Avatar billede rigtigebuko Nybegynder
16. april 2008 - 19:50 Der er 4 kommentarer og
1 løsning

Tjenesten Sikkerhedscenter kan ikke startes

Hej til alle :)

Jeg har endnu engang glæden af min svigermors bærbare. Hendes Office programmer virkede pludselig ikke - og hun troede det var et barnebarn, der havde pillet - men det viser sig at hun har købt computeren med en prøveversion af Office pakken.
Hvilken jeg nu har slettet - og nu virker Sikkerhedscentret ikke længere.
Hvis jeg klikker "slå til nu" kommer der en meddelelse om at "Tjenesten sikkerhedscenter kan ikke startes"
Hvis jeg prøver at starte gennem kontrolpanel-administration-tjenester-sikkerhedscenter. Får jeg en fejl 1083.
Jeg har to gange forsøgt at anvende en systemgendannelse, men det kan den heller ikke finde ud af, så nu ved jeg ikke hvad jeg så skal prøve.
Håber nogen kan hjælpe.

Mvh Heidi
Avatar billede johnstigers Seniormester
16. april 2008 - 20:15 #1
Nogen siger mig at der er "snavs" med i spillet...
Kør denne igennem: http://www.eksperten.dk/artikler/1123
Avatar billede rigtigebuko Nybegynder
16. april 2008 - 20:59 #2
Så er jeg tilbage - madpakkerne skulle lige klares...
Håbede det ikke var "snavs", men bare nogen der lige var hurtig at klare...
Men jeg går straks igang :)
Avatar billede rigtigebuko Nybegynder
16. april 2008 - 22:37 #3
Så lykkedes det...

ComboFix 08-04-15.8 - Magnus 2008-04-16 22:12:21.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic  6.0.6000.0.1252.1.1030.18.65 [GMT 2:00]
Running from: C:\Users\Magnus\Desktop\Spywarefri Heidi\Spywarefri\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\bdcfda_g.dll

.
(((((((((((((((((((((((((  Files Created from 2008-03-16 to 2008-04-16  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 19:01    ---------    d-----w    C:\PROGRA~2\Spybot - Search & Destroy
2008-04-16 16:18    ---------    d-----w    C:\Program Files\Windows Mail
2008-04-16 16:18    ---------    d-----w    C:\Program Files\SUPERAntiSpyware
2008-04-16 16:18    ---------    d-----w    C:\Program Files\SpywareBlaster
2008-04-16 16:18    ---------    d-----w    C:\Program Files\Spybot - Search & Destroy
2008-04-16 16:18    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 13:10    ---------    d-----w    C:\PROGRA~2\Microsoft Help
2008-04-16 11:47    ---------    d-----w    C:\PROGRA~2\TEMP
2008-04-16 11:44    691,545    ----a-w    C:\Windows\unins000.exe
2008-04-16 09:43    ---------    d-----w    C:\PROGRA~2\SUPERAntiSpyware.com
2008-03-29 17:35    20,560    ----a-w    C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 17:32    50,768    ----a-w    C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:31    75,856    ----a-w    C:\Windows\system32\drivers\aswSP.sys
2008-03-29 17:29    23,152    ----a-w    C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27    42,912    ----a-w    C:\Windows\system32\drivers\aswTdi.sys
2008-02-21 04:43    52,736    ----a-w    C:\Windows\AppPatch\iebrshim.dll
2008-02-15 09:08    537,600    ----a-w    C:\Windows\AppPatch\AcLayers.dll
2008-02-15 09:08    449,536    ----a-w    C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 09:08    2,560    ----a-w    C:\Windows\AppPatch\AcRes.dll
2008-02-15 09:08    2,144,256    ----a-w    C:\Windows\AppPatch\AcGenral.dll
2008-02-15 09:07    173,056    ----a-w    C:\Windows\AppPatch\AcXtrnal.dll
2007-09-09 15:57    174    --sha-w    C:\Program Files\desktop.ini
2007-10-20 14:50    16,384    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-20 14:50    32,768    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-20 14:50    16,384    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-16 11:43 1481968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-28 22:05 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:37 4186112 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 05:00 815104]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-13 22:33 52832]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"BisonInst0402"="C:\Windows\BR040286.exe" [2007-03-21 23:16 56112]
"eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 10:40 13312]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 10:24 614400]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 09:01 151552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-01 21:17:56 528384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-04-16 11:43 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-04-16 11:43 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"= C:\Programmer\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{546CEAC3-FBC4-42AD-AB45-3E2D16A7D1B9}"= UDP:C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:CyberLink PowerDVD
"{B902A861-0607-471A-B667-E1DDA2B8FBDB}"= TCP:C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:CyberLink PowerDVD
"{28BA87D0-FE01-4B5B-9ED4-92D49D4206B5}"= UDP:C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRSubmission.exe:OLRSubmission
"{FA7A482E-0927-422E-8DAD-BF7031639920}"= TCP:C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRSubmission.exe:OLRSubmission
"{C199BA8B-2945-4582-9659-8DA096E1CE8A}"= Disabled:UDP:C:\Users\Magnus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8LA97ZC\incredimail_install[1].exe:IncrediMail Installer
"{5E79E5C1-DC72-475D-95E1-975FAAEFB41F}"= Disabled:TCP:C:\Users\Magnus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8LA97ZC\incredimail_install[1].exe:IncrediMail Installer
"{3398B55B-A113-4555-ACED-AB9042C47190}"= Disabled:UDP:C:\Users\Magnus\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:IncrediMail Installer
"{0F7C280B-9975-4C2F-A6C7-C18E12D4D4BA}"= Disabled:TCP:C:\Users\Magnus\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:IncrediMail Installer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\\Programmer\\EA GAMES\\Battlefield 2\\BF2.exe"= C:\Programmer\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"= C:\Programmer\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-02-07 00:04]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-02-07 00:04]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-02-07 00:04]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Starttjeneste;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 12:01]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-02-07 00:04]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-03-22 18:21]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-04-24 19:17]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 09:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 02:39]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-01-23 10:25]
R3 Cam5607;Acer OrbiCam;C:\Windows\system32\Drivers\BisonC07.sys [2006-12-27 03:57]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 06:16]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 09:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc
HPZ12    REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {35BDA760-4905-19AA-54A0-C118ABB5BF0C} /qb
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 22:17:05
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-16 22:18:45
ComboFix-quarantined-files.txt  2008-04-16 20:18:37
ComboFix2.txt  2008-02-01 19:02:02

      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
.
2008-04-16 14:01:31    --- E O F --- 


Hijack kørt almindeligt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:59, on 16-04-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Magnus\Desktop\Spywarefri Heidi\Spywarefri\HijackThis.exe

O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 3189 bytes


Hijack kørt som administrator efter genstart, da maskinen gik kold efter brug af Combofix...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:53, on 16-04-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Magnus\Desktop\Spywarefri Heidi\Spywarefri\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6966 bytes


SuperAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/16/2008 at 09:45 PM

Application Version : 4.0.1154

Core Rules Database Version : 3439
Trace Rules Database Version: 1431

Scan type      : Complete Scan
Total Scan Time : 00:24:53

Memory items scanned      : 219
Memory threats detected  : 0
Registry items scanned    : 6004
Registry threats detected : 0
File items scanned        : 17013
File threats detected    : 5

Adware.Tracking Cookie
    C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Cookies\Low\magnus@indextools[2].txt
    C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Cookies\Low\magnus@e2.emediate[1].txt
    C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Cookies\Low\magnus@server.iad.liveperson[1].txt
    C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Cookies\Low\magnus@kontera[2].txt
    C:\Users\Magnus\AppData\Roaming\Microsoft\Windows\Cookies\Low\magnus@banner2.fynskemedier[2].txt

Sikkerhedscentret er forøvrigt kommet igen efter genstart - men firewallen var slået fra...
Avatar billede rigtigebuko Nybegynder
17. april 2008 - 06:56 #4
Har flyttet mit spørgsmål til viruskategorien
Avatar billede rigtigebuko Nybegynder
17. april 2008 - 06:56 #5
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester



IT-JOB