Langsom opstart
Antal indlæg: 62

Hej IT-guruer,

Jeg har fået nogle problemer med langsom opstart af Windows og Firefox og når jeg starter op får jeg denne besked: “Error loading C:\WINDOWS\slinton1.dll”

Før jeg gennemkørte jeres vejledning og diverse scanninger døjede maskinen også pludselig med en masse Explorer pop-ups med reklamer, trods det at jeg aldrig bruger Explorer.

Håber I kan hjælpe mig :-p

Her er nogle logs

MVH Steffen

C:\Documents and Settings\Administrator\Local Settings\temp\Pp0.exe   a variant of Win32/Kryptik.NHS trojan   cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\Pp2.exe   a variant of Win32/Kryptik.NHS trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\Pp3.exe   a variant of Win32/Kryptik.NHS trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\Ppx.exe   a variant of Win32/Kryptik.NHS trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\Ppy.exe   a variant of Win32/Kryptik.NHS trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\Ppz.exe   a variant of Win32/Kryptik.NHS trojan   cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\xmosweancr.tmp   a variant of Win32/Kryptik.NIA trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4TQRCH6N\st[1].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4TQRCH6N\st[3].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4TQRCH6N\st[4].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4TQRCH6N\st[5].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4TQRCH6N\st[6].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4TQRCH6N\st[7].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4TQRCH6N\st[8].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AGLF1QC1\st[2].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AGLF1QC1\st[3].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AGLF1QC1\st[4].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AGLF1QC1\st[5].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AGLF1QC1\st[6].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AGLF1QC1\st[7].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AGLF1QC1\st[8].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AGLF1QC1\st[9].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G16N0PA3\st[1].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G16N0PA3\st[3].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G16N0PA3\st[4].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KH6RG1MZ\st[1].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KH6RG1MZ\st[2].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KH6RG1MZ\st[3].htm   HTML/Iframe.B.Gen virus   deleted - quarantined
C:\Program Files\Application Updater\ApplicationUpdater.exe   probably a variant of Win32/Adware.Toolbar.Dealio application   cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe   a variant of Win32/Adware.Toolbar.Dealio application   cleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll   a variant of Win32/Adware.Toolbar.Dealio application   cleaned by deleting - quarantined
C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll   a variant of Win32/Adware.Toolbar.Dealio application   cleaned by deleting - quarantined
C:\WINDOWS\Pqywia.exe   a variant of Win32/Kryptik.NHS trojan   cleaned by deleting - quarantined
C:\WINDOWS\slinton1.dll   a variant of Win32/Kryptik.NIA trojan   cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\system32\drivers\ethjhxfj.sys   a variant of Win32/Bubnix.BM trojan   cleaned by deleting - quarantined
C:\WINDOWS\Temp\Ppw.exe   a variant of Win32/Kryptik.NHS trojan   cleaned by deleting - quarantined
C:\WINDOWS\Temp\Ppx.exe   a variant of Win32/Kryptik.NHS trojan   cleaned by deleting - quarantined
C:\WINDOWS\Temp\Ppy.exe   a variant of Win32/Kryptik.NHS trojan   cleaned by deleting - quarantined


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/03/2011 at 07:43 PM

Application Version : 4.0.1154

Core Rules Database Version : 6979
Trace Rules Database Version: 4791

Scan type     : Complete Scan
Total Scan Time : 00:47:54

Memory items scanned     : 558
Memory threats detected   : 0
Registry items scanned   : 5537
Registry threats detected : 0
File items scanned     : 21014
File threats detected   : 81

Adware.Tracking Cookie
  C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@clicksor[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@www.cpcadnet[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@adserving.versaneeds[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@ru4[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@myroitracking[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@adserving.cpxinteractive[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@ad.adserverplus[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@ads.cpxcenter[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@adxpose[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@adfarm1.adition[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@ad2.adfarm1.adition[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@atdmt.combing[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@eas.apm.emediate[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@harrenmedianetwork[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@mediabrandsww[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@ak[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@track[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@zanox[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@tracking1.aleadpay[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[1].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@m1.mediasrv[2].txt
  C:\Documents and Settings\Administrator\Cookies\administrator@adform[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@doubleclick[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@media6degrees[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@fidelity.rotator.hadj7.adjuggler[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@m1.mediasrv[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@azjmp[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@adfarm1.adition[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@atdmt[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@mediabrandsww[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@server.cpmstar[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@ru4[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@tracking.iqmedier[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@adtech[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@bs.serving-sys[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@www.matrix-media[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@adform[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@ads.ad4game[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@zedo[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@adserving.cpxinteractive[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@track[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@ads.gamersmedia[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@adxpose[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@myroitracking[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@track.affili8ing[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@adbrite[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@content.yieldmanager[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@vidasco.rotator.hadj7.adjuggler[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@invitemedia[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@zanox[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@ad.harrenmedianetwork[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@ad.yieldmanager[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@ad.zanox[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@clicksor[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@fastclick[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@eas.apm.emediate[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@apmebf[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@accounts[3].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@accounts[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@atdmt.combing[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@adserving.versaneeds[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@serving-sys[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@track.adform[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@ads.inextmedia[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@www.cpcadnet[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@ad2.adfarm1.adition[2].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@harrenmedianetwork[1].txt
  C:\Documents and Settings\Administrator\Local Settings\temp\Cookies\administrator@tradedoubler[2].txt

Trojan.Agent/Gen-FakeAlert
  C:\SYSTEM VOLUME INFORMATION\_RESTORE{239D2D56-AE5C-4F8B-B55E-AAD2A1F00A44}\RP603\A0082079.EXE

Administrator
Avatar
Antal indlæg: 55662

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.
Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.

Signatur

qui potest, obligatur

Nierne bomaye - You’ll never walk alone

Kaffen er drukket
Kassen er lukket
Støtten gør mere nytte
Hos de små og forknytte
Børns vilkår
Hospitalsklovne

Antal indlæg: 62

Hej igen - så har jeg kørt Combofix og loggen er her:

ComboFix 11-05-03.08 - Administrator 04-05-2011 21:08:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.1014.561 [GMT 2:00]
Kører fra: c:\documents and settings\Administrator\Desktop\ComboFix3.exe
Kommandoer benyttet :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\System
c:\documents and settings\Administrator\System\win_qs8.jqx
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-04-04 til 2011-05-04 )))))))))))))))))))))))))))))))))))
.
.
2011-05-04 13:40 . 2011-05-04 13:40   ————  d——-w-  c:\documents and settings\Administrator\Local Settings\Application Data\Secunia PSI
2011-05-04 13:40 . 2011-05-04 13:40   ————  d——-w-  c:\program files\Secunia
2011-05-03 14:49 . 2011-05-03 14:49   ————  d——-w-  c:\program files\ESET
2011-05-03 12:15 . 2011-04-18 17:12   19544   ——a-w-  c:\windows\system32\drivers\aswFsBlk.sys
2011-05-03 12:15 . 2011-04-18 17:17   307288   ——a-w-  c:\windows\system32\drivers\aswSP.sys
2011-05-03 12:15 . 2011-04-18 17:16   49240   ——a-w-  c:\windows\system32\drivers\aswTdi.sys
2011-05-03 12:15 . 2011-04-18 17:13   25432   ——a-w-  c:\windows\system32\drivers\aswRdr.sys
2011-05-03 12:15 . 2011-04-18 17:17   441176   ——a-w-  c:\windows\system32\drivers\aswSnx.sys
2011-05-03 12:15 . 2011-04-18 17:16   102488   ——a-w-  c:\windows\system32\drivers\aswmon2.sys
2011-05-03 12:15 . 2011-04-18 17:16   96344   ——a-w-  c:\windows\system32\drivers\aswmon.sys
2011-05-03 12:15 . 2011-04-18 17:13   30680   ——a-w-  c:\windows\system32\drivers\aavmker4.sys
2011-05-03 12:14 . 2011-04-18 17:25   40112   ——a-w-  c:\windows\avastSS.scr
2011-05-03 12:14 . 2011-04-18 17:25   199304   ——a-w-  c:\windows\system32\aswBoot.exe
2011-05-03 12:14 . 2011-05-03 12:14   ————  d——-w-  c:\program files\AVAST Software
2011-05-03 12:14 . 2011-05-03 12:14   ————  d——-w-  c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-03 11:58 . 2011-05-03 23:04   ————  d——-w-  c:\documents and settings\Administrator\Local Settings\Application Data\AskToolbar
2011-05-03 11:57 . 2011-05-03 11:58   ————  d——-w-  c:\documents and settings\Administrator\Application Data\Sammsoft
2011-05-03 11:56 . 2011-05-03 11:57   ————  d——-w-  c:\program files\Ask.com
2011-04-15 14:10 . 2011-04-15 14:10   ————  d——-w-  c:\documents and settings\Administrator\Application Data\pdfforge
2011-04-15 07:14 . 2011-04-15 07:14   ————  d——-w-  c:\documents and settings\Administrator\Application Data\Search Settings
2011-04-15 07:14 . 2011-04-15 07:14   ————  d——-w-  c:\windows\system32\config\systemprofile\Application Data\Application Updater
2011-04-15 07:14 . 2011-05-03 15:02   ————  d——-w-  c:\program files\Application Updater
2011-04-15 07:14 . 2011-04-15 07:14   ————  d——-w-  c:\program files\pdfforge Toolbar
2011-04-15 07:14 . 2011-04-15 07:14   ————  d——-w-  c:\program files\Common Files\Spigot
2011-04-15 07:13 . 1998-06-23 22:00   137000   ——a-w-  c:\windows\system32\MSMAPI32.OCX
2011-04-15 07:13 . 2011-04-15 07:14   ————  d——-w-  c:\program files\PDFCreator
2011-04-15 07:13 . 1998-07-05 22:00   23552   ——a-w-  c:\windows\system32\MSMPIDE.DLL
2011-04-14 01:39 . 2011-04-14 01:39   103864   ——a-w-  c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 01:39 . 2011-04-14 01:39   103864   ——a-w-  c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-07 18:13 . 2011-04-07 18:13   ————  d——-w-  c:\program files\Emicsoft Studio
2011-04-05 20:25 . 2011-04-05 20:25   ————  d——-w-  c:\documents and settings\Administrator\Application Data\dvdcss
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 17:13 . 2011-05-03 12:15   30680   ——a-w-  c:\windows\system32\drivers\aavmker4.sys
2011-03-07 05:33 . 2009-04-19 02:36   692736   ——a-w-  c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2004-08-10 11:00   434176   ——a-w-  c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 11:00   1857920   ——a-w-  c:\windows\system32\win32k.sys
2011-02-17 13:51 . 2006-03-04 03:33   667136   ——a-w-  c:\windows\system32\wininet.dll
2011-02-17 13:51 . 2004-08-10 11:00   81920   ——a-w-  c:\windows\system32\ieencode.dll
2011-02-17 13:51 . 2004-08-10 11:00   61952   ——a-w-  c:\windows\system32\tdc.ocx
2011-02-17 13:18 . 2004-08-10 11:00   455936   ——a-w-  c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-10 11:00   357888   ——a-w-  c:\windows\system32\drivers\srv.sys
2011-02-17 12:37 . 2004-08-10 11:00   369664   ——a-w-  c:\windows\system32\html.iec
2011-02-17 12:32 . 2009-04-20 22:46   5120   ——a-w-  c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-10 11:00   290432   ——a-w-  c:\windows\system32\atmfd.dll
2011-02-08 13:33 . 2004-08-10 11:00   978944   ——a-w-  c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-10 11:00   974848   ——a-w-  c:\windows\system32\mfc42u.dll
2011-02-04 16:48 . 2004-08-10 11:00   456192   ——a-w-  c:\windows\system32\encdec.dll
2011-02-04 16:48 . 2004-08-10 11:00   291840   ——a-w-  c:\windows\system32\sbe.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17   1487240   ——a-w-  c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@=”{472083B0-C522-11CF-8763-00608CC02F24}”
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25   122512   ——a-w-  c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-02-29 1481968]
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“c:\windows\ehome\ehtray.exe” [2005-08-05 64512]
“Broadcom Wireless Manager UI”=“c:\windows\system32\WLTRAY.exe” [2005-12-19 1347584]
“SigmatelSysTrayApp”=“stsystra.exe” [2006-03-25 282624]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2006-03-08 761947]
“Dell QuickSet”=“c:\program files\Dell\QuickSet\quickset.exe” [2006-08-04 1032192]
“IntelZeroConfig”=“c:\program files\Intel\Wireless\bin\ZCfgSvc.exe” [2007-10-08 995328]
“IntelWireless”=“c:\program files\Intel\Wireless\Bin\ifrmewrk.exe” [2007-10-08 1101824]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2007-03-31 138008]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2007-03-31 162584]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2007-03-31 138008]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2009-01-05 413696]
“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2009-10-05 198160]
“ISUSPM Startup”=“c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-06-14 221184]
“ISUSScheduler”=“c:\program files\Common Files\InstallShield\UpdateService\issch.exe” [2004-06-14 81920]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-05-14 248552]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2011-01-31 35760]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2010-09-20 932288]
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe” [2011-04-18 3460784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41   294912   ——a-w-  c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\Program Files\\Mozilla Firefox\\firefox.exe”=
“c:\\Program Files\\Real\\RealPlayer\\realplay.exe”=
“c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [03-05-2011 14:15 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03-05-2011 14:15 307288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 17:03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 17:03 51440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03-05-2011 14:15 19544]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS—> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19-04-2011 08:44 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [19-04-2011 08:44 399416]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01-09-2010 10:30 15544]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 17:51 4096]
S2 AMService;AMService;c:\windows\TEMP\spqa\setup.exe run—> c:\windows\TEMP\spqa\setup.exe run [?]
.
Indhold af mappen ‘Planlagte Opgaver’
.
2011-05-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-01 17:17]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.com/
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vxac64za.default\
FF - prefs.js: browser.startup.homepage - jobnet.dk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TVU Web Player: . - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: . - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: . - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - TOMME GENVEJE FJERNET - - - -
.
HKCU-Run-Knecu - c:\windows\slinton1.dll
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-04 21:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_USERS\S-1-5-21-1606980848-602162358-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1606980848-602162358-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F51C481-26D7-8BB5-FFDC-8F96F06B03F4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
“gaangkohmfdlcd”=hex:61,63,63,70,6b,64,65,64,6d,64,67,67,62,6f,64,70,6a,6f,6c,
  67,64,6f,6e,70,6c,64,6c,64,68,68,66,6f,6a,6f,67,65,61,6e,6c,64,6c,70,6b,65,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=”@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=“c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe”
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
——————————- DLLs startet under kørende Processer——————————-
.
- - - - - - - > ‘winlogon.exe’(1668)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > ‘explorer.exe’(2160)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Gennemført tid: 2011-05-04 21:26:50 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2011-05-04 19:26
ComboFix2.txt 2010-01-01 12:52
.
Pre-Kørsel: 2.489.307.136 bytes free
Post-Kørsel: 2.733.649.920 bytes free
.
- - End Of File - - 99F79D52478E6B75874815A0A3659992

Administrator
Avatar
Antal indlæg: 55662

Det ser fint ud, pånær Ask toolbar, afinstaller den i Tilføj/Fjern programmer, så er der ikke mere.

Hvordan kører maskinen?

Signatur

qui potest, obligatur

Nierne bomaye - You’ll never walk alone

Kaffen er drukket
Kassen er lukket
Støtten gør mere nytte
Hos de små og forknytte
Børns vilkår
Hospitalsklovne

Antal indlæg: 62

Desværre får jeg stadig mange fejlmeddelelser og advarlser fra Avast samt pop-ups med reklamer. Fejlmeddelelserne handler om at der mangler det ene og det andet.

Administrator
Avatar
Antal indlæg: 55662

Prøv dette:
Klik på Start->Kør skriv SFC /scannow(bemærk mellemrum), klik OK.
Din XP-CD skal sidde i drevet.
Når den er færdig, genstart, se om det hjalp.

Signatur

qui potest, obligatur

Nierne bomaye - You’ll never walk alone

Kaffen er drukket
Kassen er lukket
Støtten gør mere nytte
Hos de små og forknytte
Børns vilkår
Hospitalsklovne

Antal indlæg: 62

Hej Fromsej

Jeg får en fejlmeddelelse om at det ikke er den rigtige Win XP cd jeg sætter i, men det er altså den der er installeret på maskinen. Men det var først efter at programmet havde kørt i et godt stykke tid at fejlmeddelelsen kom.

MVH Steffen

Administrator
Avatar
Antal indlæg: 55662

Prøv at kigge her:
http://support.microsoft.com/?kbid=897128

Signatur

qui potest, obligatur

Nierne bomaye - You’ll never walk alone

Kaffen er drukket
Kassen er lukket
Støtten gør mere nytte
Hos de små og forknytte
Børns vilkår
Hospitalsklovne