CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede finndgh Nybegynder
22. februar 2009 - 18:10 Der er 19 kommentarer og
1 løsning

hvad er mit problem

Jeg har haft den der antivirus 2009 på min maskine, ved ikke om den er væk, men får hele tiden et tomt vindue op og en meddelelse om erro.
Har fået siden anbefalet af en bekendt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:01, on 22-02-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\SweetIM\Messenger\SweetIM.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\GildenIdent\Gildenident.exe
C:\Programmer\Teamspeak2_RC2\TeamSpeak.exe
C:\Programmer\GreenBrowser\GreenBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2e3c03fe-6790-e9a5-860d-8e10f4ded977} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmer\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Programmer\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [nVX1iaAc0O] C:\Documents and Settings\All Users\Application Data\cpsrwxkl\kdgrwfmh.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Påmindelser i Microsoft Works Kalender.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9268 bytes
Avatar billede Deathray Nybegynder
22. februar 2009 - 18:55 #1
Arbejder med IT til hverdag, og fjerner nok i gennemsnit 5 udgaver af "antivirus/antispyware 2009/2010" hver uge.
http://www.malwarebytes.org/mbam.php er den sikre løsning. Husk derefter at opdatere windows, flash, java og reader - og afinstallere alt andet unødvendigt. Overvej også at bruge firefox i modsætning til Internet Explorer hvis du nu gøre det.
Avatar billede Deathray Nybegynder
22. februar 2009 - 18:58 #2
Men dit hijackthis logfil ser OK ud.
Sørg også lige for at gendan nulstil indstillingerne i Internet Explorer under Advanceret i "Internet Options". Evt. også benyt dig af ccleaner til sidst for at rydde op.
Avatar billede f-arn Guru
22. februar 2009 - 19:29 #3
Der er min. en linie i den log der ikke "ser OK ud" Jeg vil foreslå at du lukker her og opretter et nyt spørgsmål i virus kategorien.
Avatar billede Deathray Nybegynder
22. februar 2009 - 20:08 #4
Hov overså
O4 - HKLM\..\Policies\Explorer\Run: [nVX1iaAc0O] C:\Documents and Settings\All Users\Application Data\cpsrwxkl\kdgrwfmh.exe
samt SweetIM som du burde afinstallere og ALDRIG køre med 2 antivirus på samme tid, (AVG samt Avast kan ses).
Avatar billede fromsej Praktikant
22. februar 2009 - 20:46 #5
Der kører også to stk Antivirus på maskinen, afinstaller AVG.

Følg denne vejledning:
http://www.spywarefri.dk/forum/links/dds.htm
Avatar billede johnstigers Seniormester
22. februar 2009 - 21:26 #6
Passer denne beskrivelse på dit spørgsmål?:
Anmeld fejl i Eksperten systemet her
Avatar billede finndgh Nybegynder
22. februar 2009 - 23:15 #7
I må meget undskyld hvis jeg har fået fejlplaseret indlæget, men er ny bruger her.
Grunden til at der er 2 virusprogrammer er at jeg idag har instaleret Avast for at se om det kunne løse problemet.
Jeg får en boks op hvor der står.

Alert
You have a security problem! Do you want to scan your computer for virus?

Tak for jeres svar, jeg vil kigge på det imorgen og se om jeg kan finde ud af det, ellers er der vel ikke meget andet at gøre end at formaterer forfra.

Hilsen Finn
Avatar billede f-arn Guru
23. februar 2009 - 15:08 #8
Der er absolut ingen grund til at formatere. Vi har set meget værre ting. Bare følg fromsejs forslag.
Avatar billede Deathray Nybegynder
23. februar 2009 - 15:14 #9
Absolut ingen grund? Man kan aldrig være sikker om det er fjernet 100%. Hvis jeg brugte netbank ville jeg personligt geninstallere systemet.
Avatar billede fromsej Praktikant
23. februar 2009 - 15:38 #10
Lad os nu bare se de logs, så tager vi den derfra.
Avatar billede finndgh Nybegynder
23. februar 2009 - 18:49 #11
Jeg har forsøgt at afinstalere AVG men kunne ikke få lov til det.

DDS (Ver_09-02-01.01) - NTFSx86 
Run by Finn Hansen at 18:45:49,04 on 23-02-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition  5.1.2600.3.1252.501.1030.18.253.30 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090223-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\GreenBrowser\GreenBrowser.exe
C:\Programmer\GildenIdent\Gildenident.exe
C:\Programmer\Teamspeak2_RC2\TeamSpeak.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Finn Hansen\Skrivebord\Spywarefri\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programmer\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\programmer\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\programmer\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {2e3c03fe-6790-e9a5-860d-8e10f4ded977} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmer\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\programmer\avg\avg8\avgtoolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmer\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programmer\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programmer\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programmer\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\programmer\avg\avg8\avgtoolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmer\google\google toolbar\GoogleToolbar.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Skype] "c:\programmer\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\programmer\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\programmer\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HP Software Update] "c:\programmer\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\programmer\hp\hpcoretech\hpcmpmgr.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [Microsoft Works Update Detection] c:\programmer\microsoft works\WkDetect.exe
mRun: [Microsoft Works Portfolio] c:\programmer\microsoft works\WksSb.exe /AllUsers
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [WorksFUD] c:\programmer\microsoft works\wkfud.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [nVX1iaAc0O] c:\documents and settings\all users\application data\cpsrwxkl\kdgrwfmh.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpdigi~1.lnk - c:\programmer\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\interv~1.lnk - c:\programmer\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\micros~1.lnk - c:\programmer\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\micros~2.lnk - c:\programmer\fælles filer\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\pminde~1.lnk - c:\programmer\fælles filer\microsoft shared\works shared\WkCalRem.exe
IE: &Windows Live Search - c:\programmer\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\programmer\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: gildenident.net\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programmer\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmer\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fllesf~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-22 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-20 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-20 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-20 107272]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-22 20560]
R2 avast! Antivirus;avast! Antivirus;c:\programmer\alwil software\avast4\ashServ.exe [2009-2-22 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\programmer\alwil software\avast4\ashMaiSv.exe [2009-2-22 254040]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-20 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-20 298264]
S3 avast! Web Scanner;avast! Web Scanner;c:\programmer\alwil software\avast4\ashWebSv.exe [2009-2-22 352920]

=============== Created Last 30 ================

2009-02-23 12:29    <DIR>    --d-----    c:\docume~1\finnha~1\applic~1\Malwarebytes
2009-02-23 12:29    15,504    a-------    c:\windows\system32\drivers\mbam.sys
2009-02-23 12:29    38,496    a-------    c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 12:29    <DIR>    --d-----    c:\programmer\Malwarebytes' Anti-Malware
2009-02-23 12:29    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-22 17:07    <DIR>    --d-----    c:\programmer\Trend Micro
2009-02-22 11:51    26,944    a-------    c:\windows\system32\drivers\aavmker4.sys
2009-02-22 01:10    <DIR>    --d-h---    c:\windows\msdownld.tmp
2009-02-21 03:21    172    a---h---    C:\sqmnoopt19.sqm
2009-02-21 03:21    172    a---h---    C:\sqmdata19.sqm
2009-02-20 12:57    268    a---h---    C:\sqmdata18.sqm
2009-02-20 12:57    244    a---h---    C:\sqmnoopt18.sqm
2009-02-20 12:53    268    a---h---    C:\sqmdata17.sqm
2009-02-20 12:53    244    a---h---    C:\sqmnoopt17.sqm
2009-02-20 11:10    10,520    a-------    c:\windows\system32\avgrsstx.dll
2009-02-20 11:10    107,272    a-------    c:\windows\system32\drivers\avgtdix.sys
2009-02-20 11:10    325,128    a-------    c:\windows\system32\drivers\avgldx86.sys
2009-02-20 11:10    <DIR>    --d-----    c:\windows\system32\drivers\Avg
2009-02-20 11:10    <DIR>    --d-----    c:\docume~1\finnha~1\applic~1\AVGTOOLBAR
2009-02-20 03:10    268    a---h---    C:\sqmdata16.sqm
2009-02-20 03:10    244    a---h---    C:\sqmnoopt16.sqm
2009-02-20 02:51    172    a---h---    C:\sqmnoopt15.sqm
2009-02-20 02:51    172    a---h---    C:\sqmdata15.sqm
2009-02-20 01:55    268    a---h---    C:\sqmdata14.sqm
2009-02-20 01:55    244    a---h---    C:\sqmnoopt14.sqm
2009-02-20 01:49    244    a---h---    C:\sqmnoopt13.sqm
2009-02-20 01:49    232    a---h---    C:\sqmdata13.sqm
2009-02-19 23:47    172    a---h---    C:\sqmnoopt12.sqm
2009-02-19 23:47    172    a---h---    C:\sqmdata12.sqm
2009-02-19 23:42    268    a---h---    C:\sqmdata11.sqm
2009-02-19 23:42    244    a---h---    C:\sqmnoopt11.sqm
2009-02-19 20:48    268    a---h---    C:\sqmdata10.sqm
2009-02-19 20:48    244    a---h---    C:\sqmnoopt10.sqm
2009-02-19 20:43    268    a---h---    C:\sqmdata09.sqm
2009-02-19 20:43    244    a---h---    C:\sqmnoopt09.sqm
2009-02-19 12:45    244    a---h---    C:\sqmnoopt08.sqm
2009-02-19 12:45    232    a---h---    C:\sqmdata08.sqm
2009-02-04 12:50    268    a---h---    C:\sqmdata07.sqm
2009-02-04 12:50    244    a---h---    C:\sqmnoopt07.sqm

==================== Find3M  ====================

2009-02-21 17:33    394,772    a-------    c:\windows\system32\perfh006.dat
2009-02-21 17:33    62,470    a-------    c:\windows\system32\perfc006.dat
2009-02-19 04:32    62,464    a-------    c:\windows\system32\userinit.exe
2008-12-31 17:04    691,560    a-------    c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04    528,744    a-------    c:\windows\system32\OGAVerify.exe
2008-12-31 17:04    502,120    a-------    c:\windows\system32\OGAAddin.dll
2008-12-21 00:03    826,368    a-------    c:\windows\system32\wininet.dll
2008-10-13 22:22    32,768    a--sh---    c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008100620081013\index.dat
2008-10-13 22:22    32,768    a--sh---    c:\windows\system32\config\systemprofile\lokale indstillinger\oversigt\history.ie5\mshist012008101320081014\index.dat

============= FINISH: 18:46:05,87 ===============
Avatar billede f-arn Guru
23. februar 2009 - 19:28 #12
Har du opdateret og kørt malwarebytes?

Der findes et romoval tool til AVG:
http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Avatar billede fromsej Praktikant
23. februar 2009 - 20:56 #13
Lad os se Malwarebytes loggen.
Avatar billede finndgh Nybegynder
24. februar 2009 - 00:53 #14
Malwarebytes' Anti-Malware 1.34
Database version: 1795
Windows 5.1.2600 Service Pack 3

23-02-2009 12:40:43
mbam-log-2009-02-23 (12-40-43).txt

Skan type: Hurtig skanning
Objekter skannet: 60802
Tid tilbagelagt: 6 minute(s), 11 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 35
Inficerede Registeringsdatabase Værdier: 3
Inficerede Registeringsdatabase Filer: 3
Inficerede Mapper: 11
Inficerede Filer: 65

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Registry Helper (Rogue.RegistryHelper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programmer\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmer\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmer\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programmer\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmer\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmer\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmer\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmer\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programmer\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090219043625421.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
Avatar billede finndgh Nybegynder
24. februar 2009 - 00:57 #15
Malwarebytes' Anti-Malware 1.34
Database version: 1795
Windows 5.1.2600 Service Pack 3

23-02-2009 18:32:09
mbam-log-2009-02-23 (18-32-09).txt

Skan type: Fuldstændig skanning (A:\|C:\|H:\|I:\|)
Objekter skannet: 104659
Tid tilbagelagt: 59 minute(s), 46 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)
Avatar billede fromsej Praktikant
24. februar 2009 - 16:04 #16
Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Folder::
c:\documents and settings\all users\application data\cpsrwxkl
DDS::
BHO: {2e3c03fe-6790-e9a5-860d-8e10f4ded977} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: NoExplorer - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mExplorerRun: [nVX1iaAc0O] c:\documents and settings\all users\application data\cpsrwxkl\kdgrwfmh.exe


klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.
Avatar billede johnstigers Seniormester
24. februar 2009 - 20:13 #17
fromsej - har du tid her?
http://www.eksperten.dk/spm/865143
Der er en Combofix log jeg tror skal fixes noget i ...

Undskyld til finndgh for spam...
Avatar billede finndgh Nybegynder
24. februar 2009 - 21:13 #18
Det er helt iorden John, men nu er den gået helt ned, den ville genstarte men kommer kun frem med baggrundsbilledet så jeg skal nok igang med at reinstalerer helt fra bunden af.
Avatar billede finndgh Nybegynder
26. februar 2009 - 13:08 #19
Jeg har geninstaleret min maskine og vil benytte lejligheden til at takke for hjælpen med mit problem.
Hilsen Finn
Avatar billede Deathray Nybegynder
26. februar 2009 - 13:18 #20
Glad for du fik styr på det ! :) God dag
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Microsoft 365 kurser
Alle kurser indenfor Microsoft 365 – både til begyndere og øvede.
Se alle Microsoft 365 kurser

Flere spørgsmål fra Hjælp og fejl kategorien

Titel Indlæg Oprettet Seneste aktivitet
concorde c4 fejl Af per i Hjælp og fejl 1 06/06/202409:28 07/06/202414:08
Praktikant? Af Stigers i Hjælp og fejl 15 05/03/202416:56 06/03/202416:50
Forklarende billede i spørgsmål eller svar Af mort1 i Hjælp og fejl 15 10/12/202314:59 11/12/202320:43
Kan ikke udpakke en Fil? eller åben den Af Casper i Hjælp og fejl 4 05/12/202317:35 05/12/202319:43
Ændre e-mailadresse Af mort1 i Hjælp og fejl 3 17/11/202315:45 17/11/202318:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 12:07 Kan ike skrive same bogstav to gange efter hinanden Af KurtG i Windows
I dag 11:25 Font til danskundervisning Af Katja Mikkelsen i Andet software
I dag 11:16 føje to album sammen Af valsbol i PowerPoint
I går 19:19 Grafikproblemer og fejl i logbog Af Marianne Tidemann i PC
I går 14:16 Fra extern computer til app på vores computer Af per2edb i Cloudtjenester
White papers
Flere white papers »


Premium
Teaser billede
Hårde tider for Danmarks største it-selskaber: Mere end en tredjedel af profitten er forduftet
Læs mere »
Pludselig exit fra Schultz kom som en overraskelse for Merete Søby: Derfor stoppede samarbejdet
Fagforbund rasende: Ansatte har fået blot 50 kroner i timen for at arbejde på Microsofts datacenter i Køge - melder firma til politiet
Microsoft vil have flere kunder ind i folden: Åbner for verdensomspændende rabat på Copilot M365
Se alle »
Computerworld
Teaser billede
Om en uge går det løs: Så banebrydende bliver iPhone 16
Læs mere »
Test af Tesla Model 3 Performance: Aldrig har man fået så meget sportsvogn til så få penge
Lokker med ’Nordens hurtigste internet’: Sådan ved du, om du kan få adgang til Danmarks nyeste bredbåndsudbyder
Nu kommer en af bilbranchens største software-opdateringer nogensinde
Se alle »
CIO
Teaser billede
Kommunerne brugte 6,6 milliarder kroner på it i 2023: Se top 10 over hvem der bruger flest penge
Læs mere »
De to største medlems-kommuner trækker sig fra det sjællandske it-fællesskab Digit
Selskab med 40.000 ansatte dropper VMware efter ballade - vælger anden løsning
Dansk top-CIO har en nøglerolle ved kæmpe-opkøb: Her er hendes opskrift på succesfulde sammenlægninger
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Professor: "Det er på høje tid at opløse virksomhedernes it-afdelinger"
KMD-direktør forlader selskabet: Det skal hun nu
Merete Søby fratræder med omgående virkning som CEO for Schultz efter blot tre måneder på posten
Se alle »
White paper
Teaser billede
Informationshåndtering på frontlinjen: Sådan optimerer du med automatisering
Læs mere »
Guide: Sådan udvikler du en moderne netværksstrategi
Cyberstatus 2024: Her er truslerne – og her forbereder virksomhederne sig
Sådan høster du forretningsfordelene ved Internet of Things
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »