Spywarefri Forum | langsom bærbar under opstart 2

langsom bærbar under opstart 2

[ Ignorer ] ghena
17.04.2012 00:00:41 Antal indlæg: 23	hej… har fået problemer med min bærbar igen.. den er igen blevet langsom i opstart, faktisk langsommere end sidst jeg havde problemer. http://www.spywarefri.dk/forum/viewthread/83333/ skal jeg følge vejledningen fra sidst, og prøve at sætte nogle logs herind…. mvh
[ Ignorer ] [ # 1 ] Magic Spyhunter
17.04.2012 07:48:41 Administrator Supporter Emeritus Antal indlæg: 32215	Hej skal jeg følge vejledningen fra sidst, og prøve at sætte nogle logs herind…. Ja, gør bare det, og send så DDS logfiler herind Signatur Sund Computer fornuft
[ Ignorer ] [ # 2 ] ghena
23.04.2012 20:07:39 Antal indlæg: 23	hovsa det er ik helt korrekt det jeg skriver.. min bærbar virker fint under opstart, det er kun når jeg skal lukke en internet side op det går galt, det tager ca 2-3 min, og imens kan jeg ikke bruge min bærbar til noget….. og nederst kommer der altid en træls gul boks op, det kom faktisk efter jeg fik renset min bærbar sidst..
[ Ignorer ] [ # 3 ] Magic Spyhunter
23.04.2012 22:37:53 Administrator Supporter Emeritus Antal indlæg: 32215	Ja ok, men send de logfiler herind…........... Signatur Sund Computer fornuft
[ Ignorer ] [ # 4 ] ghena
24.04.2012 22:51:53 Antal indlæg: 23	Malwarebytes Anti-Malware 1.61.0.1400 http://www.malwarebytes.org Database version: v2012.04.24.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Medion :: MEDION-PC [administrator] 24-04-2012 20:55:41 mbam-log-2012-04-24 (22-49-09).txt Skanningstype: Fuldstændig skanning Skanningsmuligheder valgt: Hukommelse \| Opstart \| Registreringsdatabasen \| Filsystem \| Heuristics/Ekstra \| Heuristics/Shuriken \| PUP \| PUM Skanningsmuligheder som er deaktiverede: P2P Objekter skannet: 326398 Tid gået: 1 time(e), 52 minut(ter), 46 sekund(er) Hukommelses Processorer Inficeret: 0 (Ingen skadelige objekter blev fundet) Hukommelses Moduler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasenøgler Inficeret: 71 HKLM\SYSTEM\CurrentControlSet\Services\TranslateLite_0gService (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{07cf5d37-f1c6-4fe5-a22c-e114417655d4} (PUP.MyWebSearch) -> Ingen handling valgt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CF5D37-F1C6-4FE5-A22C-E114417655D4} (PUP.MyWebSearch) -> Ingen handling valgt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CF5D37-F1C6-4FE5-A22C-E114417655D4} (PUP.MyWebSearch) -> Ingen handling valgt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CF5D37-F1C6-4FE5-A22C-E114417655D4} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{659171b5-d8aa-4cdd-863c-1abebfc380d2} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TypeLib\{ef1d25ca-1009-40a1-a756-ec6de78c0533} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\Interface\{14182547-CCB0-424E-ADD8-CD2F469012B7} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.SettingsPlugin.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.SettingsPlugin (PUP.MyWebSearch) -> Ingen handling valgt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{659171B5-D8AA-4CDD-863C-1ABEBFC380D2} (PUP.MyWebSearch) -> Ingen handling valgt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{659171B5-D8AA-4CDD-863C-1ABEBFC380D2} (PUP.MyWebSearch) -> Ingen handling valgt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TranslateLite_0gbar Uninstall (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{d1753dda-d492-4783-8b33-f7a4e7e56a0e} (PUP.MyWebSearch) -> Ingen handling valgt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1753DDA-D492-4783-8B33-F7A4E7E56A0E} (PUP.MyWebSearch) -> Ingen handling valgt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1753DDA-D492-4783-8B33-F7A4E7E56A0E} (PUP.MyWebSearch) -> Ingen handling valgt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1753DDA-D492-4783-8B33-F7A4E7E56A0E} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{ad7ffbd6-3174-470d-b719-5e58679d7b68} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.MultipleButton.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.MultipleButton (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{ef134a48-4ab7-4435-9896-ff1b8bf11a58} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TypeLib\{358b763b-aa83-497e-b381-f80192835d6d} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\Interface\{4083C88F-0FD9-4164-A876-D55B561D9272} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{9a772675-f2d4-427f-9e14-109107db2353} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TypeLib\{9f51d7cc-f510-41f9-a627-556dfae1173b} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\Interface\{3DDF6FA5-04EE-4320-BCC5-A22C8710EDAD} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{c1a34d1f-13f8-41cb-8119-6b34542182b9} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.DynamicBarButton.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.DynamicBarButton (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{078bc31b-99fb-4e8b-84f6-6ac9ba07d644} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TypeLib\{34ce8ab1-7972-4cc2-8319-247975bb3978} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\Interface\{1E41E0A3-A223-4CE0-A34D-B63B0D49FCE0} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.FeedManager.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.FeedManager (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{758b7e50-d4a6-4dac-818c-98578aa206cb} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TypeLib\{6e311000-8774-44cd-9c8a-dd5e2852b6aa} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\Interface\{49078A12-BACA-4D77-9926-A475CA7E5154} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.HTMLPanel.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.HTMLPanel (PUP.MyWebSearch) -> Ingen handling valgt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{758B7E50-D4A6-4DAC-818C-98578AA206CB} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{BADA09E6-824B-433A-AC80-DEA453E32C53} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.HTMLMenu.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.HTMLMenu (PUP.MyWebSearch) -> Ingen handling valgt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BADA09E6-824B-433A-AC80-DEA453E32C53} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{71ca2adf-8fbe-4c75-a82d-a30160274f46} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TypeLib\{68004b3a-a730-4955-a4be-834e93117d57} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\Interface\{A126A227-4B3E-487E-A94F-84330596833D} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{03b11b2c-c3e8-4927-b72c-0cb761520a02} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TypeLib\{5dcddf4d-4e9b-473b-8acf-5d517147f951} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\Interface\{4219B1DE-393C-4772-9D0B-1754EA6950E2} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.XMLSessionPlugin (PUP.MyWebSearch) -> Ingen handling valgt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03B11B2C-C3E8-4927-B72C-0CB761520A02} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{88897029-0643-46ab-ba4e-1a7640888274} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.Radio.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.Radio (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{a574fb23-8af1-4f94-8e7c-5e8a4919e55e} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.ScriptButton.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.ScriptButton (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{67c18eb2-bd97-4dd7-9038-af85adb8b782} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TypeLib\{c9449644-f00e-4980-85dd-33bab1045a0c} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\Interface\{0367AC8B-6844-4FB4-AEDE-33C6D19EACC4} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{83d5c7a5-1ff6-4a52-a168-fc37675c0699} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TypeLib\{017e0599-00f5-4c93-9e22-3a32140d5229} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\Interface\{245082E8-F35C-4911-AAAE-D31C2457C9EA} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.ThirdPartyInstaller (PUP.MyWebSearch) -> Ingen handling valgt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83D5C7A5-1FF6-4A52-A168-FC37675C0699} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\CLSID\{22901eda-2c4e-4f7b-b6b8-1f6b09d14652} (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.UrlAlertButton.1 (PUP.MyWebSearch) -> Ingen handling valgt. HKCR\TranslateLite_0g.UrlAlertButton (PUP.MyWebSearch) -> Ingen handling valgt. Registreringsdatabaseværdier Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasedata Objekter Inficeret: 0 (Ingen skadelige objekter blev fundet) Inficerede Mapper: 0 (Ingen skadelige objekter blev fundet) Inficerede Filer: 31 C:\Program Files\TranslateLite_0g\bar\1.bin\0gbarsvc.exe (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gSrcAs.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gbar.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gmlbtn.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gauxstb.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gbrstub.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gdatact.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gdlghk.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gdyn.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gfeedmg.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0ghighin.exe (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0ghkstub.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0ghtml.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0ghtmlmu.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0ghttpct.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gidle.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gieovr.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gimpipe.exe (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gmedint.exe (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gmsg.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gPlugin.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gradio.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gregfft.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0greghk.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gregiet.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gscript.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gskin.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gskplay.exe (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gSrchMn.exe (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0gtpinst.dll (PUP.MyWebSearch) -> Ingen handling valgt. C:\Program Files\TranslateLite_0g\bar\1.bin\0guabtn.dll (PUP.MyWebSearch) -> Ingen handling valgt. (færdig) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:50:00, on 24-04-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Medion\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Search Assistant BHO - {07cf5d37-f1c6-4fe5-a22c-e114417655d4} - C:\Program Files\TranslateLite_0g\bar\1.bin\0gSrcAs.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Toolbar BHO - {d1753dda-d492-4783-8b33-f7a4e7e56a0e} - C:\PROGRA~1\TRANSL~2\bar\1.bin\0gbar.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: TranslateLite - {8c068c2f-44c4-4a88-a18e-b1a612803bb5} - C:\Program Files\TranslateLite_0g\bar\1.bin\0gbar.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [avast] “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe” O4 - HKLM\..\Run: [ApnUpdater] “C:\Program Files\Ask.com\Updater\Updater.exe” O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background O4 - HKCU\..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Vis eller skjul HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20120222062743 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: TranslateLiteService (TranslateLite_0gService) - COMPANYVERS_NAME - C:\PROGRA~1\TRANSL~2\bar\1.bin\0gbarsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe — End of file - 9031 bytes
[ Ignorer ] [ # 5 ] Magic Spyhunter
25.04.2012 12:50:01 Administrator Supporter Emeritus Antal indlæg: 32215	Jeg går ud fra at du har ladet malwarebyte fjerne de fundne infektioner ? Hent Combofix, og gem den på dit skrivebord: Her NB -> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind. Den kan også findes her - > C: combofix txt Signatur Sund Computer fornuft
[ Ignorer ] [ # 6 ] ghena
26.04.2012 20:13:54 Antal indlæg: 23	tror malware selv fjernede de infektioner den fandt..
[ Ignorer ] [ # 7 ] ghena
28.04.2012 19:25:01 Antal indlæg: 23	ComboFix 12-04-28.01 - Medion 28-04-2012 19:02:54.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.3062.1898 [GMT 2:00] Kører fra: c:\users\Medion\Desktop\ComboFix.exe AV: avast! Antivirus Enabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus Enabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Medion\AppData\Local\Temp\F{0246CA20-776D-11D2-8010-00104B9B8592}0.xxx c:\windows\system32\bdaplgin.ax c:\windows\system32\cero.rs c:\windows\system32\esrb.rs c:\windows\system32\g711codc.ax c:\windows\system32\grb.rs c:\windows\system32\iac25_32.ax c:\windows\system32\ir41_32.ax c:\windows\system32\ivfsrc.ax c:\windows\system32\ksproxy.ax c:\windows\system32\kstvtune.ax c:\windows\system32\Kswdmcap.ax c:\windows\system32\ksxbar.ax c:\windows\system32\Mpeg2Data.ax c:\windows\system32\mpg2splt.ax c:\windows\system32\MSDvbNP.ax c:\windows\system32\MSNP.ax c:\windows\system32\oflc.rs c:\windows\system32\pegi-fi.rs c:\windows\system32\pegi-pt.rs c:\windows\system32\pegi.rs c:\windows\system32\pegibbfc.rs c:\windows\system32\psisrndr.ax c:\windows\system32\usk.rs c:\windows\system32\VBICodec.ax c:\windows\system32\vbisurf.ax c:\windows\system32\vidcap.ax c:\windows\system32\WEB.rs c:\windows\system32\WSTPager.ax . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-03-28 til 2012-04-28 ))))))))))))))))))))))))))))))))))) . . 2012-04-28 17:15 . 2012-04-28 17:16 ———— d——-w- c:\users\Medion\AppData\Local\temp 2012-04-28 17:15 . 2012-04-28 17:15 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-04-28 16:28 . 2012-04-13 07:36 6734704 ——a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A1F4A43-D2AA-4D97-A64F-DB33FD6E141F}\mpengine.dll 2012-04-24 18:53 . 2012-04-24 18:53 ———— d——-w- c:\users\Medion\AppData\Roaming\Malwarebytes 2012-04-24 18:53 . 2012-04-24 18:53 ———— d——-w- c:\programdata\Malwarebytes 2012-04-24 18:53 . 2012-04-24 18:53 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware 2012-04-24 18:53 . 2012-04-04 13:56 22344 ——a-w- c:\windows\system32\drivers\mbam.sys 2012-04-12 10:16 . 2012-02-29 15:11 5120 ——a-w- c:\windows\system32\wmi.dll 2012-04-12 10:16 . 2012-02-29 15:11 172032 ——a-w- c:\windows\system32\wintrust.dll 2012-04-12 10:16 . 2012-02-29 15:09 157696 ——a-w- c:\windows\system32\imagehlp.dll 2012-04-12 10:16 . 2012-02-29 13:32 12800 ——a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 10:15 . 2012-03-06 06:39 3602816 ——a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-12 10:15 . 2012-03-06 06:39 3550080 ——a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 09:53 . 2012-03-01 11:01 2409784 ——a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 22:25 . 2011-11-01 18:32 472808 ——a-w- c:\windows\system32\deployJava1.dll 2012-02-23 16:23 . 2012-03-04 14:54 41184 ——a-w- c:\windows\avastSS.scr 2012-02-23 16:23 . 2012-03-04 14:54 201352 ——a-w- c:\windows\system32\aswBoot.exe 2012-02-23 16:12 . 2012-03-04 14:55 610648 ——a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-23 16:12 . 2012-03-04 14:55 337112 ——a-w- c:\windows\system32\drivers\aswSP.sys 2012-02-23 16:10 . 2012-03-04 14:55 35672 ——a-w- c:\windows\system32\drivers\aswRdr.sys 2012-02-23 16:10 . 2012-03-04 14:55 53848 ——a-w- c:\windows\system32\drivers\aswTdi.sys 2012-02-23 16:10 . 2012-03-04 14:55 57688 ——a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-23 16:10 . 2012-03-04 14:55 20696 ——a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-02-23 08:18 . 2011-05-18 19:37 237072 ———w- c:\windows\system32\MpSigStub.exe 2012-02-15 10:46 . 2012-02-15 10:46 161792 ——a-w- c:\windows\system32\msls31.dll 2012-02-15 10:46 . 2012-02-15 10:46 86528 ——a-w- c:\windows\system32\iesysprep.dll 2012-02-15 10:46 . 2012-02-15 10:46 76800 ——a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-15 10:46 . 2012-02-15 10:46 74752 ——a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-15 10:46 . 2012-02-15 10:46 63488 ——a-w- c:\windows\system32\tdc.ocx 2012-02-15 10:46 . 2012-02-15 10:46 48640 ——a-w- c:\windows\system32\mshtmler.dll 2012-02-15 10:46 . 2012-02-15 10:46 367104 ——a-w- c:\windows\system32\html.iec 2012-02-15 10:46 . 2012-02-15 10:46 74752 ——a-w- c:\windows\system32\iesetup.dll 2012-02-15 10:46 . 2012-02-15 10:46 420864 ——a-w- c:\windows\system32\vbscript.dll 2012-02-15 10:46 . 2012-02-15 10:46 23552 ——a-w- c:\windows\system32\licmgr10.dll 2012-02-15 10:46 . 2012-02-15 10:46 152064 ——a-w- c:\windows\system32\wextract.exe 2012-02-15 10:46 . 2012-02-15 10:46 150528 ——a-w- c:\windows\system32\iexpress.exe 2012-02-15 10:46 . 2012-02-15 10:46 35840 ——a-w- c:\windows\system32\imgutil.dll 2012-02-15 10:46 . 2012-02-15 10:46 142848 ——a-w- c:\windows\system32\ieUnatt.exe 2012-02-15 10:46 . 2012-02-15 10:46 11776 ——a-w- c:\windows\system32\mshta.exe 2012-02-15 10:46 . 2012-02-15 10:46 110592 ——a-w- c:\windows\system32\IEAdvpack.dll 2012-02-15 10:46 . 2012-02-15 10:46 101888 ——a-w- c:\windows\system32\admparse.dll 2012-02-14 15:45 . 2012-03-13 19:29 219648 ——a-w- c:\windows\system32\d3d10_1core.dll 2012-02-14 15:45 . 2012-03-13 19:29 160768 ——a-w- c:\windows\system32\d3d10_1.dll 2012-02-13 14:12 . 2012-03-13 19:29 1172480 ——a-w- c:\windows\system32\d3d10warp.dll 2012-02-13 13:47 . 2012-03-13 19:29 683008 ——a-w- c:\windows\system32\d2d1.dll 2012-02-13 13:44 . 2012-03-13 19:29 1068544 ——a-w- c:\windows\system32\DWrite.dll 2012-02-07 09:02 . 2012-02-07 09:02 1070352 ——a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-02 15:16 . 2012-03-13 19:29 2044416 ——a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] “{00000000-6E41-4FD3-8538-502F5495E5FC}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}] 2011-10-27 09:24 225584 ——a-w- c:\program files\BrowserCompanion\jsloader.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07cf5d37-f1c6-4fe5-a22c-e114417655d4}] 2011-11-07 13:53 62864 ——a-w- c:\program files\TranslateLite_0g\bar\1.bin\0gSrcAs.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 15:31 1514152 ——a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] “{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @=”{472083B0-C522-11CF-8763-00608CC02F24}” [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-02-23 16:23 123536 ——a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2012-02-02 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Persistence”=“c:\windows\system32\igfxpers.exe” [2008-04-01 133656] “SynTPStart”=“c:\program files\Synaptics\SynTP\SynTPStart.exe” [2007-08-31 102400] “Skytel”=“Skytel.exe” [2007-11-20 1826816] “avast”=“c:\program files\AVAST Software\Avast\avastUI.exe” [2012-02-23 4031368] “HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-05-08 54840] “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696] “ApnUpdater”=“c:\program files\Ask.com\Updater\Updater.exe” [2012-01-03 1391272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “EnableUIADesktopToggle”= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “EnableShellExecuteHooks”= 1 (0x1) . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Indhold af mappen ‘Planlagte Opgaver’ . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-18 19:36] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-18 19:36] . . ———- Yderligere scanning———- . uInternet Settings,ProxyOverride = .local IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22 Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20120222062743 . - - - - TOMME GENVEJE FJERNET - - - - . WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file) . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-28 19:16 Windows 6.0.6002 Service Pack 2 NTFS . scanner skjulte processer ... . scanner skjulte autostarter ... . scanner skjulte filer ... . . c:\users\Medion\AppData\Local\Temp\catchme.dll 53248 bytes executable . scanning gennemført med succes skjulte filer: 1 . ************************************************************************ . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . Gennemført tid: 2012-04-28 19:23:46 ComboFix-quarantined-files.txt 2012-04-28 17:23 . Pre-Kørsel: 132.434.006.016 byte ledig Post-Kørsel: 132.362.940.416 byte ledig . - - End Of File - - 26000D5922B6318680E32E2EBE643CCF
[ Ignorer ] [ # 8 ] ghena
28.04.2012 19:25:18 Antal indlæg: 23	ComboFix 12-04-28.01 - Medion 28-04-2012 19:02:54.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.3062.1898 [GMT 2:00] Kører fra: c:\users\Medion\Desktop\ComboFix.exe AV: avast! Antivirus Enabled/Updated {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus Enabled/Updated {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Medion\AppData\Local\Temp\F{0246CA20-776D-11D2-8010-00104B9B8592}0.xxx c:\windows\system32\bdaplgin.ax c:\windows\system32\cero.rs c:\windows\system32\esrb.rs c:\windows\system32\g711codc.ax c:\windows\system32\grb.rs c:\windows\system32\iac25_32.ax c:\windows\system32\ir41_32.ax c:\windows\system32\ivfsrc.ax c:\windows\system32\ksproxy.ax c:\windows\system32\kstvtune.ax c:\windows\system32\Kswdmcap.ax c:\windows\system32\ksxbar.ax c:\windows\system32\Mpeg2Data.ax c:\windows\system32\mpg2splt.ax c:\windows\system32\MSDvbNP.ax c:\windows\system32\MSNP.ax c:\windows\system32\oflc.rs c:\windows\system32\pegi-fi.rs c:\windows\system32\pegi-pt.rs c:\windows\system32\pegi.rs c:\windows\system32\pegibbfc.rs c:\windows\system32\psisrndr.ax c:\windows\system32\usk.rs c:\windows\system32\VBICodec.ax c:\windows\system32\vbisurf.ax c:\windows\system32\vidcap.ax c:\windows\system32\WEB.rs c:\windows\system32\WSTPager.ax . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-03-28 til 2012-04-28 ))))))))))))))))))))))))))))))))))) . . 2012-04-28 17:15 . 2012-04-28 17:16 ———— d——-w- c:\users\Medion\AppData\Local\temp 2012-04-28 17:15 . 2012-04-28 17:15 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-04-28 16:28 . 2012-04-13 07:36 6734704 ——a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A1F4A43-D2AA-4D97-A64F-DB33FD6E141F}\mpengine.dll 2012-04-24 18:53 . 2012-04-24 18:53 ———— d——-w- c:\users\Medion\AppData\Roaming\Malwarebytes 2012-04-24 18:53 . 2012-04-24 18:53 ———— d——-w- c:\programdata\Malwarebytes 2012-04-24 18:53 . 2012-04-24 18:53 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware 2012-04-24 18:53 . 2012-04-04 13:56 22344 ——a-w- c:\windows\system32\drivers\mbam.sys 2012-04-12 10:16 . 2012-02-29 15:11 5120 ——a-w- c:\windows\system32\wmi.dll 2012-04-12 10:16 . 2012-02-29 15:11 172032 ——a-w- c:\windows\system32\wintrust.dll 2012-04-12 10:16 . 2012-02-29 15:09 157696 ——a-w- c:\windows\system32\imagehlp.dll 2012-04-12 10:16 . 2012-02-29 13:32 12800 ——a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 10:15 . 2012-03-06 06:39 3602816 ——a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-12 10:15 . 2012-03-06 06:39 3550080 ——a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 09:53 . 2012-03-01 11:01 2409784 ——a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 22:25 . 2011-11-01 18:32 472808 ——a-w- c:\windows\system32\deployJava1.dll 2012-02-23 16:23 . 2012-03-04 14:54 41184 ——a-w- c:\windows\avastSS.scr 2012-02-23 16:23 . 2012-03-04 14:54 201352 ——a-w- c:\windows\system32\aswBoot.exe 2012-02-23 16:12 . 2012-03-04 14:55 610648 ——a-w- c:\windows\system32\drivers\aswSnx.sys 2012-02-23 16:12 . 2012-03-04 14:55 337112 ——a-w- c:\windows\system32\drivers\aswSP.sys 2012-02-23 16:10 . 2012-03-04 14:55 35672 ——a-w- c:\windows\system32\drivers\aswRdr.sys 2012-02-23 16:10 . 2012-03-04 14:55 53848 ——a-w- c:\windows\system32\drivers\aswTdi.sys 2012-02-23 16:10 . 2012-03-04 14:55 57688 ——a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-02-23 16:10 . 2012-03-04 14:55 20696 ——a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-02-23 08:18 . 2011-05-18 19:37 237072 ———w- c:\windows\system32\MpSigStub.exe 2012-02-15 10:46 . 2012-02-15 10:46 161792 ——a-w- c:\windows\system32\msls31.dll 2012-02-15 10:46 . 2012-02-15 10:46 86528 ——a-w- c:\windows\system32\iesysprep.dll 2012-02-15 10:46 . 2012-02-15 10:46 76800 ——a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-15 10:46 . 2012-02-15 10:46 74752 ——a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-15 10:46 . 2012-02-15 10:46 63488 ——a-w- c:\windows\system32\tdc.ocx 2012-02-15 10:46 . 2012-02-15 10:46 48640 ——a-w- c:\windows\system32\mshtmler.dll 2012-02-15 10:46 . 2012-02-15 10:46 367104 ——a-w- c:\windows\system32\html.iec 2012-02-15 10:46 . 2012-02-15 10:46 74752 ——a-w- c:\windows\system32\iesetup.dll 2012-02-15 10:46 . 2012-02-15 10:46 420864 ——a-w- c:\windows\system32\vbscript.dll 2012-02-15 10:46 . 2012-02-15 10:46 23552 ——a-w- c:\windows\system32\licmgr10.dll 2012-02-15 10:46 . 2012-02-15 10:46 152064 ——a-w- c:\windows\system32\wextract.exe 2012-02-15 10:46 . 2012-02-15 10:46 150528 ——a-w- c:\windows\system32\iexpress.exe 2012-02-15 10:46 . 2012-02-15 10:46 35840 ——a-w- c:\windows\system32\imgutil.dll 2012-02-15 10:46 . 2012-02-15 10:46 142848 ——a-w- c:\windows\system32\ieUnatt.exe 2012-02-15 10:46 . 2012-02-15 10:46 11776 ——a-w- c:\windows\system32\mshta.exe 2012-02-15 10:46 . 2012-02-15 10:46 110592 ——a-w- c:\windows\system32\IEAdvpack.dll 2012-02-15 10:46 . 2012-02-15 10:46 101888 ——a-w- c:\windows\system32\admparse.dll 2012-02-14 15:45 . 2012-03-13 19:29 219648 ——a-w- c:\windows\system32\d3d10_1core.dll 2012-02-14 15:45 . 2012-03-13 19:29 160768 ——a-w- c:\windows\system32\d3d10_1.dll 2012-02-13 14:12 . 2012-03-13 19:29 1172480 ——a-w- c:\windows\system32\d3d10warp.dll 2012-02-13 13:47 . 2012-03-13 19:29 683008 ——a-w- c:\windows\system32\d2d1.dll 2012-02-13 13:44 . 2012-03-13 19:29 1068544 ——a-w- c:\windows\system32\DWrite.dll 2012-02-07 09:02 . 2012-02-07 09:02 1070352 ——a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-02 15:16 . 2012-03-13 19:29 2044416 ——a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] “{00000000-6E41-4FD3-8538-502F5495E5FC}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}] 2011-10-27 09:24 225584 ——a-w- c:\program files\BrowserCompanion\jsloader.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07cf5d37-f1c6-4fe5-a22c-e114417655d4}] 2011-11-07 13:53 62864 ——a-w- c:\program files\TranslateLite_0g\bar\1.bin\0gSrcAs.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 15:31 1514152 ——a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] “{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @=”{472083B0-C522-11CF-8763-00608CC02F24}” [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-02-23 16:23 123536 ——a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2012-02-02 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Persistence”=“c:\windows\system32\igfxpers.exe” [2008-04-01 133656] “SynTPStart”=“c:\program files\Synaptics\SynTP\SynTPStart.exe” [2007-08-31 102400] “Skytel”=“Skytel.exe” [2007-11-20 1826816] “avast”=“c:\program files\AVAST Software\Avast\avastUI.exe” [2012-02-23 4031368] “HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-05-08 54840] “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696] “ApnUpdater”=“c:\program files\Ask.com\Updater\Updater.exe” [2012-01-03 1391272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “EnableUIADesktopToggle”= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “EnableShellExecuteHooks”= 1 (0x1) . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Indhold af mappen ‘Planlagte Opgaver’ . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-18 19:36] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-18 19:36] . . ———- Yderligere scanning———- . uInternet Settings,ProxyOverride = .local IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22 Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20120222062743 . - - - - TOMME GENVEJE FJERNET - - - - . WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file) . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-28 19:16 Windows 6.0.6002 Service Pack 2 NTFS . scanner skjulte processer ... . scanner skjulte autostarter ... . scanner skjulte filer ... . . c:\users\Medion\AppData\Local\Temp\catchme.dll 53248 bytes executable . scanning gennemført med succes skjulte filer: 1 . ************************************************************************ . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . Gennemført tid: 2012-04-28 19:23:46 ComboFix-quarantined-files.txt 2012-04-28 17:23 . Pre-Kørsel: 132.434.006.016 byte ledig Post-Kørsel: 132.362.940.416 byte ledig . - - End Of File - - 26000D5922B6318680E32E2EBE643CCF
[ Ignorer ] [ # 9 ] Magic Spyhunter
29.04.2012 10:12:47 Administrator Supporter Emeritus Antal indlæg: 32215	Det ser ikke helt rigtigt ud, så fortæl lige om computeren opfører sig normalt ? Signatur Sund Computer fornuft
[ Ignorer ] [ # 10 ] ghena
30.04.2012 14:20:55 Antal indlæg: 23	hvad mener du, med det ik ser helt rigtigt ud??? har jeg gjort det forkert??
[ Ignorer ] [ # 11 ] Magic Spyhunter
30.04.2012 14:33:09 Administrator Supporter Emeritus Antal indlæg: 32215	har jeg gjort det forkert?? Nej, slet ikke Men det ser ud til at combofix har slettet nogen system audio filer. Signatur Sund Computer fornuft
[ Ignorer ] [ # 12 ] ghena
01.05.2012 11:54:43 Antal indlæg: 23	okay, hvad vil det sige??? hvad skal jeg så gøre ny???
[ Ignorer ] [ # 13 ] Magic Spyhunter
01.05.2012 13:19:35 Administrator Supporter Emeritus Antal indlæg: 32215	Hvis computeren opfører sig helt normalt, er der ingen grund til at gøre mere…........... Signatur Sund Computer fornuft
[ Ignorer ] [ # 14 ] ghena
03.05.2012 10:32:36 Antal indlæg: 23	det gør den egentlig ik.. det var derfor jeg skrev herinde, hver gang jeg åbner en internet side 1 gang, går den i sort.. så går der 2 min og så den klar igen.. det er faktisk det problem jeg vil have fikset, hvis det kan lade sig gøre
[ Ignorer ] [ # 15 ] ghena
03.05.2012 10:34:25 Antal indlæg: 23	og mange af hjemmesiderne fungere ikke helt som de skal, inkl jeres hjemmeside… skriften bliver dobbelt, og når jeg sender et svar herinde, får jeg en besked om at en ikke kunne sende pga en fejl, selv om den faktisk er sendt