CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede fengzebabz Nybegynder
09. marts 2009 - 17:59 Der er 6 kommentarer

Taskbar forsvinder og kommer igen

Hej folks

Jeg har et problem med min taskbar. Efter opstart bliver den ved med at forsvinde og komme igen. Det samme gør ikonerne på mit skrivebord. Efter noget tids brug så forsvinder taskbaren fuldstændig, og jeg er nødt til at starte explorer.exe fra process-listen.

Problemet opstod efter jeg brugte TCPOptimizer.exe, internettweaken. Kan det være derfor?

What do i do?
Avatar billede Computer Hjælp (Gratis) Mester
09. marts 2009 - 19:25 #1
Generelt - skal vi gætte:

Win98, W2000, XP, Vista, ... , ... ?
Avatar billede Computer Hjælp (Gratis) Mester
09. marts 2009 - 19:25 #2
Bare for en go' ordens skyld ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------
Avatar billede fengzebabz Nybegynder
09. marts 2009 - 22:38 #3
Cool. Jeg prøver lige! ps: jeg har XP
Avatar billede fengzebabz Nybegynder
11. marts 2009 - 18:00 #4
Hey! Det hjalp sgu med en Malware-scan. Nu kører den super igen, og taskbaren opfører sig ordentligt igen. Men for en sikkerheds skyld smider jeg lige HiJack This+Malware-logs op alligevel:



--------------------------------------------------------
HIJACK THIS:

Logfile of HijackThis v1.99.1
Scan saved at 17:56:54, on 11-03-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
d:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
d:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - d:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &d&ownload &med bitcomet - res://d:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &d&ownload all video with bitcomet - res://d:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &d&ownload alt med bitcomet - res://d:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: e&xport to microsoft excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0308AF20-37A3-41E9-A06C-BB56D03A0F48}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{0308AF20-37A3-41E9-A06C-BB56D03A0F48}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{0308AF20-37A3-41E9-A06C-BB56D03A0F48}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: phsuje.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: navlogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccpwdsvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (defwatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Hotspot Shield Service (hotspotshieldservice) - Unknown owner - d:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (hsssrv) - AnchorFree Inc. - d:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (savroam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (sndsrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus (symantec antivirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe




------------------------------------------------------------
Malware-log
_____________________________________

Malwarebytes' Anti-Malware 1.34
Database version: 1829
Windows 5.1.2600 Service Pack 3

10-03-2009 07:12:44
mbam-log-2009-03-10 (07-12-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 95408
Time elapsed: 50 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 20
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\pmnoLfeD.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\phsuje.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39415bb8-aa97-4aef-97d3-483e91062a7a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{39415bb8-aa97-4aef-97d3-483e91062a7a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyayxon (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7fe2213a-ed33-49cd-967a-e151034057fd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7fe2213a-ed33-49cd-967a-e151034057fd} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39415bb8-aa97-4aef-97d3-483e91062a7a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa35b76c-2373-498e-8673-3dabf37c64ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnolfed -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnolfed  -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\phsuje.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xxyayXoN.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoLfeD.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\DefLonmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DefLonmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\mseljj.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95197EB0-9A77-4CC8-B9F8-268BA0FABB51}\RP9\A0005919.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95197EB0-9A77-4CC8-B9F8-268BA0FABB51}\RP9\A0007927.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95197EB0-9A77-4CC8-B9F8-268BA0FABB51}\RP9\A0008932.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95197EB0-9A77-4CC8-B9F8-268BA0FABB51}\RP9\A0008938.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{95197EB0-9A77-4CC8-B9F8-268BA0FABB51}\RP9\A0009920.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvTkKCt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bqcnfwec.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCtrQJ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDurrQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jfgxunka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbbqspqd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukqjjhoj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnmjJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UAComqxoeim.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACyqvnridq.log (Trojan.Agent) -> Quarantined and deleted successfully.
Avatar billede Computer Hjælp (Gratis) Mester
12. marts 2009 - 06:35 #5
BINGO -> "Malwarebytes" fik lidt at se til *S*

For en go' ordens skyld -> Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Vil gerne se en frisk log derfra ...)
--------

Afinstaller
* BitComet
Grrrrr... Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer relutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=47308
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Ta' en oprydning med nævnte CCleaner...
Avatar billede fengzebabz Nybegynder
12. marts 2009 - 09:01 #6
Her er der en fresh log fra det nævnte HiJack This!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:58:09, on 12-03-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe
d:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
d:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\VirtualDJ\virtualdj_djc5.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - d:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &d&ownload &med bitcomet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &d&ownload all video with bitcomet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &d&ownload alt med bitcomet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: e&xport to microsoft excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0308AF20-37A3-41E9-A06C-BB56D03A0F48}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{0308AF20-37A3-41E9-A06C-BB56D03A0F48}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{0308AF20-37A3-41E9-A06C-BB56D03A0F48}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: groovelocalgws - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: phsuje.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccevtmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccpwdsvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccsetmgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (defwatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Hotspot Shield Service (hotspotshieldservice) - Unknown owner - d:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (hsssrv) - AnchorFree Inc. - d:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (savroam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (sndsrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus (symantec antivirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9017 bytes
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andre styresystemer kategorien

Titel Indlæg Oprettet Seneste aktivitet
klon din gamle disk ned på et virtuelt drev i w 10 Af edbjohn i Andre styresystemer 1 03/09/202417:14 03/09/202417:45
Hvilket styresystem på en gammel Pc ??? Af Jan Post i Andre styresystemer 17 18/05/202411:43 21/05/202414:11
Ps4 - Fortnite fejl Af Larsen123 i Andre styresystemer 2 08/01/202400:08 10/01/202409:22
onnote på chromebook ? Af rapsine i Andre styresystemer 3 06/12/202323:26 07/12/202310:49
2 forskellige styresystemer Af susej14 i Andre styresystemer 3 08/11/202316:14 08/11/202323:41
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 06:10 Excel åbner fil i kæmpe format Af Aske i Excel
I går 22:00 Datafordeler Af Lsk i PHP
I går 12:37 Summere beløb pr. dato Af TTA i Excel
31/1022:44 Tilslutte chassic fans Af viking69 i PC
31/1020:28 LED lysstofrør Af ErikHg i Fri debat
White papers
Flere white papers »


Premium
Teaser billede
Staten vil selv udvikle kæmpe it-system til 650 millioner kroner: Nu tvinges regeringen til at lægge vigtige dokumenter frem
Læs mere »
Det går fantastisk på det danske Dynamics-marked: NNIT-selskabet Scales kan vælge og vrage mellem opgaver
Skelsættende GDPR-sag ændrer definitionen af 'følsomme oplysninger'
Microsoft: Tvungen skift til Windows 11 kan udskydes med et år, hvis du betaler os 200 kroner
Se alle »
Computerworld
Teaser billede
Russisk domstol: Google skal betale 20 kvintilliarder dollar i bøde - fordobles løbende
Læs mere »
Microsoft: Windows-opdateringer bliver nu 45 procent hurtigere
Test: Det er nærmest vanedannede at anvende disse mini-tastaturer
Så er den her: Apple Intelligence bliver tilgængelig på iPhone, iPad og Mac
Se alle »
CIO
Teaser billede
Novo Nordisk satsede på HoloLens, men nu har Microsoft dræbt produktet
Læs mere »
Microsoft: Sådan arbejder Google målrettet på at skade os i det skjulte
Efter markante prisstigninger: VMware-kunder får dummebøder hvis de ikke skifter hurtigt nok til ny licens-ordning
Trods "indlysende ulempe": CIO Torben Ruberg siger nej til at konsolidere Satairs stribe af ERP-systemer
Se alle »
Job & Karriere
Teaser billede
Pludselig exit fra Schultz kom som en overraskelse for Merete Søby: Derfor stoppede samarbejdet
Læs mere »
Merete Søby fratræder med omgående virkning som CEO for Schultz efter blot tre måneder på posten
Danske Aeven flytter hele hovedkontoret med 600 medarbejdere til ny adresse og tager Sentia med
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Se alle »
White paper
Teaser billede
Styrk compliance, sikkerhed og overblik med ét hug
Læs mere »
Er din cybersikkerhed klar til AI-revolutionen?
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
MDR: Transparent sikkerhed og overvågning i realtid
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »