Avatar billede GlennV Novice
16. september 2009 - 10:51 Der er 25 kommentarer

problem, når pc'en startes

hej,
Jeg har et problem, hver gang jeg tænder for min pc. Pc,en kommer frem med fælgende pop-up vindue:

Programmet eller DLL'en C:/WINDOWS/system32/autochk.dll er ikke et gyldigt Windows-billede. Kontroller dette med din installationsdiskette.

når "ok" trykkes på denne, kommer følgende:

Programmet eller Dll'en C:/DOCUME~1/STEFAN~1/protect.dll er ikke et gyldigt Windows-billede. Kontroller dette med din installationsdiskette.

Når "ok" trykkes igen, kommer følgende:

Fejl under indlæsning af C:/windows/system32/autochk.dll%1 er ikke et gyldigt Win32-program

Når "ok" trykkes igen, kommer følgende:

Fejl under indlæsning af C:/DOCUME~1/STEFAN~1/protect.dll%1 er ikke et gyldigt Win32-program

Er der en der ved  hvad der er galt og hvordan jeg for det væk?
16. september 2009 - 11:05 #1
Win98, ME, W2000, XP, Vista, Win7, OS/2, Unix, Linux, ... ?

Samme procedure som her -> http://www.eksperten.dk/spm/878337#reply_7404118 (den har du vist 'glemt' ???)
Avatar billede GlennV Novice
16. september 2009 - 12:06 #2
xp

Denne tråd, er oprettet fra (og til hjælp for) en andens pc
Avatar billede GlennV Novice
16. september 2009 - 12:30 #3
kunne forstå du gerne ville have HJT logen :)  :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:14, on 16-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir Desktop\sched.exe
C:\Programmer\Avira\AntiVir Desktop\avguard.exe
C:\Programmer\Windows Live\Family Safety\fsssvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Elantech\ETDCtrl.exe
C:\Programmer\EeePC\ACPI\AsTray.exe
C:\Programmer\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmer\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Avira\AntiVir Desktop\avgnt.exe
C:\Programmer\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Stefan Mammen\Stefan Mammen.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmer\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Dokumenter\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Programmer\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmer\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmer\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmer\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Programmer\PC_Antispyware2010\PC_Antispyware2010.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Stefan Mammen] C:\Documents and Settings\Stefan Mammen\Stefan Mammen.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\STEFAN~1\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send til Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmer\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Temaer ThemesCiSvc (ThemesCiSvc) - Unknown owner - C:\WINDOWS\system32\arpc.exe (file missing)

--
End of file - 6341 bytes
16. september 2009 - 12:45 #4
... og nævnte [Malwarebytes Anti-Malware] procedure + Logteksten.
DEREFTER en frisk log fra HiJackThis ...
Avatar billede GlennV Novice
16. september 2009 - 12:51 #5
har allerede kørt Malwarebytes Anti-Malware, men den fandt intet :b
Avatar billede f-arn Guru
16. september 2009 - 13:17 #6
Jeg vil gerne se en malwarebytes der godkender den.
Avatar billede f-arn Guru
16. september 2009 - 13:25 #7
Iøvrigt - Da det er karise_larrys tråd vil jeg ikke blande mig mere!
16. september 2009 - 14:28 #8
*Enig* Altså det med at se MalwareBytes Loggen *S*

[PC Antispyware 2010] "C:\Programmer\PC_Antispyware2010\PC_Antispyware2010.exe" /hide ->
http://www.bleepingcomputer.com/virus-removal/remove-pc-antispyware-2010
???
Avatar billede johnstigers Seniormester
16. september 2009 - 19:20 #9
Med på en "lytter" :)
16. september 2009 - 19:58 #10
Nøøøøj - har du fået Datamaten til at læse op fra skærmen *G* ...
Avatar billede johnstigers Seniormester
16. september 2009 - 20:51 #11
Jep, det er er det nyeste nye :D
Avatar billede GlennV Novice
17. september 2009 - 09:50 #12
MalwareBytes Loggen:

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 3

09:39:59 17-09-2009
mbam-log-09-17-2009 (09-39-59).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 68586
Tid tilbagelagt: 13 minute(s), 57 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


___


Ny HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:46, on 17-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Elantech\ETDCtrl.exe
C:\Programmer\EeePC\ACPI\AsTray.exe
C:\Programmer\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmer\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Avira\AntiVir Desktop\avgnt.exe
C:\Programmer\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Stefan Mammen\Stefan Mammen.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Programmer\Avira\AntiVir Desktop\avguard.exe
C:\Programmer\Windows Live\Family Safety\fsssvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Dokumenter\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Programmer\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmer\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmer\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmer\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Programmer\PC_Antispyware2010\PC_Antispyware2010.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Stefan Mammen] C:\Documents and Settings\Stefan Mammen\Stefan Mammen.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\STEFAN~1\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send til Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmer\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Temaer ThemesCiSvc (ThemesCiSvc) - Unknown owner - C:\WINDOWS\system32\arpc.exe (file missing)

--
End of file - 6676 bytes
17. september 2009 - 10:18 #13
Malwarebytes' Anti-Malware 1.25

Din version:
Database version: 1062

Nyeste version:
Database version: 2814

Opdatér din MalwareBytes via Fanen Opdatér ...

Og en ny omgang...
Avatar billede GlennV Novice
20. september 2009 - 13:29 #14
Malwarebytes' Anti-Malware 1.41
Database version: 2819
Windows 5.1.2600 Service Pack 3

20-09-2009 13:27:33
mbam-log-2009-09-20 (13-27-28).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 127109
Tid tilbagelagt: 24 minute(s), 32 second(s)

Inficerede Hukommelses Processer: 2
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 11
Inficerede Registeringsdatabase Værdier: 8
Inficerede Registeringsdatabase Filer: 7
Inficerede Mapper: 3
Inficerede Filer: 29

Inficerede Hukommelses Processer:
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Temp\b.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Downloader) -> No action taken.

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC_AntiSpyware2010 (Rogue.PC_AntiSpyware2010) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_AntiSpyware2010 (Rogue.PC_AntiSpyware2010) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nordbull (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PC AntiSpyware 2010 (Rogue.PC_AntiSpyware2010) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\poprock (Trojan.Downloader) -> No action taken.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Inficerede Mapper:
C:\Programmer\PC_AntiSpyware2010 (Rogue.PC_AntiSpyware2010) -> No action taken.
C:\Programmer\PC_AntiSpyware2010\data (Rogue.PC_AntiSpyware2010) -> No action taken.
C:\Programmer\PC_AntiSpyware2010\Microsoft.VC80.CRT (Rogue.PC_AntiSpyware2010) -> No action taken.

Inficerede Filer:
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Temp\b.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\msa.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\msxml71.dll (Worm.Allaple) -> No action taken.
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Temp\a.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Temp\c.exe (Trojan.Downloader) -> No action taken.
C:\Programmer\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro) -> No action taken.
C:\WINDOWS\system32\rotscxbwwxidmn.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxeylkiqko.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxpesmceth.dll (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\rotscxracopcqlxu.tmp (Rootkit.TDSS) -> No action taken.
C:\Programmer\PC_AntiSpyware2010\AVEngn.dll (Rogue.PC_AntiSpyware2010) -> No action taken.
C:\Programmer\PC_AntiSpyware2010\PC_Antispyware2010.cfg (Rogue.PC_AntiSpyware2010) -> No action taken.
C:\Programmer\PC_AntiSpyware2010\pthreadVC2.dll (Rogue.PC_AntiSpyware2010) -> No action taken.
C:\Programmer\PC_AntiSpyware2010\data\daily.cvd (Rogue.PC_AntiSpyware2010) -> No action taken.
C:\Programmer\PC_AntiSpyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_AntiSpyware2010) -> No action taken.
C:\Programmer\PC_AntiSpyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_AntiSpyware2010) -> No action taken.
C:\Programmer\PC_AntiSpyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_AntiSpyware2010) -> No action taken.
C:\Programmer\PC_AntiSpyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_AntiSpyware2010) -> No action taken.
C:\Documents and Settings\Stefan Mammen\Menuen Start\Programmer\Start\ChkDisk.lnk (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Stefan Mammen\protect.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\rotscxibeeptta.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\rotscxxvmtnqwe.dat (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\rotscxsppqbuxt.sys (Rootkit.TDSS) -> No action taken.
Avatar billede GlennV Novice
20. september 2009 - 13:43 #15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:40:44, on 20-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Elantech\ETDCtrl.exe
C:\Programmer\EeePC\ACPI\AsTray.exe
C:\Programmer\EeePC\ACPI\AsAcpiSvr.exe
C:\Programmer\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Avira\AntiVir Desktop\avguard.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Family Safety\fsssvc.exe
C:\Documents and Settings\Stefan Mammen\rfyav.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dwwin.exe
E:\rfYAv.ExE
C:\WINDOWS\msa.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\STEFAN~1\LOKALE~1\Temp\b.exe
C:\Documents and Settings\Stefan Mammen\Dokumenter\Downloads\HiJackThis (1).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Programmer\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmer\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmer\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmer\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [PC Antispyware 2010] "C:\Programmer\PC_Antispyware2010\PC_Antispyware2010.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Stefan Mammen] C:\Documents and Settings\Stefan Mammen\Stefan Mammen.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\STEFAN~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [rfyav] C:\Documents and Settings\Stefan Mammen\rfyav.exe
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\STEFAN~1\LOKALE~1\Temp\b.exe
O4 - HKCU\..\Run: [NordBull] C:\WINDOWS\msa.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send til Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmer\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Temaer ThemesCiSvc (ThemesCiSvc) - Unknown owner - C:\WINDOWS\system32\arpc.exe (file missing)

--
End of file - 6989 bytes
20. september 2009 - 15:05 #16
-> No action taken ???

Du 'glemte' denne detalje ->
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" ...

Såååå - om igen med Malwarebytes (husk OPDATÉR...)
Avatar billede GlennV Novice
20. september 2009 - 17:12 #17
Det kan jeg desværre ikke. s: når jeg trykker på fjern valgte og den begynder at fjerne, så lukker programmet pludselig ned og der kommer en pop up hvor der står. send fejlrapport eller undlad at sende fejlrapport. Min pc får flere og flere fejl med tiden. Nu begynder den og lukker alle programmer jeg har åbnet, og så kommer den pop up igen, hvor der står: send fejlrapport eller undlad at sende fejlrapport.
20. september 2009 - 18:42 #18
Generelt: Disable dette "fejlrapport" halløj ->
Skrivebord - HøjreMusseTast på [Denne computer] [Egenskaber] Fanen [Advanceret] Fejlrapportering [X] Deaktiver fejlrapportering... OK ...

---

Så tager vi denne istedet for / foreløbig ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Avatar billede GlennV Novice
21. september 2009 - 08:19 #19
ComboFix 09-09-20.01 - Stefan Mammen 21-09-2009  8:07.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.2039.1450 [GMT 2:00]
Kører fra: c:\documents and settings\Stefan Mammen\Dokumenter\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\STEFAN~1\LOKALE~1\Temp\install_flash_player.exe
c:\documents and settings\Stefan Mammen\Application Data\ecuj.ban
c:\documents and settings\Stefan Mammen\Application Data\ycebyt.dll
c:\documents and settings\Stefan Mammen\Application Data\yzap.reg
c:\documents and settings\Stefan Mammen\Application Data\zohypym.dll
c:\documents and settings\Stefan Mammen\Cookies\feqyxyme.com
c:\documents and settings\Stefan Mammen\Cookies\tipuwy.bin
c:\documents and settings\Stefan Mammen\Lokale indstillinger\Application Data\walirysy.exe
c:\documents and settings\Stefan Mammen\Menuen Start\Programmer\Start\ChkDisk.lnk
c:\documents and settings\Stefan Mammen\protect.dll
c:\documents and settings\Stefan Mammen\rfyav.exe
c:\programmer\PC_Antispyware2010
c:\programmer\PC_Antispyware2010\AVEngn.dll
c:\programmer\PC_Antispyware2010\data\daily.cvd
c:\programmer\PC_Antispyware2010\htmlayout.dll
c:\programmer\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\programmer\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\programmer\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\programmer\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\programmer\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\programmer\PC_Antispyware2010\pthreadVC2.dll
c:\recycler\S-1-5-21-3375243515-3541712511-314844050-1003
c:\windows\duze.exe
c:\windows\kilaq.vbs
c:\windows\lyfowoxup.scr
c:\windows\puhufyd.dl
c:\windows\system32\1157492343.dat
c:\windows\system32\autochk.dll
c:\windows\system32\drivers\rotscxsppqbuxt.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\rotscxeylkiqko.dll
c:\windows\system32\rotscxibeeptta.dat
c:\windows\system32\rotscxpesmceth.dll
c:\windows\system32\rotscxxvmtnqwe.dat
c:\windows\system32\yxym.pif

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rotscxyrittfdt
-------\Legacy_THEMESCISVC
-------\Service_rotscxyrittfdt
-------\Service_ThemesCiSvc


(((((((((((((((((((((((((((((  Filer skabt fra 2009-08-21 til 2009-09-21  )))))))))))))))))))))))))))))))))))
.

Ingen nye filer dannet i denne periode

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 04:01 . 2010-03-04 04:01    --------    d-----w-    c:\programmer\microsoft frontpage
2010-03-04 03:59 . 2010-03-04 03:59    --------    d-----w-    c:\programmer\Onlinetjenester
2010-03-04 03:59 . 2010-03-04 03:59    --------    d-----w-    c:\programmer\Fælles filer\Tjenester
2010-03-04 03:59 . 2010-03-04 03:59    21644    ----a-w-    c:\windows\system32\emptyregdb.dat
2009-09-21 06:02 . 2010-03-04 04:48    84030    ----a-w-    c:\windows\system32\perfc006.dat
2009-09-21 06:02 . 2010-03-04 04:48    459900    ----a-w-    c:\windows\system32\perfh006.dat
2009-09-18 07:48 . 2009-09-16 08:53    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-09-16 08:53 . 2009-09-16 08:53    --------    d-----w-    c:\documents and settings\Stefan Mammen\Application Data\Malwarebytes
2009-09-16 08:53 . 2009-09-16 08:53    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 07:14 . 2009-09-16 07:14    --------    d-----w-    c:\programmer\CCleaner
2009-09-15 10:33 . 2009-09-15 10:33    14635    ----a-w-    c:\windows\lydopojan.dat
2009-09-15 10:33 . 2009-09-15 10:33    13879    ----a-w-    c:\windows\system32\roby.dat
2009-09-12 07:11 . 2009-03-04 05:07    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-10 12:54 . 2009-09-16 08:53    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-09-16 08:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-09-02 18:38 . 2009-08-24 22:36    70448    ----a-w-    c:\documents and settings\Stefan Mammen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 18:59 . 2009-03-04 04:51    --------    d-----w-    c:\programmer\Microsoft Works
2009-09-01 18:58 . 2009-09-01 18:58    --------    d-----w-    c:\programmer\Microsoft.NET
2009-09-01 18:46 . 2009-03-04 05:00    --------    d-----w-    c:\programmer\Microsoft
2009-08-30 15:20 . 2009-08-30 15:20    --------    d-----w-    c:\programmer\Graph
2009-08-29 07:16 . 2009-08-29 07:16    --------    d-----w-    c:\programmer\MSBuild
2009-08-29 07:16 . 2009-08-29 07:16    --------    d-----w-    c:\programmer\Reference Assemblies
2009-08-27 15:41 . 2009-08-27 15:41    48    ----a-w-    c:\documents and settings\Stefan Mammen\Application Data\wklnhst.dat
2009-08-27 15:41 . 2009-08-27 15:41    --------    d-----w-    c:\documents and settings\Stefan Mammen\Application Data\Template
2009-08-26 20:49 . 2009-03-04 04:50    --------    d-----w-    c:\programmer\Fælles filer\Adobe
2009-08-26 20:19 . 2009-08-26 20:19    --------    d-----w-    c:\documents and settings\Stefan Mammen\Application Data\RealWorld
2009-08-26 20:06 . 2009-08-26 19:56    --------    d-----w-    c:\programmer\Paint.NET
2009-08-26 19:57 . 2009-03-04 05:00    --------    d-----w-    c:\programmer\Windows Live
2009-08-26 19:16 . 2009-08-26 19:16    --------    d-----w-    c:\programmer\Avira
2009-08-26 19:16 . 2009-08-26 19:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Avira
2009-08-26 18:56 . 2009-03-04 04:49    --------    d-----w-    c:\programmer\ASUS
2009-08-05 09:00 . 2010-03-04 04:48    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2010-03-04 04:48    119808    ----a-w-    c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2010-03-04 04:48    81920    ----a-w-    c:\windows\system32\fontsub.dll
2009-07-28 14:33 . 2009-08-26 19:16    55656    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2009-07-21 06:52 . 2009-07-21 06:52    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2009-07-21 06:52 . 2009-07-21 06:52    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2009-07-17 19:03 . 2010-03-04 04:48    58880    ----a-w-    c:\windows\system32\atl.dll
2009-07-13 21:43 . 2010-03-04 04:48    286208    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-06-29 15:58 . 2010-03-04 04:48    827392    ----a-w-    c:\windows\system32\wininet.dll
2009-06-29 15:58 . 2010-03-04 04:48    78336    ----a-w-    c:\windows\system32\ieencode.dll
2009-06-29 15:58 . 2010-03-04 04:48    17408    ----a-w-    c:\windows\system32\corpol.dll
2009-06-25 08:26 . 2010-03-04 04:48    54272    ----a-w-    c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2010-03-04 04:48    56832    ----a-w-    c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2010-03-04 04:48    147456    ----a-w-    c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2010-03-04 04:48    136192    ----a-w-    c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2010-03-04 04:48    731648    ----a-w-    c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2010-03-04 04:48    301568    ----a-w-    c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2010-03-04 04:48    92928    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2008-05-07 08:34 . 2009-03-04 04:51    15523560    ----a-w-    c:\programmer\U1 Setup.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-26 133104]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\programmer\Elantech\ETDCtrl.exe" [2009-01-23 416768]
"AsusTray"="c:\programmer\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\programmer\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\programmer\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"avgnt"="c:\programmer\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"fssui"="c:\programmer\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-13 17508864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\programmer\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-3-4 376832]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    msapsspc.dll schannel.dll digest.dll msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmer\Avira\AntiVir Desktop\sched.exe [26-08-2009 21:16 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [04-03-2009 07:06 55136]
R2 fsssvc;Windows Live Family Safety;c:\programmer\Windows Live\Family Safety\fsssvc.exe [06-02-2009 18:08 533360]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [04-03-2009 06:47 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [01-08-2008 04:24 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [04-11-2008 11:28 38400]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [14-04-2009 17:20 933504]
S2 jsjzvzqpvq;jsjzvzqpvq;\??\c:\windows\system32\drivers\rlvwnuwvqxclrf.sys --> c:\windows\system32\drivers\rlvwnuwvqxclrf.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04-03-2009 06:44 1684736]
.
Indhold af mappen 'Planlagte Opgaver'

2009-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135438500-2191432629-2989547700-1006Core.job
- c:\documents and settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-08-26 18:06]

2009-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135438500-2191432629-2989547700-1006UA.job
- c:\documents and settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-08-26 18:06]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send til &Bluetooth-enhed... - c:\programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send til Bluetooth - c:\programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-Run-rfyav - c:\documents and settings\Stefan Mammen\rfyav.exe
HKLM-Run-PC Antispyware 2010 - c:\programmer\PC_Antispyware2010\PC_Antispyware2010.exe
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll
AddRemove-HijackThis - e:\spywarefri\HijackThis.exe
AddRemove-PC_Antispyware2010 - c:\programmer\PC_Antispyware2010\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 08:13
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(1804)
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.DAN
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\programmer\Avira\AntiVir Desktop\avguard.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Gennemført tid: 2009-09-21  8:15 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-09-21 06:15

Pre-Kørsel: 67.481.997.312 byte ledig
Post-Kørsel: 67.440.971.776 byte ledig

WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

220    --- E O F ---    2009-09-12 07:14
21. september 2009 - 08:45 #20
BINGO - derefter #16 ... (Malwarebytes)
Avatar billede GlennV Novice
21. september 2009 - 09:54 #21
Malwarebytes' Anti-Malware 1.41
Database version: 2834
Windows 5.1.2600 Service Pack 3

21-09-2009 09:48:43
mbam-log-2009-09-21 (09-48-43).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 121609
Tid tilbagelagt: 18 minute(s), 30 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 3
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)
21. september 2009 - 10:35 #22
Bingo...

Ka' jeg/vi få en frisk log fra HiJackThis ?
Avatar billede GlennV Novice
21. september 2009 - 10:41 #23
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:18, on 21-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Elantech\ETDCtrl.exe
C:\Programmer\EeePC\ACPI\AsTray.exe
C:\Programmer\EeePC\ACPI\AsAcpiSvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Avira\AntiVir Desktop\avgnt.exe
C:\Programmer\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Programmer\Avira\AntiVir Desktop\avguard.exe
C:\Programmer\Windows Live\Family Safety\fsssvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Stefan Mammen\Dokumenter\Downloads\HiJackThis (2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Programmer\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AsusTray] C:\Programmer\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Programmer\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Programmer\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [fssui] "C:\Programmer\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Stefan Mammen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send til Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmer\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe

--
End of file - 6108 bytes
Avatar billede GlennV Novice
31. august 2010 - 13:15 #24
(Det var et svar)
31. august 2010 - 19:41 #25
Du SKAL opdatere din 'gamle' IE7 til nuværende IE8! Så er der straks nogen der vil sige/skrive, at ...jeg bruger ikke IE, kun Crome/Firefox/Opera/..., så jeg behøver ikke at tænke over IE... Men der er banditprogrammer ude i verden, som netop angriber din PC igennem UOPDATEREDE IE ...
Derfor - 100% WindowsUpdate ...

---

Hvordan kører putteren så nu ?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester