w-    c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 18:23    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 18:23    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 18:23    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 18:23    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 18:23    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 18:23    19968    ----a-w-    c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 18:23    10240    ----a-w-    c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 18:23    30720    ----a-w-    c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 18:23    105984    ----a-w-    c:\windows\system32\netiohlp.dll
2009-08-03 20:33 . 2009-08-03 20:33    339968    ----a-w-    c:\windows\system32\pythoncom25.dll
2009-08-03 20:33 . 2009-08-03 20:33    2117632    ----a-w-    c:\windows\system32\python25.dll
2009-08-03 20:33 . 2009-08-03 20:33    114688    ----a-w-    c:\windows\system32\pywintypes25.dll
2009-08-03 13:07 . 2009-08-03 13:07    403816    ----a-w-    c:\windows\system32\OGACheckControl.dll
2009-08-03 13:07 . 2009-08-03 13:07    322928    ----a-w-    c:\windows\system32\OGAAddin.dll
2009-08-03 13:07 . 2009-08-03 13:07    230768    ----a-w-    c:\windows\system32\OGAEXEC.exe
2009-07-31 18:43 . 2009-07-31 18:43    74024    ----a-w-    c:\users\Gæst\AppData\Local\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 08:36    1008896    ----a-w-    c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52    121392    ----a-w-    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-03 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-20 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-17 30192]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-18 173352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-21 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-22 2025752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-09-18 6294048]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2008-09-18 1833504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 715568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):2a,a9,ab,ea,35,11,ca,01

R0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [12-10-2009 13:59 77004]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26-05-2009 22:04 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [26-05-2009 22:04 108552]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [16-09-2008 11:03 169312]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [29-08-2009 08:52 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [29-08-2009 08:52 297752]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [03-04-2009 16:08 69632]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [17-01-2009 15:29 24576]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [17-01-2009 15:05 354840]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23-09-2008 14:11 144632]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\System32\drivers\L1E60x86.sys [17-01-2009 22:15 47104]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [08-01-2009 06:55 45600]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [28-03-2007 07:51 43008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23-09-2009 15:40 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [12-06-2009 13:11 13224]
S3 GoogleDesktopManager-092308-165331;Google Desktop-administrator 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [17-01-2009 15:30 30192]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr28.sys [17-01-2009 22:15 338432]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23-09-2008 14:11 50424]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [03-04-2009 22:32 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [03-04-2009 22:32 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [03-04-2009 22:32 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [03-04-2009 22:32 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [03-04-2009 22:32 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [03-04-2009 22:32 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [03-04-2009 22:32 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [03-04-2009 22:32 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [03-04-2009 22:32 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [03-04-2009 22:32 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [03-04-2009 22:32 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [03-04-2009 22:32 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [03-04-2009 22:32 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [03-04-2009 22:32 109736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\System32\drivers\s1018bus.sys [03-04-2009 22:32 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\System32\drivers\s1018mdfl.sys [03-04-2009 22:32 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\System32\drivers\s1018mdm.sys [03-04-2009 22:32 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s1018mgmt.sys [03-04-2009 22:32 108200]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\System32\drivers\s1018nd5.sys [03-04-2009 22:32 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\System32\drivers\s1018obex.sys [03-04-2009 22:32 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\System32\drivers\s1018unic.sys [03-04-2009 22:32 109736]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\System32\drivers\usbaapl.sys [09-07-2009 11:16 39424]

--- Andre Services/Drivers i Hukommelsen ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ
.
Indhold af mappen 'Planlagte Opgaver'

2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-23 14:40]

2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-23 14:40]

2009-10-27 c:\windows\Tasks\User_Feed_Synchronization-{A3B92FC5-E5DD-40C6-B483-31E95FB18E88}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.signon.stofanet.dk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=2&o=vp32&d=0409&m=aspire_6930zg
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
Trusted Zone: danskebank.dk
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\obdewgvr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.signon.stofanet.dk/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Ann\AppData\Roaming\Mozilla\Firefox\Profiles\obdewgvr.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 18:44
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  FBSSA = c:\program files\SGPSA\ie3sh.exe???????????????????????????????????????????????????????????????????

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(2152)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\rundll32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\combofix\CF31460.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Gennemført tid: 2009-10-27 18:48 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-10-27 17:48

Pre-Kørsel: 97.172.312.064 byte ledig
Post-Kørsel: 99.986.165.760 byte ledig

- - End Of File - - 4E59733B9D06328A5D83623580FE48DD

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:14, on 27-10-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Ann\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=2&o=vp32&d=0409&m=aspire_6930zg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop-administrator 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SeaPort - Unknown owner - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12676 bytes

Takker!
Avatar billede thegenuine Praktikant
28. oktober 2009 - 09:37 #1
Problem solved med D-2-D Recovery.

Lukker.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 21:39 Flere skærme på Mac Air M2 Af Mads i Mac
I går 14:51 Automatisk ordre Af boje i Økonomiprogrammer
I går 14:01 HYPERLINK - kun 16 karakterer? Af jenslund i Excel
I går 09:48 Brug for hjælp Af Ann i Andet software
26/0518:27 Skærmshots Af fjorbak i Mobiltelefoner
White papers
Flere white papers »


Premium
Teaser billede
Peter Kruse har haft et stort it-sikkerhedsønske i 15 år, og nu kan det måske blive til virkelighed: “Danskerne kan spare mange millioner kroner”
Læs mere »
Norlys lukker et af sine store it-selskaber: Næsten 100 ansatte berøres - flere fyres
Blev opsagt efter fem måneder: Nu har tidligere Sentia-topchef Michael Meister landet nyt topjob igen
Her er de tre vigtigste årsager til, at it-ansatte forlader deres job
Se alle »
Computerworld
Teaser billede
Facebook og Instagram vil anvende dine fotos og opslag til træning af AI: I dag er sidste frist for at sige fra - sådan gør du
Læs mere »
Facebook og Instagram vil igen anvende dine opslag og kommentarer til at træne AI-modeller: Sådan kan du undgå det
Test af 3G-robotplæneklipper: Den kabelfri teknologi er tæt på topkarakter
Nørgaard: Med ét slag er det pludselig ikke så cool at arbejde for Microsoft længere
Se alle »
CIO
Teaser billede
Efter tvangslukning af international chefanklagers Microsoft-mail efter pres fra Trump: Nu reagerer Microsoft
Læs mere »
Efter lukning af mail hos straffedomstol: Microsoft skylder alle danske CIO'er svar på disse fire centrale spørgsmål
Overblik: Nedlukning af en Microsoft-mail i Haag har sat it-Danmark i alarmberedskab: Hvordan kunne det ske?
It-omkostninger steget med 160 procent på fire år: Nu trækker styrelse i nødbremsen - vil forny sin it-arkitektur fra bunden
Se alle »
Job & Karriere
Teaser billede
Fungerede ikke: Dropper AI som erstatning for kundeservice-medarbejdere - har nu brug for nye folk
Læs mere »
NNIT har fyret 100 medarbejdere - nedjusterer markant
It-chef og halv it-afdeling fyret i forsikringsselskab på grund af kommentar om potteplante
Har fælles fortid i Devoteam: Nu etablerer disse fire tunge it-profiler nyt dansk konsulenthus - ser et hul i markedet
Se alle »
White paper
Teaser billede
NIS2: Sådan styrker du både cybersikkerhed og compliance
Læs mere »
Sådan samler du virtualisering og containerdrift i én løsning
Sådan sikrer du nem og beskyttet adgang til dine ressourcer
AI og kunderejsen: Sådan vinder du fremtidens forbrugere
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »