Avatar billede marysan Nybegynder
07. september 2009 - 15:48 Der er 58 kommentarer og
1 løsning

HJÆLP tror jeg har fået en virus og jeg er IKKE god til det her PC halløj :o/

Hejsa Eksperter!

Her igår da jeg sad og kiggede på FaceBook, kom der pludselig en 'warning' op og siden lukkede helt ned... Det stod, at der var fundet 15 trojans og 7 ét-eller-andet i min pc og om jeg ville fjerne dem med det samme?! Jeg klikkede på 'yes' og den begyndte at fjerne... -TROEDE jeg, for derefter kom der en side frem, hvor jeg skulle betale for at gå videre!!? Jeg klikkede væk og derefter fuckede min pc helt op - der blev ved med at poppe advarsler op nede i højre hjørne og jeg kunne ikke gå på nettet m.v.

Min kæreste brugte derefter små 3 timer på, at fjerne en masse dims (ved ikke helt hvad) og nogle andre ting (re-installere fra en tidligere dato?!), så nu er der ikke flere advarsler, MEN jeg har problemer med at gå på nettet og komme i min mail - nogle gange virker det, andre gange ikke...

Programmet som det hele kom fra hed Personal ét-eller-andet... Det så meget pro ud, synes jeg...

Men er der nogen herinde, som kan anbefale mig et program som kan hjælpe mig med, at få renset for evt. yderligere virus - og som kan anbefale et godt antivirus program - og evt. en god firewall??
Avatar billede marysan Nybegynder
07. september 2009 - 15:52 #1
Hvad er jeres erfaringer med:

Sygate Personal Firewall, Avira AntiVir Personal og Ad-Aware Free Anniversary Edition??
Avatar billede Slettet bruger
07. september 2009 - 16:12 #2
Kopieret fra karise larry:

Gennemfør denne procedure ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
07. september 2009 - 16:36 #3
Velkommen til den sædvanlige [Facebook] virus ...

Nævnte [Personal ét-eller-andet] er også 'ond' - snyderprogram kun for at lokke $$ ud af folk!!!

Kør bare #2 proceduren - så skal du se løjer - på den gode måde...
Avatar billede marysan Nybegynder
07. september 2009 - 16:55 #4
Ja, den er ond! Har ikke set sådan noget før :/

CCleaner'en har jeg, så dét er i hvert fald gjort nu :o)
Så prøver jeg lige de andre ting og håber på det bedste!



For at undgå noget lignende i fremtiden, hvad er jeres erfaringer med:

Sygate Personal Firewall, Avira AntiVir Personal og Ad-Aware Free Anniversary Edition??
Avatar billede marysan Nybegynder
07. september 2009 - 16:56 #5
Har også EasyCleaner og nCleaner - skal jeg køre dem også nu jeg er igang?
Avatar billede marysan Nybegynder
07. september 2009 - 17:00 #6
Undskyld, jeg spørger måske lidt (mere) dumt nu, men hvad skal jeg bruge log'ene til?
Avatar billede sullep Nybegynder
07. september 2009 - 17:53 #7
Du skal lægge logfiler fra Malwarebytes Anti-Malware og HijackThis herind i  tråden
07. september 2009 - 17:55 #8
Der findes ikke dumme spørgsmål, kun dume svar *S*

Grunden til CCleaner proceduren er mest for at rydde op i diverse TEMP / Midlertidige mapper/filer, så efterfølgende scanning (Malwarebytes ell. lign.) har mindre at se til... Desuden også pænt sundt for systemet...

Du bør nok kun nøjes med ét program. Jeg anbefaler nævnte [CCleaner] (nogle ka' li' rødhåret andre foretrækker blondiner *S*)

-----

Jo - nævnte Logfil tekst fra henholdsvis [Malwarebytes] +[HiJackThis] skal kopieres ind i tråden her. DEREFTER skal vi/jeg nok guide videre derfra...

Se Eksempel her -> http://www.eksperten.dk/spm/883785#reply_7436306 + http://www.eksperten.dk/spm/883785#reply_7436308
Avatar billede marysan Nybegynder
07. september 2009 - 18:20 #9
Ahh okay, her er logfilen fra Malwarebytes Anti-Malware:



Malwarebytes' Anti-Malware 1.40
Database version: 2751
Windows 6.0.6001 Service Pack 1

07-09-2009 18:10:26
mbam-log-2009-09-07 (18-10-00).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 253745
Tid tilbagelagt: 1 hour(s), 16 minute(s), 25 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 5
Inficerede Registeringsdatabase Værdier: 3
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 2
Inficerede Filer: 2

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.BHO.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a77d3539-581d-450c-9e44-a84c415a6172} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> No action taken.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\Environment\avapp (Rogue.PersonalAntiVirus) -> No action taken.
HKEY_CURRENT_USER\Environment\avuninst (Rogue.PersonalAntiVirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msdrv (Trojan.Agent) -> No action taken.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Program Files\Common Files\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> No action taken.
C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) -> No action taken.

Inficerede Filer:
C:\WINDOWS\System32\msxmlm.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\System32\NetFilter.exe (Trojan.Agent) -> No action taken.



Der var noget som den ikke kunne fjerne, så det er vel dét jeg så skal gøre manuelt, right?!

Da jeg arbejder om natten skulle jeg meget gerne til at få sovet lidt nu - er det okey jeg vender tilbage imorgen?
Avatar billede marysan Nybegynder
07. september 2009 - 18:29 #10
Her er log'en fra HiJack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:54, on 07-09-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\amathea.dk\Desktop\cleaner programmer\HiJack\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00000000-623A-11D4-BCDB-005004131777} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] //~c:\program files\adobe\photoshop elements 6.0\apdproxy.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] //~c:\program files\canon\solutionmenu\cnslmain.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SIMBAR={0A717255-4FF8-4157-849B-DACBFDD05F76}; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; Tablet PC 2.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 8586 bytes
Avatar billede Slettet bruger
07. september 2009 - 18:32 #11
Om igen med Malwarebytes-

No action taken  betyder, at du har glemt at trykke på, fjern det valgte -(
Avatar billede marysan Nybegynder
07. september 2009 - 18:43 #12
Men det gjorde jeg og så skrev den, at der var noget den ikke kunne fjerne og at jeg skulle genstarte og så bruge logfilen...?!
07. september 2009 - 18:56 #13
... under alle omstændigheder så kør [Malwarebytes] igen (husk at opdatere via fanen [Opdatér]) ... til den ikke 'brokker' sig mere...

Det er jo denne 'onde' ting der mest driller dig -> C:\Program Files\PersonalAV (Rogue.PersonalAntiVirus) .
Men Malwarebytes kvæler/fjerner den...
Avatar billede marysan Nybegynder
07. september 2009 - 21:20 #14
Okay, jeg prøver igen.
Avatar billede marysan Nybegynder
08. september 2009 - 07:46 #15
Nu ser den således ud:


Malwarebytes' Anti-Malware 1.40
Database version: 2751
Windows 6.0.6001 Service Pack 1

07-09-2009 23:08:42
mbam-log-2009-09-07 (23-08-42).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 253912
Tid tilbagelagt: 1 hour(s), 13 minute(s), 28 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)
Avatar billede marysan Nybegynder
08. september 2009 - 07:48 #16
Og HiJack ser således ud:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:47:48, on 08-09-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\amathea.dk\Desktop\cleaner programmer\HiJack\HiJackThis.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 1572 bytes
08. september 2009 - 08:37 #17
... i øvrigt nydeligt...

HiJackThis loggen ser ikke ud til at være komplet ?

Prøv at kør den med "HøjreMusseTast - Kør som Administrator..." ...

Du kan/bør varme op til at instal M$ ServicePack2 til Vista ->
http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a - download pakken til et passende sted på din PC. Klar til at 'skyde' af ...
Avatar billede marysan Nybegynder
08. september 2009 - 09:03 #18
Men der står:

"Denne installationspakke er beregnet til it-teknikere og udviklere, der skal hente og installere på flere computere på et netværk. Hvis du kun skal opdatere en enkelt computer, skal du besøge webstedet http://www.microsoft.com/protect."

Er det så ikke bare spild af plads, eller noget...?
Avatar billede marysan Nybegynder
08. september 2009 - 09:06 #19
Og der står også:

"Systemkrav
Understøttede operativsystemer: TabletPC; Windows XP Home Edition ; Windows XP Media Center Edition; Windows XP Professional Edition"
Jeg har jo Vista...

Derudover skriver de:

"KLIK IKKE PÅ HENT, HVIS DU KUN SKAL OPDATERE EN ENKELT COMPUTER: En mindre og mere håndterlig overførsel er nu tilgængelig på Windows Update. Den bedste måde til at sikre, at du modtager Windows XP Service Pack 2, er at aktivere funktionen Automatisk opdatering i Windows XP. Du kan bruge vores trinvise vejledning, eller du kan lade os gøre det for dig."

-Men jeg har jo stadig Vista...
08. september 2009 - 09:17 #20
Dooooh - min fejl... Skulle være sådan ->

Manuelt hent M$ ServicePack2 til Vista -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d og gem filen et sted du kan finde igen *S* ... og derfra køre den uden at have andet igang. Vil nok ta' nogle TIMER PC tid!!! ...
Avatar billede marysan Nybegynder
08. september 2009 - 09:19 #21
Og nu skal jeg vist sove - arbejder om natten så ser næsten dobbelt nu! ;o)
Avatar billede marysan Nybegynder
08. september 2009 - 09:21 #22
Okay, men så gør jeg det altså først når jeg er stået op igen!
-ellers får jeg bare lavet noget kludder ;o)

Ha' en god dag!
Avatar billede marysan Nybegynder
08. september 2009 - 09:25 #23
Hov, der står:

"Service Pack 1 er en forudsætning for installation af Service Pack 2. Kontroller, at Service Pack 1 kører på systemet, før du installerer Service Pack 2."

- Hvordan ved jeg/kan jeg finde ud af, hvad der kører å¨mit system?
08. september 2009 - 10:17 #24
Platform: Windows Vista SP1 (WinNT 6.00.1905) *S*
Avatar billede marysan Nybegynder
08. september 2009 - 19:50 #25
Arrhh ;o)

Nu har jeg lidt fået et problem... Der anbefales, at man laver en sikkerhedskopi, men jeg har ikke plads nok... Er dette nødvendigt?
08. september 2009 - 20:00 #26
Nope... Men lad den rulle i fred...
Avatar billede marysan Nybegynder
08. september 2009 - 20:19 #27
Okay, prøver...
Avatar billede marysan Nybegynder
08. september 2009 - 21:20 #28
DONE :)

Hvad så nu? *ss*
08. september 2009 - 21:33 #29
... for en go' ordens skyld; check hos WindowsUpdate for ALLE efterfølgende opdateringer...

---

... for en go' ordens skyld; stik mig derefter en frisk log fra HiJackThis NB: HøjreMusseTast - Kør som Administrator...
Avatar billede marysan Nybegynder
08. september 2009 - 21:59 #30
Hvordan tjekker jeg for efterfølgende opdateringer?
Avatar billede marysan Nybegynder
08. september 2009 - 22:01 #31
HiJack - kørt som administrator:


Trend Micro End User License Agreement 
Software: HijackThis
Version:  English/Multi-country
Date:  April 2007


IMPORTANT: YOU MUST CAREFULLY READ AND AGREE TO ALL TERMS AND
CONDITIONS OF THE FOLLOWING END USER LICENSE AGREEMENT BEFORE
INSTALLING OR USING THE SOFTWARE.   

THIS AGREEMENT SETS FORTH THE TERMS AND CONDITIONS UNDER WHICH
TREND MICRO IS WILLING TO LICENSE THE "SOFTWARE" TO "YOU" AS AN
INDIVIDUAL USER OR AN AUTHORIZED REPRESENTATIVE OF AN ENTITY.
BY CLICKING THE "I ACCEPT" BUTTON BELOW, YOU ARE EXPRESSING YOUR
INTENT TO ENTER INTO, AND ARE ENTERING INTO, A BINDING LEGAL
CONTRACT ("AGREEMENT") BETWEEN YOU AND TREND MICRO
INCORPORATED OR ONE OF ITS AFFILIATES ("TREND MICRO"). THE TERMS
AND CONDITIONS OF THE AGREEMENT THEN APPLY TO YOUR USE OF THE
SOFTWARE. WE ENCOURAGE YOU TO PRINT A COPY OF THE AGREEMENT FOR
YOUR RECORDS
YOU MUST ACCEPT THIS AGREEMENT BEFORE YOU INSTALL OR USE THE
SOFTWARE. IF YOU ARE ACQUIRING THE SOFTWARE ON BEHALF OF AN ENTITY, THEN YOU
MUST BE PROPERLY AUTHORIZED TO REPRESENT THAT ENTITY AND TO
ACCEPT THIS AGREEMENT ON ITS BEHALF.

YOU ACCEPT THIS END USER LICENSE BY CLICKING THE "I ACCEPT" BUTTON
BELOW.  IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, SELECT
"I DO NOT ACCEPT". YOU WILL THEN NOT BE PERMITTED TO INSTALL OR USE
THE SOFTWARE.

1. LICENSE. Upon Your acceptance of the terms and conditions of this Agreement,
Trend Micro hereby grants You a nonexclusive, nontransferable, non-sublicensable,
royalty-free, worldwide license, to download, install the Software, for Your own use only. 
Trend Micro reserves the right to enhance, modify, or discontinue the Software or to
impose new or different conditions on its use at any time without notice. 

2. USE RESTRICTIONS AND OWNERSHIP. The Software is licensed not sold. Trend
Micro owns the title and intellectual property rights to the Software, and reserves all rights
not expressly granted to You in this Agreement. You agree that you will not rent, loan,
lease or sublicense the Software. You agree not to attempt to reverse engineer,
decompile, modify, translate, disassemble, discover the source code of, or create
derivative works from, any part of the Software or authorize others to undertake any of
these acts.

3. BACKUP.  For as long as You use the Software, You agree to regularly back-up Your
computer programs and files ("Data") on a separate media. You acknowledge that the
failure to do so may cause You to lose Data in the event that any error in the Software
causes computer problems, and that Trend Micro is not responsible for any such Data
loss.

4. TERMINATION. Trend Micro may terminate the license at any time for any reason.
Upon such termination, You agree to delete or destroy all copies of the Software. You
may terminate this Agreement at any point by destroying or deleting all copies of the
Software.

5. REPORTS AND PRIVACY. At any time during the term of this Agreement, You may
choose to send to Trend Micro a report of log files that may include personal information
that the Software scanned on Your computer.  By accepting this Agreement, You hereby
give Your consent to Trend Micro to process log file data provided by You ("Information")
in connection with this Agreement; processing may include collection, registration,
storage, modification or disclosure of such Information to third parties.  As a condition to
using the Software and by accepting this Agreement, You ensure, represent and warrant
that You are legally permitted to provide Trend Micro with access to the Information and
You also give Your consent to Trend Micro to transfer or store the Information in one or
more of its group companies, located in and/or outside the country where You are
located, and/or in jurisdictions which may have a lower level of protection of Information
than is applicable in the country where You are located or where pr
ivacy laws may not be as stringent as those in Your own country.

6. CAUTION AND ACKNOWLEDGEMENT. The Software is designed to identify different
types of files, operating system changes, registry or browser settings, which, in Trend
Micro's judgment, may compromise computer security or productivity. You agree that
Trend Micro shall not be responsible for any removal or disabling of files or settings or the
results of such removal or disabling. You are solely responsible for selecting which files or
settings to remove from Your computer.

7. NO WARRANTY. THE SOFTWARE IS PROVIDED "AS IS," WITHOUT
WARRANTIES OF ANY KIND.  TREND MICRO DOES NOT WARRANT THAT YOUR
USE OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR FREE.  TO THE
FULLEST EXTENT PERMITTED BY APPLICABLE LAW, TREND MICRO DISCLAIMS
AND EXCLUDES ALL REPRESENTATIONS AND WARRANTIES WITH RESPECT TO
THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO IMPLIED WARRANTIES OF NONINFRINGEMENT OF THIRD PARTY RIGHTS,
SATISFACTORY QUALITY, MERCHANTABILITY, AND FITNESS FOR A
PARTICULAR PURPOSE. 

8.  NO LIABILITY FOR CONSEQUENTIAL DAMAGES.
(A) TREND MICRO DOES NOT SEEK TO LIMIT OR EXCLUDE ITS LIABILITY IN THE
EVENT OF DEATH OR PERSONAL INJURY CAUSED BY ITS NEGLIGENCE OR FOR
FRAUD OR FOR ANY OTHER LIABILITY FOR WHICH IT IS NOT PERMITTED BY
LAW TO EXCLUDE.
(B) TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, TREND MICRO
DISCLAIMS ALL LIABILITY FOR CONSEQUENTIAL, SPECIAL, INCIDENTAL OR
INDIRECT DAMAGES OF ANY KIND OR FOR LOST OR CORRUPTED DATA OR
MEMORY, SYSTEM CRASH, DISK/SYSTEM DAMAGE, LOST PROFITS OR
SAVINGS, OR LOSS OF BUSINESS, ARISING OUT OF OR RELATED TO THIS
AGREEMENT.  YOU ALSO UNDERSTAND AND AGREE THAT YOU DOWNLOAD,
INSTALL AND/OR USE THE SOFTWARE AT YOUR OWN DISCRETION AND RISK
AND THAT YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR
COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE USE OF THE
SOFTWARE.
9.  CONSUMER PROTECTION AND PRIVACY.  SOME COUNTRIES, STATES AND
PROVINCES, INCLUDING MEMBER STATES OF THE EUROPEAN ECONOMIC
AREA, DO NOT ALLOW CERTAIN EXCLUSIONS OR LIMITATIONS OF LIABILITY, SO
THE ABOVE DISCLAIMER OF WARRANTY AND EXCLUSION OR LIMITATION OF
LIABILITIES (SECTIONS 7 AND 8) MAY NOT FULLY APPLY TO YOU. YOU MAY
HAVE ADDITIONAL RIGHTS AND REMEDIES. SUCH POSSIBLE RIGHTS OR
REMEDIES, IF ANY, SHALL NOT BE AFFECTED BY THIS AGREEMENT.  THERE
MAY BE MANDATORY REGULATIONS OR LEGAL PROVISIONS THAT ARE
APPLICABLE TO YOU AS A CONSUMER.
10.  COMPLIANCE WITH ALL LAWS, EXPORT CONTROL.  The Software is subject to
export controls under the U.S. Export Administration Regulations. The Software may not
be exported or re-exported to entities within, or residents or citizens of, embargoed
countries or countries subject to applicable trade sanctions, nor to prohibited or denied
persons or entities without proper government licenses. Information about such
restrictions can be found at the following websites:  http://www.treas.gov/ofac/ and
www.bis.doc.gov/complianceandenforcement/ListsToCheck.htm. You are responsible
for any violation of the US export control laws related to Your copy of the Software.  By
accepting this Agreement, You confirm that You are not a resident or citizen of any
country currently embargoed by the U.S. and that You are not otherwise prohibited from
receiving the Software.

11. U.S. GOVERNMENT RESTRICTED RIGHTS.  If the entity on whose behalf You are
acquiring the Software is any unit or agency of the United States Government, then that
Government entity acknowledges that the Software, (i) was developed at private
expense, (ii) is commercial in nature, (iii) is not in the public domain, and (iv) is "Restricted
Computer Software" as that term is defined in Clause 52.227 19 of the Federal
Acquisition Regulations (FAR) and is "Commercial Computer Software" as that term is
defined in Subpart 227.471 of the Department of Defense Federal Acquisition Regulation
Supplement (DFARS).  The Government agrees that (i) if the Software is supplied to the
Department of Defense (DoD), the Software is classified as "Commercial Computer
Software" and the Government is acquiring only "restricted rights" in the Software and its
documentation as that term is defined in Clause 252.227 7013(c)(1) of the DFARS, and
(ii) if the Software is supplied to any unit or agency of the United States Government ot
her than DoD, the Government's rights in the Software and its documentation will be as
defined in Clause 52.227 19(c)(2) of the FAR.

12. GOVERNING LAW.  Unless otherwise required by the specific jurisdiction's laws,
this Agreement will be governed by the laws of the State of California, USA, without
regard to the provisions of the United Nations Convention on Contracts for the
International Sale of Goods and the conflict of laws provisions of Your state or country of
residence.  

13. GENERAL PROVISIONS. This is the entire agreement between You and Trend
Micro with respect to the subject matter hereof and supersedes and replaces all prior or
contemporaneous understandings or agreements regarding such subject matter. Any
waiver of any provision of this Agreement will be effective only if in writing and signed by
Trend Micro.  In the event that any provision or portion of this Agreement is found to be
invalid, that finding will not affect the validity of the remaining parts of this Agreement.
Trend Micro may assign or subcontract some or all of its obligations under this Agreement
to qualified third parties or its affiliates and/or subsidiaries, provided that no such
assignment or subcontract shall relieve Trend Micro of its obligations under this
Agreement.

14. QUESTIONS.  Address all questions about this Agreement to:
legalnotice@trendmicro.com.


The Software is protected by copyright, trade secret and U.S. PATENT laws, and
international treaty provisions. UNAUTHORIZED REPRODUCTION OR DISTRIBUTION
IS SUBJECT TO CIVIL AND CRIMINAL PENALTIES.
08. september 2009 - 22:01 #32
... der er en punkt i din [Start] menu som hedder [WindowsUpdate] - start den og følg guiden... Check for opdateringer... Og vælg dem alle...
Avatar billede marysan Nybegynder
08. september 2009 - 22:02 #33
Hov, var da vist lidt for hurtig *GGG*

HER er det:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:11, on 08-09-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\amathea.dk\Desktop\cleaner programmer\HiJack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00000000-623A-11D4-BCDB-005004131777} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] //~c:\program files\adobe\photoshop elements 6.0\apdproxy.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] //~c:\program files\canon\solutionmenu\cnslmain.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SIMBAR={0A717255-4FF8-4157-849B-DACBFDD05F76}; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; Tablet PC 2.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 8990 bytes
08. september 2009 - 22:03 #34
Bare [OK] til #31 ... Normal procedure ...
08. september 2009 - 22:04 #35
Vi krydser hinanden *S* - mere følger...
08. september 2009 - 22:11 #36
Du har - som mange andre - har 'rester' efter Symantec/Norton SUK...
+ alm. oprydning ->

Klik på Start->Kør skriv Services.msc (C:\Windows\System32\services.msc) NB: HøjreMusseTast - Kør som Administrator...og klik OK.[/b]
Find Tjenesten (Hvis den er der)
* Service: Symantec Lic NetConnect service (CLTNetCnService)
* Adobe LM Service - Adobe Systems
* Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0
* Google Software Updater (gusvc)
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

------------------------------------------------------------------------

Kør en scanning med Hijackthis, NB: HøjreMusseTast - Kør som Administrator...og klik OK.
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00000000-623A-11D4-BCDB-005004131777} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] //~c:\program files\adobe\photoshop elements 6.0\apdproxy.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Genstart normalt...

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

NB NB NB: Hvilket SIKKERHEDSPROGRAM kører du med nu ???
Avatar billede marysan Nybegynder
08. september 2009 - 22:14 #37
Okay, der er 8 vigtige opdateringer, står der - dem henter jeg nu!

Men skal gå nu, skal møde kl. 23... Sov godt!
08. september 2009 - 22:17 #38
(Jeg skal også ZZZ zzz ... . . . )
Avatar billede marysan Nybegynder
09. september 2009 - 08:36 #39
Så er jeg hjemme igen - prøver lige noget af alt det du skriver ;o)

Øhh ang. sikkerhed så tror jeg faktisk kun jeg har det som følger med Vista...?!

Jeg har haft AVG men den var irriterende, især i mailen!
Og jeg har haft Avast... -eller noget...
Kender du noget til: Sygate Personal Firewall, Avira AntiVir Personal og Ad-Aware Free Anniversary Edition??
Avatar billede marysan Nybegynder
09. september 2009 - 08:41 #40
Det var kun * Adobe LM Service - Adobe Systems * som skulle ændres - men der stod ikke noget om starttype... Men jeg trykkede på Stop... Tænker det er det samme?!
09. september 2009 - 08:48 #41
...stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret..

...kun jeg har det som følger med Vista... - der følger ikke noget brugbar med en standard Vista !!!

Mht AVG Free -> http://www.spywarefri.dk/artikel/computerblade-misinformerer/

Nærlæs -> http://www.spywarefri.dk/sikkerhedspakken/

Du ka' evt. ta' [Avast!] -> http://www.spywarefri.dk/software/avast-antivirus-home-edition/
Avatar billede marysan Nybegynder
09. september 2009 - 09:02 #42
Okay, nu ser det således ud:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:02:00, on 09-09-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\amathea.dk\Desktop\cleaner programmer\HiJack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] //~c:\program files\canon\solutionmenu\cnslmain.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SIMBAR={0A717255-4FF8-4157-849B-DACBFDD05F76}; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; Tablet PC 2.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 7809 bytes
Avatar billede marysan Nybegynder
09. september 2009 - 09:04 #43
- Ang. sikkerhed så har jeg fået anbefalet de førnævnte programmer, men har ikke kunne finde nogen som kender noget til dem...
Og jeg var så irriteret på AVG'en så den vil jeg helst undgå - alt blev så laaangsomt! ... ??
Avatar billede marysan Nybegynder
09. september 2009 - 09:27 #44
Okay, tror jeg vil prøve med WindowsDefender, Avira AntiVir Personal og Online Armor Free...

Lyder det fornuftigt? ;o)
Avatar billede sullep Nybegynder
09. september 2009 - 11:23 #45
Du har "Defender" installet såglem den ?
Avatar billede sullep Nybegynder
09. september 2009 - 11:26 #46
Der gik helt kuk i mit sidste indlæg.

Du har "Defender" installeret så glem den ?
09. september 2009 - 12:12 #47
Umideelbart nydeligt - er er lige en hænger:

Find C:\Windows\System32\services.msc NB: HøjreMusseTast - Kør som Administrator...og klik OK.
Find Tjenesten (Hvis den er der)
* Service: Symantec Lic NetConnect service (CLTNetCnService)
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

Kør en scanning med Hijackthis, NB: HøjreMusseTast - Kør som Administrator...og klik OK.
"Fix" denne linie ->
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

#44 lyder fornuftigt...
Avatar billede marysan Nybegynder
09. september 2009 - 20:29 #48
"Find C:\Windows\System32\services.msc NB: HøjreMusseTast - Kør som Administrator...og klik OK.
Find Tjenesten (Hvis den er der)
* Service: Symantec Lic NetConnect service (CLTNetCnService)
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret."


- Kan ikke finde den...
Jeg kan finde den med HiJack, men den er der endnu efter fix... Men den skal den måske være?!
Avatar billede marysan Nybegynder
09. september 2009 - 20:33 #49
Jo, nu fandt jeg den, men den er stoppet...
09. september 2009 - 20:44 #50
... den skal først/også DEAKTIVERES - findes i EGENSKABER i nævnte services...

Derefter "fix" i HiJackThis ...
Avatar billede marysan Nybegynder
09. september 2009 - 21:38 #51
Nu ka jeg ikke finde den i HiJack.. Ser sådan ud nu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:32, on 09-09-2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\amathea.dk\Desktop\cleaner programmer\HiJack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] //~c:\program files\canon\solutionmenu\cnslmain.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SIMBAR={0A717255-4FF8-4157-849B-DACBFDD05F76}; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.1; Tablet PC 2.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 7886 bytes
09. september 2009 - 22:09 #52
BINGO BANKO !!!

Så er der ikke så meget mere at gi' af der...

Hvordan kører putteren så nu ?
Avatar billede marysan Nybegynder
10. september 2009 - 07:53 #53
Nu kører den igen!!!!
- så skal jeg bare have mig noget sikkerhed - må prøve mig frem... (takker for linket til Spywarefri!)


1000 TAK FOR HJÆLPEN!!!
- så skal der gives nogle point... :D
10. september 2009 - 08:20 #54
Nemlig SIKKERHED NU!!!
Avatar billede marysan Nybegynder
10. september 2009 - 10:01 #55
Hey er der egentlig noget du kan anbefale for sådan en alm. bruger som mig? Synes godt nok det er noget af en jungle!!
Behøver man egentlig både, at have Firewall, Antivirus og AntiSpyware?
10. september 2009 - 13:25 #56
Uha Uha - "Nogle ka' li' blondiner; andre vil ha' rødhåret..." Men ikke samtidig!!!

http://www.spywarefri.dk/sikkerhedspakken/
http://www.spywarefri.dk/
Avatar billede marysan Nybegynder
10. september 2009 - 19:16 #57
Tak - prøver Comodo Internet Security og håber den er noget for mig :o)

Mange mange tak for al hjælpen!!
Avatar billede b-and Novice
10. september 2009 - 20:01 #58
Efter sådan en omgang skal du lige fjerne de inficerede filer i system restore.

Vælg det rigtige styresystem!!

Windows XP:
1. Højreklik på > Denne Computer > Egenskaber > Systemgendannelses.
2. Sæt flueben i > Deaktiver Systemgendannelse> Anvend > OK.
3. Dobbeltklik på > Denne computer > højreklik på (C:) drevet > Egenskaber.
5. Klik på > Diskoprydning > Flere indstillinger.
6. I feltet Systemgendannelse, klik på "Ryd op".
7. Luk alle vinduer og genstart computeren.
8. Efter genstart > Aktiver Systemgendannelse på samme måde du deaktiverede det - Punkt 2 bare omvendt…

Microsofts Vista:
1. Højreklik på >Computer >Egenskaber.
2. Klik på > Avancerede system indstillinger"> og vælg > System beskyttelses > fanen fra menuen.
3. Fjern fluebenet ved drev C og tryk OK.
4. Åben start menuen og søg på > Diskoprydning.
5. Vent på at diskoprydning får arbejdet færdig.
6. Klik på fanen > Flere indstillinger.
7. I feltet Systemgendannelse, klik på > Ryd op.
8. Luk nu vinduerne og genstart computeren.
9. Aktiver Systemgendannelse på samme måde du deaktiverede det.

Ta' en ny scanning med dit sikkerhedsprogram, så du er sikker på at ALT er OK…
Avatar billede marysan Nybegynder
11. september 2009 - 05:14 #59
Hej b-and.

Hermed gjort :D
Så håber jeg alt er fint nu...

Mange tak!!
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester