Hej, og velkommmen til

Hvis ComboFix lavede en log, vil vi gerne se den.

Du skal ikke køre den igen

———

Hent og kør DDS.

Du kan også bruge denne DDS.

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af begge herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet.

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

Hej
Her er de så
men UPS… har desværre kørt combofix 2 gange
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Magnus at 14:05:36 on 2012-08-22
Microsoft Windows 7 Starter   6.1.7600.0.1252.45.1030.18.1013.660 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.dk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - c:\program files\bluetooth suite\IEPlugIn.dll
mRun: [Adobe Reader Speed Launcher] “c:\program files\adobe\reader 9.0\reader\Reader_sl.exe”
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B3E7129A-322C-4828-B61E-F4DE15DE11DE} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B3E7129A-322C-4828-B61E-F4DE15DE11DE}\14B464 : DhcpNameServer = 192.168.20.2
TCP: Interfaces\{B3E7129A-322C-4828-B61E-F4DE15DE11DE}\2457666616C6F6 : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{B3E7129A-322C-4828-B61E-F4DE15DE11DE}\A5978554C42323 : DhcpNameServer = 192.168.2.1 89.150.129.22 89.150.129.10
TCP: Interfaces\{B3E7129A-322C-4828-B61E-F4DE15DE11DE}\E4977616162746 : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2010-9-27 26984]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-9-1 68208]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2010-9-27 56480]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-9-1 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2011-11-26 735776]
S2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-9-1 13336]
S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-9-1 260640]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-9-1 243232]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2010-9-27 37224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-9-27 260968]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2010-9-27 178024]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2010-9-27 51560]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2010-9-27 143336]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2010-9-27 242024]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-9-1 82768]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-17 38224]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-12-21 155344]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-6-27 791488]
S4 MySecurityCenter License Service;MySecurityCenter License Service;c:\program files\mysecuritycenter\programs\service.exe [2010-10-20 78192]
.
=============== Created Last 30 ================
.
2012-08-19 09:41:46   ————  d-sh—w-  C:\$RECYCLE.BIN
2012-08-19 08:05:42   ————  d——-w-  c:\users\magnus\appdata\roaming\SUPERAntiSpyware.com
2012-08-19 08:05:20   ————  d——-w-  c:\programdata\SUPERAntiSpyware.com
2012-08-19 08:05:20   ————  d——-w-  c:\program files\SUPERAntiSpyware
2012-08-18 17:10:06   6891424   ——a-w-  c:\programdata\microsoft\windows defender\definition updates\{c5f5ca5c-af6a-4d34-8322-368b92e672cf}\mpengine.dll
2012-08-18 07:55:55   393216   ——a-w-  c:\windows\system32\drivers\bthport.sys
2012-08-17 14:46:57   ————  d——-w-  c:\program files\ESET
2012-08-17 10:50:06   ————  d——-w-  c:\users\magnus\appdata\roaming\Malwarebytes
2012-08-17 10:49:51   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-17 10:49:48   20952   ——a-w-  c:\windows\system32\drivers\mbam.sys
2012-08-17 10:49:48   ————  d——-w-  c:\programdata\Malwarebytes
2012-08-17 10:49:48   ————  d——-w-  c:\program files\Malwarebytes’ Anti-Malware
2012-08-17 08:00:32   ————  d——-w-  c:\users\magnus\appdata\local\temp
2012-08-17 06:29:35   98816   ——a-w-  c:\windows\sed.exe
2012-08-17 06:29:35   518144   ——a-w-  c:\windows\SWREG.exe
2012-08-17 06:29:35   256000   ——a-w-  c:\windows\PEV.exe
2012-08-17 06:29:35   208896   ——a-w-  c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-07-08 21:11:49   476936   ——a-w-  c:\windows\system32\npdeployJava1.dll
2012-07-08 21:11:49   472840   ——a-w-  c:\windows\system32\deployJava1.dll
2012-06-02 22:12:32   2422272   ——a-w-  c:\windows\system32\wucltux.dll
2012-06-02 22:12:13   88576   ——a-w-  c:\windows\system32\wudriver.dll
2012-06-02 13:19:42   171904   ——a-w-  c:\windows\system32\wuwebv.dll
2012-06-02 13:12:20   33792   ——a-w-  c:\windows\system32\wuapp.exe
2012-05-31 10:25:14   237072   ———w-  c:\windows\system32\MpSigStub.exe
2012-04-09 12:17:30   450   ——a-w-  c:\program files\nonenone.bat
.
============= FINISH: 14:08:08,19 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 26-11-2011 20:56:34
System Uptime: 22-08-2012 13:58:17 (1 hours ago)
.
Motherboard: Acer |  | AO533
Processor: Intel(R) Atom(TM) CPU N455   @ 1.66GHz | CPU | 1662/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 188,28 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 MUI
Adobe Shockwave Player 11.6
ALPS Touch Pad Driver
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bing Bar
Bluetooth Win7 Suite
CCleaner
DVD Architect Studio 5.0
ENE USB Card Reader Driver
ESET Online Scanner v3
eSobi v2
Google Chrome
HP Deskjet 1050 J410 series grundlæggende enhedssoftware
HP Deskjet 1050 J410 series Hjælp
HP Deskjet 1050 J410 series produktforbedringsundersøgelse
HP Photo Creations
HP Update
Identity Card
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 33
Junk Mail filter update
Launch Manager
Malwarebytes’ Anti-Malware
Media Go
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DAN Language Pack
Microsoft .NET Framework 4 Client Profile DAN sprogpakke
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Klik og kør 2010
Microsoft Office Starter 2010 - dansk
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT Redists
MYPCTuneUp
MySecurityCenter License Service
OpenOffice.org 3.3
Overførselsværktøj til Windows Live
PlayStation(R)Network Downloader
PlayStation(R)Store
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2518870)
Skype Click to Call
Skype™ 5.8
Spotify
swMSM
Tilmeldingsassistent til Windows Live
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
YouTube Downloader 3.5
YouTube Downloader Toolbar v6.0
.
==== End Of File ===========================

Vil du godt find C:\Qoobox\ComboFix-quarantined-files.txt, og kopiere den herind.

2012-08-19 09:41:30 . 2012-08-19 09:41:30         876——a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-vProt.reg.dat
2012-08-19 09:41:29 . 2012-08-19 09:41:29         970——a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SearchSettings.reg.dat
2012-08-19 09:41:29 . 2012-08-19 09:41:29         974——a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ROC_roc_dec12.reg.dat
2012-08-19 09:41:28 . 2012-08-19 09:41:28         882——a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AVG_TRAY.reg.dat
2012-08-17 07:59:53 . 2012-08-17 07:59:53         480——a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-BrowserCompanion.reg.dat
2012-08-17 07:59:16 . 2012-08-17 07:59:16         1,034——a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Browser companion helper.reg.dat
2012-08-17 07:58:42 . 2012-08-17 07:58:42         600——a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}.reg.dat
2012-08-17 07:58:40 . 2012-08-17 07:58:40           92——a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2012-08-17 07:16:58 . 2012-08-19 09:28:08       13,223——a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-08-17 06:29:28 . 2012-08-19 08:40:49         124——a-w-  C:\Qoobox\Quarantine\catchme.log
2012-02-01 11:12:12 . 2012-02-01 11:12:12       52,307——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\uninstall.exe.vir
2011-12-22 12:57:22 . 2011-12-22 12:57:22       99,494——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\blabbers-ch.crx.vir
2011-12-22 12:57:22 . 2011-12-22 12:57:22       64,694——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\blabbers-ff-full.xpi.vir
2011-12-16 06:55:44 . 2011-12-16 06:55:44       187,696——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\BCHelper.exe.vir
2011-11-26 17:30:11 . 2011-11-26 18:09:05     1,056,768——a-w-  C:\Qoobox\Quarantine\C\Windows\security\database\tmp.edb.vir
2011-10-27 09:25:28 . 2011-10-27 09:25:28       219,440——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\widgetserv.exe.vir
2011-10-27 09:25:26 . 2011-10-27 09:25:26       127,792——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\toolbar.dll.vir
2011-10-27 09:25:26 . 2011-10-27 09:25:26       141,104——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\updatebhoWin32.dll.vir
2011-10-27 09:25:22 . 2011-10-27 09:25:22       158,512——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\tdataprotocol.dll.vir
2011-10-27 09:25:20 . 2011-10-27 09:25:20       225,584——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\jsloader.dll.vir
2011-08-07 11:54:44 . 2011-08-07 11:54:44       362,029——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\sqlite3.dll.vir
2010-09-01 08:00:34 . 2010-03-02 22:59:32       131,984——a-w-  C:\Qoobox\Quarantine\C\ProgramData\FullRemove.exe.vir
2010-03-10 09:30:54 . 2010-03-10 09:30:54         122——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\updater.ini.vir
2010-02-15 08:11:14 . 2010-02-15 08:11:14         5,430——a-w-  C:\Qoobox\Quarantine\C\Program Files\BrowserCompanion\logo.ico.vir

Vil du godt afinstallere SUPERAntiSpyware og Malwarebytes.

Hent og kør denne fil http://www.malwarebytes.org/mbam-clean.exe
Den vil genstarte din PC. Lad den gøre det.

Hent så en ny Malwarebytes. http://www.besttechie.net/tools/mbam-setup.exe
Installer den og prøv igen.

har prøvet at afinstallere super antispyware men den dukker ikke op i “fjernprogrammer” hverken i windows eller ccleaner…

Prøv med Revo Uninstaller.

Fik du afinstalleret Malwarebytes og kørt mbam-clean.exe

mbam er afinstalleret , prøver lige revo..

Kom du videre

Hey
Nu har jeg flere gange forsøgt at køre mbam, men uden held, den stopper simpelthen når den når til windowsfilerne, men den finder stadig mallware som jeg bare ikke kan få slettet da den ikke bliver færdig

Hent og kør disse:
Prøv dem en af gangen, til en af dem virker.

Rkill.exe - http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com - http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr - http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif - http://download.bleepingcomputer.com/grinler/rkill.pif
http://download.bleepingcomputer.com/grinler/iExplore.exe (Omdøbt rkill)
http://download.bleepingcomputer.com/grinler/eXplorer.exe (Omdøbt rkill)
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe (Omdøbt rkill)
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe (Omdøbt rkill)

Der vil nu åbnes en logfil. Kopier den herind.

Hejsa
Her er rkill log, den er kørt i fejlsikret tilstand

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/27/2012 06:55:23 AM in x86 mode.
Windows Version: Windows 7 Starter

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* BITS (Background Intelligent Transfer Service) (BITS) is not Running.
  Startup Type set to: Automatic (Delayed Start)

* COM+ Event System (EventSystem) is not Running.
  Startup Type set to: Automatic

* Sikkerhedscenter (wscsvc) is not Running.
  Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
  Startup Type set to: Automatic (Delayed Start)

* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* SensrSvc [Missing Service]
* UmRdpService [Missing Service]
* WatAdminSvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/27/2012 06:55:37 AM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

Den fortalte desværre ikke så meget nyt.

———

Du skal helst downloade fra en anden PC.

———

Til 32 bit Windows, hent Farbar Recovery Scan Tool og gem den på en USB nøgle.

Sæt USB nøglen i den inficerede PC.

Start PCen op med “Advanced Boot Options” (Tryk F8 flere gange under opstart)
Vælg “Repair Your Computer”
Vælg sprog.
Vælg Bruger konto.

Så skal du vælge Kommando Prompt.

Der skriver du notepad, og trykker <Enter>

Vælg Fil menu -> Åbn og vælg “Computer”. Find drevbogstavet til din USB nøgle. Luk Notesblok.

Ved Kommando prompten skriver du e:\frst.exe

Erstat e med det rigtige bogstav.

Når Farbar Recovery Scan Tool er startet, klikker du på Scan.

Den laver FRST.txt på USB nøglen. Kopier den herind i dit næste indlæg.

———

Vil du godt vedhæfte C:\Combofix.txt og C:\Qoobox\ComboFix2.txt i dit næste indlæg.

Du skal ikke vedhæfte FRST.txt

ComboFix 12-08-18.03 - Magnus 19-08-2012 10:40:49.2.2 - x86 NETWORK
Microsoft Windows 7 Starter   6.1.7600.0.1252.45.1030.18.1013.647 [GMT 2:00]
Kører fra: c:\users\Magnus\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-07-19 til 2012-08-19 )))))))))))))))))))))))))))))))))))
.
.
2012-08-19 09:38 . 2012-08-19 09:38   ————  d——-w-  c:\users\Default\AppData\Local\temp
2012-08-19 08:40 . 2012-08-19 08:40   56200   ——a-w-  c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5F5CA5C-AF6A-4D34-8322-368B92E672CF}\offreg.dll
2012-08-19 08:05 . 2012-08-19 08:05   ————  d——-w-  c:\users\Magnus\AppData\Roaming\SUPERAntiSpyware.com
2012-08-19 08:05 . 2012-08-19 08:05   ————  d——-w-  c:\program files\SUPERAntiSpyware
2012-08-19 08:05 . 2012-08-19 08:05   ————  d——-w-  c:\programdata\SUPERAntiSpyware.com
2012-08-18 20:16 . 2009-07-14 01:14   179712   -c——w-  c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_efd465ff862a731419d5cbb67417272a2f72cd_cab_03e13d40\notepad.exe
2012-08-18 17:10 . 2012-07-16 00:41   6891424   ——a-w-  c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5F5CA5C-AF6A-4D34-8322-368B92E672CF}\mpengine.dll
2012-08-18 07:55 . 2012-07-06 19:31   393216   ——a-w-  c:\windows\system32\drivers\bthport.sys
2012-08-17 14:46 . 2012-08-17 14:46   ————  d——-w-  c:\program files\ESET
2012-08-17 10:50 . 2012-08-17 10:50   ————  d——-w-  c:\users\Magnus\AppData\Roaming\Malwarebytes
2012-08-17 10:49 . 2010-04-29 13:39   38224   ——a-w-  c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-17 10:49 . 2012-08-17 10:49   ————  d——-w-  c:\program files\Malwarebytes’ Anti-Malware
2012-08-17 10:49 . 2012-08-17 10:49   ————  d——-w-  c:\programdata\Malwarebytes
2012-08-17 10:49 . 2010-04-29 13:39   20952   ——a-w-  c:\windows\system32\drivers\mbam.sys
2012-08-17 08:00 . 2012-08-19 09:38   ————  d——-w-  c:\users\Magnus\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 21:11 . 2012-07-08 21:12   476936   ——a-w-  c:\windows\system32\npdeployJava1.dll
2012-07-08 21:11 . 2011-11-27 14:54   472840   ——a-w-  c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-25 08:34   53784   ——a-w-  c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 08:34   45080   ——a-w-  c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 08:33   35864   ——a-w-  c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 08:33   577048   ——a-w-  c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-25 08:34   1933848   ——a-w-  c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-25 08:34   2422272   ——a-w-  c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-25 08:33   88576   ——a-w-  c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-25 08:33   171904   ——a-w-  c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-25 08:33   33792   ——a-w-  c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2012-03-02 19:32   237072   ———w-  c:\windows\system32\MpSigStub.exe
2012-04-09 12:17 . 2012-04-09 12:17   450   ——a-w-  c:\program files\nonenone.bat
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-28 35696]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2010-10-25 141848]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2010-10-25 173592]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2010-10-25 150552]
“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe” [2010-06-09 49208]
“Apoint”=“c:\program files\Apoint2K\Apoint.exe” [2010-04-13 248440]
“Acer ePower Management”=“c:\program files\Acer\Acer ePower Management\ePowerTray.exe” [2010-06-11 715296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ——a-w-  c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“midi1”=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=”“
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=”“
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Magnus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Magnus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk]
path=c:\users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk
backup=c:\windows\pss\Socialbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
2010-09-27 11:39   302240   ——a-w-  c:\program files\Bluetooth Suite\AthBtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
2010-09-27 11:39   486560   ——a-w-  c:\program files\Bluetooth Suite\BtvStack.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-27 14:26   136176   ——atw-  c:\users\Magnus\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-06-08 17:49   284696   ——a-w-  c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-08-10 09:06   975952   ——a-w-  c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12   3872080   ——a-w-  c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regist]
2010-10-20 14:51   385392   ——a-w-  c:\program files\MySecurityCenter\Programs\registrationpopup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-08-03 10:07   9398888   ——a-w-  c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchEngineProtection]
2011-11-01 15:24   616088   ——a-w-  c:\program files\GamesBar\SearchEngineProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setc]
2010-10-20 14:51   389488   ——a-w-  c:\program files\MySecurityCenter\Programs\setc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55   17148552   ——a-r-  c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06   433872   ——a-w-  c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-05-21 15:17   9478320   ——a-w-  c:\users\Magnus\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02   254696   ——a-w-  c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.SYS [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
R4 MySecurityCenter License Service;MySecurityCenter License Service;c:\program files\MySecurityCenter\Programs\service.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3472344635-643764670-807093891-1000Core.job
- c:\users\Magnus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 14:26]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3472344635-643764670-807093891-1000UA.job
- c:\users\Magnus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 14:26]
.
2012-08-19 c:\windows\Tasks\MYPCTuneUp-Magnus-Notification.job
- c:\program files\MYPCTuneUp\MYPCTuneUp\Sync.exe [2011-10-06 10:59]
.
2012-08-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 88b774a9-3441-4e5e-b790-dac6cc5cf29f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e350f6db-52ee-40cd-bbfb-49a741766316.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
IE: {{7815BE26-237D-41A8-A98F-F7BD75F71086}
TCP: DhcpNameServer = 192.168.0.1
.
- - - - TOMME GENVEJE FJERNET - - - -
.
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2012-08-19 11:45:20
ComboFix-quarantined-files.txt 2012-08-19 09:44
ComboFix2.txt 2012-08-17 08:00
.
Pre-Kørsel: 202.109.804.544 byte ledig
Post-Kørsel: 202.113.122.304 byte ledig
.
- - End Of File - - 440FB0A9B0A9CDB6C1FC0B52EB3E57C0

ComboFix 12-08-17.01 - Magnus 17-08-2012   8:32.1.2 - x86 NETWORK
Microsoft Windows 7 Starter   6.1.7600.0.1252.45.1030.18.1013.653 [GMT 2:00]
Kører fra: D:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\BCHelper.exe
c:\program files\BrowserCompanion\blabbers-ch.crx
c:\program files\BrowserCompanion\blabbers-ff-full.xpi
c:\program files\BrowserCompanion\jsloader.dll
c:\program files\BrowserCompanion\logo.ico
c:\program files\BrowserCompanion\sqlite3.dll
c:\program files\BrowserCompanion\tdataprotocol.dll
c:\program files\BrowserCompanion\toolbar.dll
c:\program files\BrowserCompanion\uninstall.exe
c:\program files\BrowserCompanion\updatebhoWin32.dll
c:\program files\BrowserCompanion\updater.ini
c:\program files\BrowserCompanion\widgetserv.exe
c:\programdata\FullRemove.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-07-17 til 2012-08-17 )))))))))))))))))))))))))))))))))))
.
.
2012-08-17 07:29 . 2012-08-17 07:52   ————  d——-w-  c:\users\Magnus\AppData\Local\temp
2012-08-17 07:29 . 2012-08-17 07:29   ————  d——-w-  c:\users\Default\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 21:11 . 2012-07-08 21:12   476936   ——a-w-  c:\windows\system32\npdeployJava1.dll
2012-07-08 21:11 . 2011-11-27 14:54   472840   ——a-w-  c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-25 08:34   53784   ——a-w-  c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 08:34   45080   ——a-w-  c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 08:33   35864   ——a-w-  c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 08:33   577048   ——a-w-  c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-25 08:34   1933848   ——a-w-  c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-25 08:34   2422272   ——a-w-  c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-25 08:33   88576   ——a-w-  c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-25 08:33   171904   ——a-w-  c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-25 08:33   33792   ——a-w-  c:\windows\system32\wuapp.exe
2012-04-09 12:17 . 2012-04-09 12:17   450   ——a-w-  c:\program files\nonenone.bat
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 09:28   1307928   ——a-w-  c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-17 05:43   2074208   ——a-w-  c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{95B7759C-8C7F-4BF1-B163-73684A933233}”= “c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll” [2012-08-17 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-28 35696]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2010-10-25 141848]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2010-10-25 173592]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2010-10-25 150552]
“HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe” [2010-06-09 49208]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696]
“vProt”=“c:\program files\AVG Secure Search\vprot.exe” [2012-08-17 1107552]
“setc”=“c:\program files\MySecurityCenter\Programs\setc.exe” [2010-10-20 389488]
“regist”=“c:\program files\MySecurityCenter\Programs\RegistrationPopup.exe” [2010-10-20 385392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“SymInstallStub”=“c:\windows\system32\Adobe\Shockwave 11\SymInstallStub.exe” [2012-07-08 294840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“midi1”=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
SetupExecute   REG_MULTI_SZ     \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=”“
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Magnus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Magnus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk]
path=c:\users\Magnus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Socialbox.lnk
backup=c:\windows\pss\Socialbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2010-06-11 13:28   715296   ——a-w-  c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2010-04-13 06:06   248440   ——a-w-  c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
2010-09-27 11:39   302240   ——a-w-  c:\program files\Bluetooth Suite\AthBtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
2010-09-27 11:39   486560   ——a-w-  c:\program files\Bluetooth Suite\BtvStack.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-01-24 15:24   2416480   ——a-w-  c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-27 14:26   136176   ——atw-  c:\users\Magnus\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-06-08 17:49   284696   ——a-w-  c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-08-10 09:06   975952   ——a-w-  c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12   3872080   ——a-w-  c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regist]
2010-10-20 14:51   385392   ——a-w-  c:\program files\MySecurityCenter\Programs\registrationpopup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_dec12]
2012-01-16 18:17   928096   ——a-w-  c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-08-03 10:07   9398888   ——a-w-  c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchEngineProtection]
2011-11-01 15:24   616088   ——a-w-  c:\program files\GamesBar\SearchEngineProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2012-06-27 15:11   1090440   ——a-w-  c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setc]
2010-10-20 14:51   389488   ——a-w-  c:\program files\MySecurityCenter\Programs\setc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55   17148552   ——a-r-  c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-10-21 13:06   433872   ——a-w-  c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-05-21 15:17   9478320   ——a-w-  c:\users\Magnus\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-08-17 05:43   1107552   ——a-w-  c:\program files\AVG Secure Search\vprot.exe
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
R2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 MySecurityCenter License Service;MySecurityCenter License Service;c:\program files\MySecurityCenter\Programs\service.exe [x]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.SYS [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3472344635-643764670-807093891-1000Core.job
- c:\users\Magnus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 14:26]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3472344635-643764670-807093891-1000UA.job
- c:\users\Magnus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 14:26]
.
2012-08-17 c:\windows\Tasks\MYPCTuneUp-Magnus-Notification.job
- c:\program files\MYPCTuneUp\MYPCTuneUp\Sync.exe [2011-10-06 10:59]
.
2012-08-17 c:\windows\Tasks\SymInstallStub.job
- c:\windows\system32\Adobe\Shockwave 11\SymInstallStub.exe [2012-07-08 21:34]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=ironto
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
.
———- Fil Associationer———-
.
regedit=regedit.exe “%1”
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-<NO NAME> - (no file)
MSConfigStartUp-Browser companion helper - c:\program files\BrowserCompanion\BCHelper.exe
AddRemove-BrowserCompanion - c:\program files\BrowserCompanion\uninstall.exe
.
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2012-08-17 10:00:28
ComboFix-quarantined-files.txt 2012-08-17 08:00
.
Pre-Kørsel: 200.871.751.680 byte ledig
Post-Kørsel: 201.729.699.840 byte ledig
.
- - End Of File - - 4E5AF10EB4E2FA7AAB511D2826303C2C

Loggen fra Farbar Recovery Scan Tool