Avatar billede kgndksv Juniormester
24. december 2009 - 13:28 Der er 15 kommentarer og
2 løsninger

Problemer ved PC - Nogen der kan tjekke nogle logs??

Hej min PC kører ikke særlig godt mere - Nogen der kan hjælpe??


MBAM-LOG
Malwarebytes' Anti-Malware 1.42
Database version: 3418
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

24-12-2009 11:14:26
mbam-log-2009-12-24 (11-14-26).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 168474
Tid tilbagelagt: 2 hour(s), 24 minute(s), 3 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


ComboFix
ComboFix 09-12-23.03 - søren 24-12-2009  12:03:34.3.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.45.1030.18.2301.1264 [GMT 1:00]
Kører fra: c:\users\søren\Desktop\rengøring af PCen\ComboFix.exe
Kommandoer benyttet :: c:\users\søren\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-11-24 til 2009-12-24  )))))))))))))))))))))))))))))))))))
.

2009-12-24 11:16 . 2009-12-24 11:16    --------    d-----w-    c:\users\Public\AppData\Local\temp
2009-12-24 11:16 . 2009-12-24 11:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2009-12-23 20:52 . 2009-12-03 15:14    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 20:52 . 2009-12-23 20:52    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-12-23 20:52 . 2009-12-03 15:13    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-23 20:30 . 2009-12-23 20:30    --------    d-----w-    c:\program files\CCleaner
2009-12-09 21:29 . 2009-10-07 11:36    243712    ----a-w-    c:\windows\system32\rastls.dll
2009-11-27 09:25 . 2009-10-29 09:17    2048    ----a-w-    c:\windows\system32\tzres.dll
2009-11-26 18:07 . 2009-08-11 16:44    1401856    ----a-w-    c:\windows\system32\msxml6.dll
2009-11-26 18:07 . 2009-08-11 16:44    1248768    ----a-w-    c:\windows\system32\msxml3.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 18:44 . 2006-11-21 04:45    77202    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-23 18:44 . 2006-11-21 04:45    463344    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-10 15:32 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-12-10 15:32 . 2009-02-15 18:19    --------    d-----w-    c:\programdata\Microsoft Help
2009-11-27 12:06 . 2008-10-29 19:53    --------    d-----w-    c:\program files\Java
2009-11-21 16:24 . 2009-11-21 16:24    --------    d-----w-    c:\program files\Windows Portable Devices
2009-11-21 16:24 . 2006-11-02 10:25    665600    ----a-w-    c:\windows\inf\drvindex.dat
2009-11-21 16:24 . 2009-11-21 16:24    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-21 06:40 . 2009-12-09 21:31    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 21:31    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 21:31    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 21:31    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2009-11-03 21:43 . 2009-12-09 21:31    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2009-11-03 21:42 . 2009-12-09 21:31    30720    ----a-w-    c:\windows\system32\httpapi.dll
2009-11-03 19:41 . 2009-12-09 21:31    411648    ----a-w-    c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-03 20:21    195456    ------w-    c:\windows\system32\MpSigStub.exe
2009-11-01 21:17 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Calendar
2009-11-01 21:17 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Sidebar
2009-11-01 21:17 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Collaboration
2009-11-01 21:17 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Photo Gallery
2009-11-01 21:17 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Defender
2009-10-11 03:17 . 2008-10-29 19:53    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-21 16:19    555520    ----a-w-    c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-21 16:19    234496    ----a-w-    c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-21 16:19    4096    ----a-w-    c:\windows\system32\oleaccrc.dll
2009-10-01 01:02 . 2009-11-21 16:21    2537472    ----a-w-    c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-21 16:21    30208    ----a-w-    c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-21 16:21    334848    ----a-w-    c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-21 16:21    87552    ----a-w-    c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-21 16:21    31232    ----a-w-    c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-21 16:21    546816    ----a-w-    c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-21 16:21    160256    ----a-w-    c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-21 16:21    60928    ----a-w-    c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-21 16:21    350208    ----a-w-    c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-21 16:21    196608    ----a-w-    c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-21 16:21    100864    ----a-w-    c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-21 16:21    81920    ----a-w-    c:\windows\system32\wpdbusenum.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-01-08 151552]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-01-09 483328]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-14 151552]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-27 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6d,82,a6,c2,39,5b,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [27-10-2008 22:12 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [27-01-2009 23:14 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27-10-2008 22:12 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27-10-2008 22:12 297752]
S3 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [09-11-2008 17:48 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
------- Yderligere scanning -------
.
uStart Page = hxxp://mail.forum.dk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://da.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 13:05
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Gennemført tid: 2009-12-24  13:12:29 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-12-24 12:12
ComboFix2.txt  2009-12-24 10:51

Pre-Kørsel: 8.277.958.656 byte ledig
Post-Kørsel: 8.271.171.584 byte ledig

- - End Of File - - B354310C30270A2B25EAE14C2829B2A0


HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:44, on 24-12-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Users\SREN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.forum.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5833 bytes
24. december 2009 - 13:38 #1
Under alle omstændigheder så kører du med en gammel AVG8.X (http://www.spywarefri.dk/artikel/computerblade-misinformerer/ )

Afinstall
* AVG8.X
Genstart
Install
* AVG9 (http://www.spywarefri.dk/artikel/avg-anti-virus-free-edition-9.0-231009/ )

------------------------------------------------------------------------

http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/ (Specielt punktet [Register]...)
http://www.ccleaner.com/download/builds/downloading-slim
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.

http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKCU\..\Run: [?????????] ??????????????e

Genstart normalt...

------------------------------------------------------------------------

http://kundeservice.tdc.dk/testcenter/

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?
Avatar billede f-arn Guru
24. december 2009 - 14:06 #2
Det ser ud som om du har kørt Combofix mere end en gang?
ComboFix2.txt
Avatar billede Tester1 Nybegynder
24. december 2009 - 14:10 #3
Diskdefragmentering og diskoprydning?

start - programmer - tilbehør - systemværktøjer.




Betyder somregel ik så meget..
Avatar billede patrick14 Nybegynder
24. december 2009 - 17:50 #4
Hent og kør sas

Hent og installer http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start superantispyware, klik på Check for updates.
Klik på Scan your Computer, sæt flueben i de drev der skal scannes. (Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.


Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, og gemmer den på skrivebordet.
24. december 2009 - 22:49 #5
La' os lige få <kgndksv> på banen igen før yderligere indslag...
Avatar billede kgndksv Juniormester
25. december 2009 - 16:25 #6
Hej Karise_Larry

Det virker ikke som om den kører syndelig hurtigere...

Dette er HJTlog efter jeg har gjort som du skrev:
Denne linie er der stadig:
___________________________________________________
O4 - HKCU\..\Run: [?????????] ??????????????e
___________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:44, on 24-12-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Users\SREN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.forum.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5833 bytes
Avatar billede f-arn Guru
25. december 2009 - 17:05 #7
Hvis du nu ga' os de originale logs ku' det være vi kunne hjælpe!! Når du gi'r os logs hvor problemet er halvt løst er det som at kæmpe med bind for øjnene.
Avatar billede kgndksv Juniormester
25. december 2009 - 19:53 #8
Hvad mener du med de originale logs?

Når jeg kører HJT og fixer
O4 - HKCU\..\Run: [?????????] ??????????????e
Så er den der også næste gang jeg kører HJT...?
Avatar billede f-arn Guru
25. december 2009 - 20:02 #9
Jeg kan bla. se at du har kørt Combofix mere end en gang. Jeg vil gerne vide hvad den fjernede.
Avatar billede kgndksv Juniormester
25. december 2009 - 20:21 #10
Den kørte 2 gange fordi jeg dobbelt klikkede på den og så kørte CF uden jeg vidste den ville gøre det. Men så læste jeg at jeg skulle oprette et tekst dokument med bestemte 2 linier

Derfor kørte den 2 gange
Avatar billede f-arn Guru
25. december 2009 - 20:34 #11
Prøv at finde ComboFix2.txt og ComboFix-quarantined-files.txt
Kopier dem herind.
Avatar billede kgndksv Juniormester
25. december 2009 - 21:11 #12
Kan ikke finde andre filer med "ComboFix*" Dette må være filen som hvor jeg aktiverede med CFScript.txt-filen

ComboFix 09-12-23.03 - søren 24-12-2009  12:03:34.3.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.45.1030.18.2301.1264 [GMT 1:00]
Kører fra: c:\users\søren\Desktop\rengøring af PCen\ComboFix.exe
Kommandoer benyttet :: c:\users\søren\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-11-24 til 2009-12-24  )))))))))))))))))))))))))))))))))))
.

2009-12-24 11:16 . 2009-12-24 11:16    --------    d-----w-    c:\users\Public\AppData\Local\temp
2009-12-24 11:16 . 2009-12-24 11:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2009-12-23 20:52 . 2009-12-03 15:14    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 20:52 . 2009-12-23 20:52    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2009-12-23 20:52 . 2009-12-03 15:13    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-23 20:30 . 2009-12-23 20:30    --------    d-----w-    c:\program files\CCleaner
2009-12-09 21:29 . 2009-10-07 11:36    243712    ----a-w-    c:\windows\system32\rastls.dll
2009-11-27 09:25 . 2009-10-29 09:17    2048    ----a-w-    c:\windows\system32\tzres.dll
2009-11-26 18:07 . 2009-08-11 16:44    1401856    ----a-w-    c:\windows\system32\msxml6.dll
2009-11-26 18:07 . 2009-08-11 16:44    1248768    ----a-w-    c:\windows\system32\msxml3.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 18:44 . 2006-11-21 04:45    77202    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-23 18:44 . 2006-11-21 04:45    463344    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-10 15:32 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2009-12-10 15:32 . 2009-02-15 18:19    --------    d-----w-    c:\programdata\Microsoft Help
2009-11-27 12:06 . 2008-10-29 19:53    --------    d-----w-    c:\program files\Java
2009-11-21 16:24 . 2009-11-21 16:24    --------    d-----w-    c:\program files\Windows Portable Devices
2009-11-21 16:24 . 2006-11-02 10:25    665600    ----a-w-    c:\windows\inf\drvindex.dat
2009-11-21 16:24 . 2009-11-21 16:24    0    ---ha-w-    c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-21 06:40 . 2009-12-09 21:31    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 21:31    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 21:31    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 21:31    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2009-11-03 21:43 . 2009-12-09 21:31    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2009-11-03 21:42 . 2009-12-09 21:31    30720    ----a-w-    c:\windows\system32\httpapi.dll
2009-11-03 19:41 . 2009-12-09 21:31    411648    ----a-w-    c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-03 20:21    195456    ------w-    c:\windows\system32\MpSigStub.exe
2009-11-01 21:17 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Calendar
2009-11-01 21:17 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Sidebar
2009-11-01 21:17 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Collaboration
2009-11-01 21:17 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Photo Gallery
2009-11-01 21:17 . 2006-11-02 12:35    --------    d-----w-    c:\program files\Windows Defender
2009-10-11 03:17 . 2008-10-29 19:53    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-10-08 21:08 . 2009-11-21 16:19    555520    ----a-w-    c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-21 16:19    234496    ----a-w-    c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-21 16:19    4096    ----a-w-    c:\windows\system32\oleaccrc.dll
2009-10-01 01:02 . 2009-11-21 16:21    2537472    ----a-w-    c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-21 16:21    30208    ----a-w-    c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-21 16:21    334848    ----a-w-    c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-21 16:21    87552    ----a-w-    c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-21 16:21    31232    ----a-w-    c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-21 16:21    546816    ----a-w-    c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-21 16:21    160256    ----a-w-    c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-21 16:21    60928    ----a-w-    c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-21 16:21    350208    ----a-w-    c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-21 16:21    196608    ----a-w-    c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-21 16:21    100864    ----a-w-    c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-21 16:21    81920    ----a-w-    c:\windows\system32\wpdbusenum.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-01-08 151552]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-01-09 483328]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-14 151552]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-27 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6d,82,a6,c2,39,5b,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [27-10-2008 22:12 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [27-01-2009 23:14 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27-10-2008 22:12 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27-10-2008 22:12 297752]
S3 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [09-11-2008 17:48 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
------- Yderligere scanning -------
.
uStart Page = hxxp://mail.forum.dk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://da.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 13:05
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Gennemført tid: 2009-12-24  13:12:29 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-12-24 12:12
ComboFix2.txt  2009-12-24 10:51

Pre-Kørsel: 8.277.958.656 byte ledig
Post-Kørsel: 8.271.171.584 byte ledig

- - End Of File - - B354310C30270A2B25EAE14C2829B2A0
Avatar billede f-arn Guru
26. december 2009 - 07:20 #13
kopier disse 3 linier på en gang.

cd\
dir /s /a c:\combofix*.txt > combofind.txt
notepad combofind.txt


Tast <Windows + R> og skriv cmd
Klik ok
Højreklik og vælg sæt ind.
Kopier teksten herind.
02. januar 2010 - 21:51 #14
(Hvad endte denne med ?)
Avatar billede kgndksv Juniormester
10. januar 2010 - 15:58 #15
Kører stadig dårligt, det var en kammerats PC, men har en ide om at det måsek er processor, harddisk og RAM der er for langsomt...

Skal vi sige først til mølle får pointene... :-)
Avatar billede patrick14 Nybegynder
10. januar 2010 - 19:49 #16
ja :)
10. januar 2010 - 21:01 #17
Ping... ?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester