Avatar billede magkat Novice
28. oktober 2010 - 22:31 Der er 10 kommentarer og
1 løsning

Logg fil til check *S*

God aften

Jeg har disse loggs som jeg meget gerne vil bede om at i kigger på ..min pc Hp HDX9000 notebook pc intel core 2 duo t7500 2,2 ghz
2,00 gb ram og 32 bit styresystem -windows Vista

Jeg har efter bedste formåen gjort som der er beskrevet i spørgsmål nr. 1232 og derfor sender jeg disse logs. Min pc er blevet mere og mere langsom til at starte op og i det hele taget er den bare sløv.......måske ville det være en ide for mig at indvestere i Windows 7...??

På forhånd mange tak for jeres hjælp *S*

Hilsen Finn

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4966

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

28-10-2010 16:21:51
mbam-log-2010-10-28 (16-21-51).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 272384
Tid gået: 2 time(e), 28 minut(ter), 27 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 19
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
C:\Program Files\Registry Victor (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\AutoBackup (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Language (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Finn's foretrukne (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Finn's foretrukne\Byggeri og hus (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Finn's foretrukne\Diverse (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Finn's foretrukne\Microsoft-websteder (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Hyperlinks (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Links (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Microsoft-websteder (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\MSN-websteder (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Sanne's foretrukne (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Sanne's foretrukne\Baby og navne (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Sanne's foretrukne\cykler (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Sanne's foretrukne\Hunde sider (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Sanne's foretrukne\Rejser 2006 (Rogue.RegistryVictor) -> Quarantined and deleted successfully.
C:\Program Files\Registry Victor\Utilities\Favorites\Windows Live (Rogue.RegistryVictor) -> Quarantined and deleted successfully.

Inficerede Filer:
(Ingen skadelige objekter blev fundet)


ComboFix 10-10-26.04 - Finn og Sanne 28-10-2010  21:38:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.2047.1217 [GMT 2:00]
Kører fra: c:\users\Finn og Sanne\Desktop\oprydning\rens 27-10-2010\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Finn og Sanne\EIyDTfXJidC.exe
c:\users\Finn og Sanne\lDpoIIWdzgK.exe
c:\users\Finn og Sanne\rpbrowserrecordupdate.dll
c:\windows\system32\AutoRun.inf
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-09-28 til 2010-10-28  )))))))))))))))))))))))))))))))))))
.

2010-10-27 17:57 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 17:57 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-10-27 17:57 . 2010-10-27 17:57    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-10-27 15:01 . 2010-08-26 16:34    1696256    ----a-w-    c:\windows\system32\gameux.dll
2010-10-27 15:01 . 2010-08-26 16:33    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2010-10-27 15:01 . 2010-08-26 14:23    4240384    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-23 19:55 . 2010-10-23 19:55    --------    d-----w-    c:\users\Finn og Sanne\AppData\Roaming\DeviceDoctorSoftware
2010-10-23 19:55 . 2010-10-23 19:55    --------    d-----w-    c:\program files\Device Doctor
2010-10-18 15:50 . 2010-10-18 15:50    --------    dc-h--w-    c:\programdata\{7FF25028-8D8E-437E-ABB9-51CDAB0A0303}
2010-10-16 14:24 . 2010-10-16 14:24    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2010-10-14 05:05 . 2010-05-04 19:13    231424    ----a-w-    c:\windows\system32\msshsq.dll
2010-10-14 05:05 . 2010-09-13 13:56    168960    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 05:05 . 2010-09-13 13:56    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2010-10-14 05:05 . 2010-09-06 16:20    125952    ----a-w-    c:\windows\system32\srvsvc.dll
2010-10-14 05:05 . 2010-09-06 16:19    17920    ----a-w-    c:\windows\system32\netevent.dll
2010-10-14 05:05 . 2010-09-06 13:45    304128    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-10-14 05:05 . 2010-09-06 13:45    145408    ----a-w-    c:\windows\system32\drivers\srv2.sys
2010-10-14 05:05 . 2010-09-06 13:45    102400    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2010-10-13 14:51 . 2010-10-13 14:51    --------    d-----w-    c:\users\Finn og Sanne\AppData\Local\CSIS
2010-10-13 14:51 . 2010-10-16 14:21    --------    dc-h--w-    c:\programdata\{487ACF53-E90B-4358-B259-DA83C3DCE408}
2010-10-13 14:50 . 2010-10-13 14:50    --------    d-----w-    c:\programdata\CSIS
2010-10-09 17:38 . 2010-10-09 17:38    --------    d-----w-    c:\users\Finn og Sanne\AppData\Local\CrashDumps
2010-10-05 18:10 . 2010-10-05 18:15    --------    d-----w-    c:\users\Finn og Sanne\AppData\Roaming\DriverFinder
2010-09-29 18:00 . 2010-06-22 13:30    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-09-29 17:59 . 2010-08-26 04:23    13312    ----a-w-    c:\program files\Internet Explorer\iecompat.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 09:17 . 2010-09-08 09:17    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2010-08-26 16:33 . 2010-10-27 15:01    173056    ----a-w-    c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 15:01    458752    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 15:01    2159616    ----a-w-    c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 15:01    542720    ----a-w-    c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-15 06:58    128000    ----a-w-    c:\windows\system32\spoolsv.exe
2010-08-12 12:15 . 2010-08-26 19:28    15880    ----a-w-    c:\windows\system32\lsdelete.exe
2010-08-12 12:15 . 2010-07-06 20:10    64288    ----a-w-    c:\windows\system32\drivers\Lbd.sys
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 184320]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-05-25 554552]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04    39792    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-05-16 05:20    71176    ----a-w-    c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10    421160    ----a-w-    c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 11:26    484904    ----a-w-    c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-06-22 19:08    181480    ------w-    c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17    421888    ----a-w-    c:\program files\VistaCodecPack\QT\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 09:34    148888    ----a-w-    c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33    202240    ----a-w-    c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1c9870bef306c2b;Google Update Service (gupdate1c9870bef306c2b);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS [x]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2010-04-19 41984]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-05 212520]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1108000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1108000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1108000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.5.0.127\Definitions\IPSDefs\20101027.001\IDSvix86.sys [2010-10-19 353840]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1108000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAV\1108000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-10-05 1357464]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2007-04-30 302848]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-02-01 49152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ
Cognizance    REG_MULTI_SZ      ASBroker ASChannel
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23    452136    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Indhold af mappen 'Planlagte Opgaver'

2010-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 20:39]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 21:02]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 21:02]

2010-10-28 c:\windows\Tasks\User_Feed_Synchronization-{C52CF575-631C-4E86-BA23-3CE057C2A184}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://ni.dk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: bec.dk
Trusted Zone: danid.dk
Trusted Zone: forum.dk\www
Trusted Zone: ni.dk
Trusted Zone: shb.dk
Trusted Zone: www.ni.dk
Trusted Zone: xnxx.com
Trusted Zone: xnxx.com\.www
Trusted Zone: xnxx.com\www
Trusted Zone: danid.dk
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
- - - - TOMME GENVEJE FJERNET - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 21:59
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(9068)
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2010-10-28  22:06:39 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-10-28 20:06

Pre-Kørsel: 32.833.122.304 byte ledig
Post-Kørsel: 32.477.589.504 byte ledig

- - End Of File - - DCD7500EE51E4504838FD41FFA81FB5B



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:57, on 28-10-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Finn og Sanne\Desktop\oprydning\rens 27-10-2010\HijackThis.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ni.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=73&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: *.bec.dk
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: *.shb.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9870bef306c2b) (gupdate1c9870bef306c2b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9121 bytes
Avatar billede magkat Novice
28. oktober 2010 - 22:58 #1
Jeg har lige et tillægs spørgsmål. Kender i noget til "speedUpmyPc" fra uniblue. er det noget man skal indvestere i ?
29. oktober 2010 - 06:33 #2
Jo - den er go' nok... men følgende kommentar:

Du skal opdatere MalwareBytes + evt. ny kørsel.

---

MalwareBytes har nappet en del 'snavs' - fint.

---

ComboFix har nappet lidt mere - fint.

---

Du skal opdatere din gamle AcrobatReader
* Afinstall AcrobatReader 8.X
Install
http://get.adobe.com/dk/reader/  (FRAklik GoogleToolbar!!!)

---

Mht "speedUpmyPc" - så tror jeg ikke specielt på det; måske meget få % "forbedring" ? Men læs herfra ->
http://www.eksperten.dk/spm/905793#reply_7567136

---

http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/ (Specielt punktet [Register]...)

http://www.alt-til-windows.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

---

Jo - jeg har flere gange oplevet Vista systemer som på en eller anden måde 'sander til' så OPSTART tager laaaaaaang tid, hvor den bare gnaver på et eller andet ?
Jeg har oplevet to ENS Vista PC'er, hvor kun den ene havde det problem med >4 min. opstarts tid; den anden <1 min opstarts tid ...

Såååå - WIN7 på 'dyret' og det nydeligt spiller fint...
Avatar billede magkat Novice
29. oktober 2010 - 22:17 #3
Hej Larry

Her  er så loggen efter en opdatering af malware.  siden hen har jeg fjernet acrobat 8 og hentet det sidste nye.




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4990

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

29-10-2010 21:02:26
mbam-log-2010-10-29 (21-02-26).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 278899
Tid gået: 1 time(e), 49 minut(ter), 40 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)
29. oktober 2010 - 22:40 #4
Ikke mere at gi' af der...

---

CCleaner - værktøjer - opstart - her kan du disable/fjern følgende fra din opstart:

[HP Software Update]
[Adobe Reader Speed Launcher]
[AppleSyncNotifier]
[QuickTime Task]
[iTunesHelper]

---

Afinstall
* Bonjour tjeneste (Bonjour Service)
* Google Update Service
* iPod-tjeneste (iPod Service)

---

Bruger du denne Sidebar til noget seriøst ? Eller skal den fortsat have love til at bruge XX% af PC'en resourser ?
PS: I WIN7 er den som standard IKKE fremme...

---
Avatar billede magkat Novice
29. oktober 2010 - 23:19 #5
Done.... jeg har tit undret mig over hvad er det der Bonjour ? nu er det væk *S* kan dog ikke finde ipod¨tjeneste

og den side bar er nu kun til at se vores fotos igennem lidt hyggeligt *S*

vil nok investere lidt penge i den -win 7 når der er råd

er der mer jeg kan gøre for min lille pc?
30. oktober 2010 - 10:27 #6
...er der mer jeg kan gøre for min lille pc?...

NOPE (evt. 100% geninstalation - men det er jo heller ikke så sjovt ?)
30. oktober 2010 - 10:27 #7
* Oprydning med CCleaner
* Opret et FRISK SYSTEMGENDANNELSESPUNKT -> http://spywareinfo.dk/index.htm#/tip-og-tricks/opret_et_systemgendannelsespunkt.htm
* CCleaner - værktøjer - Systemgendannelse - Slet de gamle punkter
* Defragmentering
Avatar billede magkat Novice
30. oktober 2010 - 11:02 #8
100 % geninstallation .....næppe...jeg tror jeg tager den "lette" 1000 tak for din hjælp ......
30. oktober 2010 - 12:25 #9
Avatar billede f-arn Guru
30. oktober 2010 - 20:38 #10
Bare for go' ordens skyld:

Tast  <Windows> + <R> samtidig og kopier dettte: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.
Avatar billede magkat Novice
02. november 2010 - 10:55 #11
Hej Larry

1000 tak for din hjælp og det har helt klart hjulpet*s*

den blivernok ikke bedre før jeg får det Win 7.....
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester