Avatar billede connect-ny Nybegynder
05. februar 2009 - 19:00 Der er 18 kommentarer

Min PC kører ekstrem langsom

Hej jeg har to pc'er der kører utrolig dårligt - de er langsomme har problemer med at komme på nettet etc.

Er der nogen der kan hjælpe mig med at rense dem??

På forhånd mange tak for hjælpen


/Bertel
Avatar billede kasperwood Nybegynder
05. februar 2009 - 19:13 #1
Et godt sted at starte er at hente det gratis program CC Cleaner, der blandt andet rydder op i registreringsdatabasen hvilket gør pcen langsom
Avatar billede connect-ny Nybegynder
05. februar 2009 - 19:29 #2
OK - der stater jeg lige, så ser vi om det hjælper

TAk!
05. februar 2009 - 19:37 #3
Du ka' lige få 'talen' ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Avatar billede connect-ny Nybegynder
05. februar 2009 - 19:47 #4
OK - jeg har lige installeret cleaneren og kørt den - jeg prøver lige at gå videre med din vejledning.

Tak!
Avatar billede jpworld_dk Nybegynder
05. februar 2009 - 19:58 #5
lad Ad-Aware hjælpe dig
Avatar billede connect-ny Nybegynder
05. februar 2009 - 21:19 #6
Her er logfilerne, bemærk at HiJack this gav mig et par fejlmeddelelser, bla. kunne den ikke åbne hostfilen.


HiJack this logfil:
Logfile of HijackThis v1.99.1
Scan saved at 21:16:23, on 05-02-2009
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\Win2k\AWU.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Aske Carlos\Desktop\HiJack\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.y8.com/tags/Football
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Jensen AirLink 7554 Wlan Utility.lnk = C:\Program Files\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\Win2k\AWU.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Desktop-administrator 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


Malware log:
Malwarebytes' Anti-Malware 1.33
Database version: 1731
Windows 6.0.6000

05-02-2009 21:14:19
mbam-log-2009-02-05 (21-14-19).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 159652
Tid tilbagelagt: 1 hour(s), 2 minute(s), 6 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)
Avatar billede connect-ny Nybegynder
05. februar 2009 - 22:17 #7
Her kommer lige logfilerne fra den anden PC


HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:05, on 05-02-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\Win2k\AWU.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Primby\Desktop\HiJack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 87.61.55.178 www.habitten.dk
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PhilipsSA33XXDM] C:\Program Files\Philips\SA33XX\Philips Device Manager\Bin\LaunchDM.exe OS_STARTUP
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: PersonalBrain 4.lnk = C:\Program Files\PersonalBrain\PersonalBrainS.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Jensen AirLink 7554 Wlan Utility.lnk = C:\Program Files\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\Win2k\AWU.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop-administrator 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8947 bytes


Malware:

Malwarebytes' Anti-Malware 1.33
Database version: 1731
Windows 6.0.6001 Service Pack 1

05-02-2009 22:02:57
mbam-log-2009-02-05 (22-02-57).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 173882
Tid tilbagelagt: 1 hour(s), 40 minute(s), 36 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 25
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 3
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Inficerede Filer:
(Ingen mistænkelige filer fundet)
06. februar 2009 - 06:42 #8
... for den første PC ->
Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Avatar billede connect-ny Nybegynder
06. februar 2009 - 11:35 #9
Ok - det gør jeg lige igen - men først senere i dag

tak
Avatar billede connect-ny Nybegynder
06. februar 2009 - 16:37 #10
Hej igen

Her kommer log filen fra den første PC igen efter at have kørt  HiJack med det sidste link.

Håber det hjælper

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:13, on 06-02-2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\Win2k\AWU.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Aske Carlos\Desktop\HiJack\HiJackThis1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.y8.com/tags/Football
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Jensen AirLink 7554 Wlan Utility.lnk = C:\Program Files\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\Win2k\AWU.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop-administrator 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8519 bytes
06. februar 2009 - 17:47 #11
Den mangler Vista ServicePack1 + alle efterfølgende opdateringer fra WindowsUpdate!!!

M$ ServicePack1 til Vista -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=f559842a-9c9b-4579-b64a-09146a0ba746

Derefter kan følge lidt generel oprydning/optimering...
Avatar billede connect-ny Nybegynder
06. februar 2009 - 18:17 #12
Tak installerer SP og vender tilbage
Avatar billede connect-ny Nybegynder
07. februar 2009 - 18:38 #13
SP1 installeret - men begge pc'er kører stdig ikke godt. Specielt internettet er ekstremt langsom, det tager lang tid at loade en side (har en 4Mbit linie) og når man benytter et link får man meget ofte den meddelelse at Internet Explorer kan ikke vise siden!

Hvad kan jeg gøre for at få det løst?
07. februar 2009 - 19:57 #14
Lige en hurtig - for begge's vedkommende ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede connect-ny Nybegynder
08. februar 2009 - 09:50 #15
OK tak - det prøver jeg med det samme
Avatar billede connect-ny Nybegynder
08. februar 2009 - 10:42 #16
Her kommer den for den første PC:

ComboFix 09-02-06.04 - Aske Carlos 2009-02-08 10:22:54.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1030.18.2046.1129 [GMT 1:00]
Kører fra: c:\users\Aske Carlos\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080719-0] *On-access scanning disabled* (Outdated)
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-01-08 til 2009-02-08  )))))))))))))))))))))))))))))))))))
.

2009-02-07 23:32 . 2008-04-26 09:26    891,448    --a------    c:\windows\System32\drivers\tcpip.sys
2009-02-07 23:32 . 2008-04-12 04:32    784,896    --a------    c:\windows\System32\rpcrt4.dll
2009-02-07 23:32 . 2008-04-05 02:21    72,192    --a------    c:\windows\System32\drivers\pacer.sys
2009-02-07 23:32 . 2008-04-05 04:34    15,360    --a------    c:\windows\System32\pacerprf.dll
2009-02-06 19:37 . 2009-02-06 19:37    <DIR>    d--------    C:\PerfLogs
2009-02-06 19:13 . 2009-02-06 18:44    152,576    --a------    c:\windows\System32\SPWizUI.dll
2009-02-06 19:13 . 2009-02-06 18:44    47,560    --a------    c:\windows\System32\SPReview.exe
2009-02-06 18:59 . 2008-01-18 23:33    599,552    --a------    c:\windows\System32\vsp1cln.exe
2009-02-06 18:59 . 2008-01-18 23:33    193,024    --a------    c:\windows\System32\recdisc.exe
2009-02-06 18:59 . 2008-01-18 23:36    6,656    --a------    c:\windows\System32\sdspres.dll
2009-02-06 18:58 . 2008-01-18 23:36    142,336    --a------    c:\windows\System32\spp.dll
2009-02-06 18:58 . 2008-01-18 23:36    28,160    --a------    c:\windows\System32\sxproxy.dll
2009-02-06 18:52 . 2008-01-18 23:33    5,714,432    --a------    c:\windows\System32\logon.scr
2009-02-06 18:51 . 2008-01-18 23:33    2,623,488    --a------    c:\windows\System32\SLsvc.exe
2009-02-06 18:50 . 2008-01-18 23:38    4,595,712    --a------    c:\windows\System32\AuthFWSnapin.dll
2009-02-06 18:49 . 2008-01-18 22:06    8,147,456    --a------    c:\windows\System32\wmploc.DLL
2009-02-06 18:45 . 2009-02-06 19:14    196,608    --a------    c:\windows\SPInstall.etl
2009-02-06 18:45 . 2008-01-18 23:33    44,032    --a------    c:\windows\System32\cbsra.exe
2009-02-05 19:21 . 2009-02-05 19:21    <DIR>    d--------    c:\users\Aske Carlos\AppData\Roaming\Malwarebytes
2009-02-05 19:21 . 2009-02-05 19:21    <DIR>    d--------    c:\users\All Users\Malwarebytes
2009-02-05 19:21 . 2009-02-05 19:21    <DIR>    d--------    c:\programdata\Malwarebytes
2009-02-05 19:21 . 2009-02-05 19:21    <DIR>    d--------    c:\program files\Malwarebytes' Anti-Malware
2009-02-05 19:21 . 2009-01-14 16:11    38,496    --a------    c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-05 19:21 . 2009-01-14 16:11    15,504    --a------    c:\windows\System32\drivers\mbam.sys
2009-01-28 19:19 . 2009-01-28 19:19    <DIR>    d--------    c:\users\All Users\WEBREG
2009-01-28 19:19 . 2009-01-28 19:19    <DIR>    d--------    c:\programdata\WEBREG
2009-01-28 19:03 . 2009-01-28 19:19    <DIR>    d--------    c:\users\Aske Carlos\AppData\Roaming\HP
2009-01-28 19:02 . 2009-01-28 19:02    <DIR>    d--------    c:\users\All Users\Hewlett-Packard
2009-01-28 19:02 . 2009-01-28 19:02    <DIR>    d--------    c:\programdata\Hewlett-Packard
2009-01-25 11:52 . 2009-01-25 11:52    <DIR>    d--------    c:\users\All Users\Fighters
2009-01-25 11:52 . 2009-01-25 11:52    <DIR>    d--------    c:\programdata\Fighters
2009-01-25 11:52 . 2009-01-25 11:53    <DIR>    d--------    c:\program files\Fighters
2009-01-25 11:49 . 2009-01-25 11:49    410,984    --a------    c:\windows\System32\deploytk.dll
2009-01-14 15:44 . 2009-01-30 07:25    <DIR>    d--------    c:\windows\System32\IOSUBSYS
2009-01-14 11:48 . 2008-12-16 03:42    288,768    --a------    c:\windows\System32\drivers\srv.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 18:51    174    --sha-w    c:\program files\desktop.ini
2009-02-06 18:41    ---------    d-----w    c:\program files\Windows Sidebar
2009-02-06 18:41    ---------    d-----w    c:\program files\Windows Photo Gallery
2009-02-06 18:41    ---------    d-----w    c:\program files\Windows Mail
2009-02-06 18:41    ---------    d-----w    c:\program files\Windows Journal
2009-02-06 18:41    ---------    d-----w    c:\program files\Windows Defender
2009-02-06 18:41    ---------    d-----w    c:\program files\Windows Collaboration
2009-02-06 18:41    ---------    d-----w    c:\program files\Windows Calendar
2009-02-06 18:22    82,432    ----a-w    c:\windows\System32\axaltocm.dll
2009-02-06 18:22    101,888    ----a-w    c:\windows\System32\ifxcardm.dll
2009-02-05 18:18    ---------    d-----w    c:\program files\CCleaner
2009-01-28 18:04    ---------    d-----w    c:\programdata\HP
2009-01-25 10:49    ---------    d-----w    c:\program files\Java
2009-01-24 16:48    ---------    d-----w    c:\program files\Google
2009-01-17 08:14    204    ----a-w    c:\users\Aske Carlos\AppData\Roaming\wklnhst.dat
2009-01-05 22:33    3,751,995    ----a-w    c:\windows\System32\GPhotos.scr
2008-12-14 12:48    ---------    d-----w    c:\programdata\Microsoft Help
2008-09-24 13:11    16,384    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-24 13:11    32,768    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-24 13:11    16,384    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((  SnapShot@2009-02-08_10.11.09,98  )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-08 09:05:59    6,402,048    ----a-w    c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-02-08 09:22:13    6,402,048    ----a-w    c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
- 2009-02-08 08:53:52    262,144    --sha-w    c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-08 09:10:34    262,144    --sha-w    c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-02-08 08:51:05    16,384    --sha-w    c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-08 09:15:06    16,384    --sha-w    c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-08 08:51:05    32,768    --sha-w    c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-08 09:15:06    32,768    --sha-w    c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-08 08:51:05    16,384    --sha-w    c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-08 09:15:06    16,384    --sha-w    c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [BU]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-28 29744]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-25 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-16 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-16 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 c:\windows\SkyTel.exe]

c:\users\Aske Carlos\Desktop\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Jensen AirLink 7554 Wlan Utility.lnk - c:\program files\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\Win2k\AWU.exe [2007-11-10 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{96B0EC22-39E8-4C3E-B7ED-DB4C1FE8A89A}"= c:\program files\Home Cinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{18302E7B-70CB-40FC-8668-D35A38308130}"= c:\program files\Home Cinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{6958F648-C694-42C8-9596-EF93C7C854E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{39BCB5D1-E7E1-4519-9D8D-8DA56A30E43E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E049E98A-C270-4011-B8DC-EEBE4E72A4F3}"= Disabled:UDP:c:\users\Aske Carlos\AppData\Local\Temp\7zSA13F.tmp\setup\HPZnui01.exe:hpznui01.exe
"{D1423137-93CA-45E1-B70A-DDBF74B1ECB4}"= Disabled:TCP:c:\users\Aske Carlos\AppData\Local\Temp\7zSA13F.tmp\setup\HPZnui01.exe:hpznui01.exe
"{785C247F-661C-4144-9B7A-880845B45A26}"= Disabled:UDP:c:\users\Aske Carlos\AppData\Local\Temp\7zS9A3E.tmp\setup\HPZnui01.exe:hpznui01.exe
"{B6174690-9C2C-4037-981D-9C4AC971D42A}"= Disabled:TCP:c:\users\Aske Carlos\AppData\Local\Temp\7zS9A3E.tmp\setup\HPZnui01.exe:hpznui01.exe

R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2007-06-21 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2007-06-21 52224]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-05-23 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-05-23 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-05-23 50768]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2007-04-03 1131136]
R3 Vfscan;Vfscan;c:\windows\System32\drivers\vffilter.sys [2008-11-18 15496]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2007-06-21 13976]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-05-09 1136600]
S3 GoogleDesktopManager-061008-081103;Google Desktop-administrator 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-06-27 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc
HPService    REG_MULTI_SZ      HPSLPSVC
.
Indhold af mappen 'Planlagte Opgaver'

2009-02-08 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 22:21]

2008-12-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 22:21]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.y8.com/tags/Football
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 10:25:13
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-02-08 10:27:26
ComboFix-quarantined-files.txt  2009-02-08 09:27:20
ComboFix2.txt  2009-02-08 09:12:48

Pre-Kørsel: 258,577,801,216 byte ledig
Post-Kørsel: 258,541,875,200 byte ledig

172    --- E O F ---    2009-02-07 23:18:10
Avatar billede connect-ny Nybegynder
08. februar 2009 - 11:30 #17
Her er logfilen for den anden PC:

ComboFix 09-02-06.04 - Primby 2009-02-08 10:50:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1030.18.2046.1137 [GMT 1:00]
Kører fra: c:\users\Primby\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081120-0] *On-access scanning enabled* (Updated)
* Dannede nyt systemgendannelsespunkt
.
ADS - Windows: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Primby\AppData\Roaming\inst.exe
c:\windows\system32\AutoRun.inf

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-01-08 til 2009-02-08  )))))))))))))))))))))))))))))))))))
.

2009-02-06 18:55 . 2009-02-06 20:09    196,608    --a------    c:\windows\SPInstall.etl
2009-02-05 19:55 . 2009-02-05 19:55    <DIR>    d--------    c:\users\Primby\AppData\Roaming\Malwarebytes
2009-02-05 19:55 . 2009-02-05 19:55    <DIR>    d--------    c:\users\All Users\Malwarebytes
2009-02-05 19:55 . 2009-02-05 19:55    <DIR>    d--------    c:\programdata\Malwarebytes
2009-02-05 19:55 . 2009-02-05 19:55    <DIR>    d--------    c:\program files\Malwarebytes' Anti-Malware
2009-02-05 19:55 . 2009-01-14 16:11    38,496    --a------    c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-05 19:55 . 2009-01-14 16:11    15,504    --a------    c:\windows\System32\drivers\mbam.sys
2009-02-05 19:51 . 2009-02-05 19:51    <DIR>    d--------    c:\program files\CCleaner
2009-01-28 17:41 . 2009-01-28 17:41    <DIR>    d--------    c:\windows\System32\IOSUBSYS
2009-01-25 11:37 . 2009-01-25 11:37    <DIR>    d--------    c:\users\All Users\Fighters
2009-01-25 11:37 . 2009-01-25 11:37    <DIR>    d--------    c:\programdata\Fighters
2009-01-25 11:37 . 2009-01-25 11:38    <DIR>    d--------    c:\program files\Fighters
2009-01-25 11:15 . 2009-01-25 11:15    <DIR>    d--h-c---    c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-25 11:15 . 2009-01-25 11:15    <DIR>    d--h-c---    c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-25 11:15 . 2009-01-25 11:15    <DIR>    d--------    c:\program files\Uniblue
2009-01-17 15:31 . 2009-01-17 15:31    <DIR>    d--------    c:\program files\Datel
2009-01-14 19:11 . 2008-12-16 03:42    288,768    --a------    c:\windows\System32\drivers\srv.sys
2009-01-10 12:06 . 2009-01-10 12:11    <DIR>    d--------    c:\temp\pal33x5
2009-01-10 12:06 . 2009-02-04 17:44    <DIR>    d--------    C:\temp

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 08:44    ---------    d-----w    c:\users\Primby\AppData\Roaming\OpenOffice.org2
2009-02-05 06:58    ---------    d-----w    c:\users\Primby\AppData\Roaming\TeraCopy
2009-01-28 16:40    ---------    d-----w    c:\program files\Google
2009-01-17 13:03    ---------    d-----w    c:\programdata\WinZip
2009-01-17 12:59    ---------    d-----w    c:\program files\SlySoft
2009-01-15 07:07    ---------    d-----w    c:\program files\Windows Mail
2009-01-14 08:22    2,100    ----a-w    c:\users\Primby\AppData\Roaming\wklnhst.dat
2009-01-10 15:28    ---------    d-----w    c:\program files\DivX
2009-01-05 22:33    3,751,995    ----a-w    c:\windows\System32\GPhotos.scr
2008-12-26 18:28    ---------    d-----w    c:\users\Primby\AppData\Roaming\ArcSoft
2008-12-26 18:23    ---------    d--h--w    c:\program files\InstallShield Installation Information
2008-12-26 18:23    ---------    d-----w    c:\program files\Common Files\ArcSoft
2008-12-26 18:23    ---------    d-----w    c:\program files\ArcSoft
2008-12-26 18:22    ---------    d-----w    c:\users\Primby\AppData\Roaming\SA33XX
2008-12-26 18:22    ---------    d-----w    c:\users\Primby\AppData\Roaming\InstallShield Installation Information
2008-12-26 18:22    ---------    d-----w    c:\users\Primby\AppData\Roaming\InstallShield
2008-12-26 18:22    ---------    d-----w    c:\program files\Philips
2008-12-26 12:26    ---------    d-----w    c:\program files\Common Files\Apple
2008-12-26 12:26    ---------    d-----w    c:\program files\Bonjour
2008-12-26 12:23    ---------    d-----w    c:\program files\Safari
2008-12-14 14:55    ---------    d-----w    c:\users\Primby\AppData\Roaming\CyberLink
2008-12-14 13:45    ---------    d-----w    c:\programdata\SlySoft
2008-12-14 13:04    ---------    d-----w    c:\program files\MagicDVDCopier
2008-12-14 11:55    47,360    ----a-w    c:\users\Primby\AppData\Roaming\pcouffin.sys
2008-12-14 11:55    ---------    d-----w    c:\users\Primby\AppData\Roaming\Vso
2008-12-13 07:59    ---------    d-----w    c:\programdata\Microsoft Help
2008-12-12 10:18    87,336    ----a-w    c:\windows\System32\dns-sd.exe
2008-12-12 10:11    61,440    ----a-w    c:\windows\System32\dnssd.dll
2008-12-11 00:33    86,016    ----a-w    c:\windows\System32\dpl100.dll
2008-12-11 00:33    200,704    ----a-w    c:\windows\System32\dtu100.dll
2008-12-09 02:28    593,920    ----a-w    c:\windows\System32\dpuGUI11.dll
2008-12-09 02:28    57,344    ----a-w    c:\windows\System32\dpv11.dll
2008-12-09 02:28    344,064    ----a-w    c:\windows\System32\dpus11.dll
2008-12-09 02:28    294,912    ----a-w    c:\windows\System32\dpu11.dll
2008-08-30 11:32    250,659    ----a-w    c:\users\Primby\AppData\Roaming\mdbu.bin
2008-06-26 01:24    174    --sha-w    c:\program files\desktop.ini
2007-11-10 11:05    16,384    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-10 11:05    32,768    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-10 11:05    16,384    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-22 29744]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-16 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-16 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"PhilipsSA33XXDM"="c:\program files\Philips\SA33XX\Philips Device Manager\Bin\LaunchDM.exe" [2007-08-02 40960]
"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 c:\windows\SkyTel.exe]

c:\users\Primby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Jensen AirLink 7554 Wlan Utility.lnk - c:\program files\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\Win2k\AWU.exe [2007-11-10 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{96B0EC22-39E8-4C3E-B7ED-DB4C1FE8A89A}"= c:\program files\Home Cinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{18302E7B-70CB-40FC-8668-D35A38308130}"= c:\program files\Home Cinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{6958F648-C694-42C8-9596-EF93C7C854E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{39BCB5D1-E7E1-4519-9D8D-8DA56A30E43E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AC543C01-8D0A-48D1-B54B-675A1DE69C25}"= Disabled:UDP:h:\setup\HPZnui01.exe:hpznui01.exe
"{B963E224-C859-4B9F-806F-1D386E420ADD}"= Disabled:TCP:h:\setup\HPZnui01.exe:hpznui01.exe
"{728A2E18-31D5-4362-A4A7-7764CA5D0092}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{7AC82A5F-7820-4A00-BFB1-4717A6E831F0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{2DD9E12D-293C-444B-8BAE-660E4B41E922}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{6BB32B18-0F60-494B-8D7E-E7D981A06736}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{6049B782-B394-4EA7-9AB1-B70367670E90}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{224FB7F5-D226-4DB6-9A8E-55266616C1EB}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{2924DD73-1666-42D8-B2C6-59543095D48D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{075C65D0-ED13-46E3-89F8-E5CF82B8E4CA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{30CE1497-26DC-46F5-948E-A3468453A757}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{69278805-727D-4659-B693-9DDE82086FA2}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{9E1171AA-2F33-46AC-817B-B21D207A9563}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{4579EBD9-DA30-4928-A273-B8E28D47DBD0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{F855F2FD-AD79-4647-B842-D5FDC7489547}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{0EE0084E-D740-46C1-B41D-BBFD4E77A5DC}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{E55CC82E-1A81-40A8-BE63-5EB51617EF09}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{8B265520-AB5B-44F6-85EC-75AA0C6F5059}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{70CA09AB-8BE2-4AB2-8DD1-DA59CDE44762}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{01E5CFA1-1EF0-470C-96A0-3FADE6A7A3A6}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{12521B4E-E52C-4C9A-A745-1EEDA0CC63C6}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{EDA69842-7AA6-49E8-BA5C-FF0BB9EEB874}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"TCP Query User{A443CD2A-1BB3-4857-B1E2-DA8C667CA24C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FD768C52-D71F-4877-A536-79B43573FF9D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{999C5AAB-FF52-4F5E-BCBA-FD3A9A5F5EE5}c:\\program files\\bang & olufsen\\beoplayer\\beoplayer.exe"= UDP:c:\program files\bang & olufsen\beoplayer\beoplayer.exe:BeoPlayer
"UDP Query User{BFCD6E8F-3112-4C9D-9412-F123122F627B}c:\\program files\\bang & olufsen\\beoplayer\\beoplayer.exe"= TCP:c:\program files\bang & olufsen\beoplayer\beoplayer.exe:BeoPlayer
"TCP Query User{EB08D9C2-303F-4B58-9F53-70D9DB4C7719}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{168D30A1-942F-4D3B-8674-DBDDD7888C43}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{B977E98F-7456-400A-9B6B-D0050A4A476E}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{7554A4E6-DFDA-4B03-A1B2-957CC72B75B2}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{299302D9-6D82-4884-B950-310EA2560037}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{071019A7-53CD-45D6-A219-E1129229EB56}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{01ED1B74-EF42-44C9-A7B0-F694CDD20F55}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{573087E2-6EC4-4286-A553-CBBCE976B8EC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2007-06-21 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2007-06-21 52224]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-02 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-02 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-03-16 51792]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-05-09 1136600]
R3 Vfscan;Vfscan;c:\windows\System32\drivers\vffilter.sys [2008-11-18 15496]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2007-06-21 13976]
S3 GoogleDesktopManager-061008-081103;Google Desktop-administrator 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-06-27 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc
HPService    REG_MULTI_SZ      HPSLPSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25852207-fafc-11dc-a5b4-0019e08d4317}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe /s
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 10:53:32
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-02-08 10:55:28
ComboFix-quarantined-files.txt  2009-02-08 09:55:23

Pre-Kørsel: 146.543.849.472 byte ledig
Post-Kørsel: 146,513,752,064 byte ledig

197    --- E O F ---    2009-02-06 05:15:36
08. februar 2009 - 12:26 #18
1) Afinstall
* RegCure

Evt. slet
c:\windows\Tasks\RegCure Program Check.job
c:\windows\Tasks\RegCure.job

-----------

2)

-----------

Generelt -> Afinstall
* Google Desktop Search
* Google Updater Service
* Bonjour-tjeneste

-----------

Ta' en oprydning med nævnte CCleaner

-----------

Hvordan kører PC'en så nu ?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester