Windows stifinder fucker helt op! HJÆLP!

Hvis ikke du har C CLEANER liggende så prøv at downloade den og derefter lade den scanne både i programmer og Registreringsbasen
Mvh
Anker

Velkommen til E. ...

Win98, ME, W2000, XP, Vista, Win7, OS/2, Unix, Linux, ... ?

---

Gennemfør det du kan af denne 'pakke' ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Mht.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator..."

------------------

Ovenstående programmer skal måske hentes/downloades via en anden PC og overføres til den 'syge' PC på passende medie (USB-'pin' ell. lign. ..)

------------------

PS: Nævnte CCleaner renser IKKE for 'virus' elementer, men slette diverse midlertidige mapper/filer, samt check RegDatabasen for evt. 'fejl' ... Kan generelt være pænt sundt, og så skal efterfølgende scannerprogram ikke rende igennem de mapper/filer ...

Ja og du kan også afinstallere programmer på computer fra Ccleaner.

... og disable/fjerne elementer fra din opstart...

Att. Karise_Larry

Jeg har gjort som du har sagt, har set at du er lidt af en haj til at hjælpe andre her inde :)

Har lige et spørgsmål ang. HiJackThis. Efter scanningen, skal jeg så gøre noget?

Der er installeret Windows Vista Home Edition.

Og her kommer logfilerne så :)
Malwarebytes først og HJT efterfølgende

-----------

Malwarebytes' Anti-Malware 1.43
Database version: 3504
Windows 6.0.6000
Internet Explorer 8.0.6001.18865

07-01-2010 23:56:02
mbam-log-2010-01-07 (23-56-02).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 299480
Tid tilbagelagt: 8 hour(s), 16 minute(s), 43 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 8
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 3

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1d843b8f-cbaf-5d39-9122-b1516f3b993b (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\szxaeyauhqkyhl (Adware.SnappyAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Windows\System32\1d843b8f-cbaf-5d39-9122-b1516f3b993b.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Windows\System32\szxaeyauhqkyhl.exe (Adware.SnappyAds) -> Quarantined and deleted successfully.
C:\Casino\Casino Tropez\casino.exe (Rogue.CasinoTropez) -> Quarantined and deleted successfully.

----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:08:41, on 08-01-2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Windows\vVX3000.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\lykkk lindhardtsen\Desktop\HiJackThis\HiJackThis.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WerFault.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {33A7B02D-9719-B8D9-30A7-10B76B7934D6} - (no file)
O2 - BHO: (no name) - {3F7A6187-468C-8AC0-A5B9-3A9D4D75D3BE} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Familiesikkerhed\fssbho.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [recinfo795] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [recinfo] RecInfo.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Familiesikkerhed\fssui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\lykkk lindhardtsen\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Tjenesten Google Update (gupdate1c9b87c9f350f80) (gupdate1c9b87c9f350f80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device -  - C:\Windows\system32\lxdecoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 10936 bytes

Er der nogen grund til at der fuldstændig mangler opdateringer fra WindowsUpdate ? Incl Vista ServicePack1 + ServicePack2 ?

Afinstall (hvis muligt)
* Dealio
* Lexmark Værktøjslinje

---

I første omgang -> Kør en scanning med Hijackthis, (Vista: HøjreMusseTast - "Kør som Administrator...")
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [recinfo795] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [recinfo] RecInfo.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

Genstart normalt...

---

Manuelt slet mappen (hvis mulig)
C:\Program Files\Dealio\
C:\Program Files\Search Settings\
c:\RecInfo\

---

Derefter en frisk log fra HiJackThis... der er muligvis mere endnu...

Fix:
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {33A7B02D-9719-B8D9-30A7-10B76B7934D6} - (no file)
O2 - BHO: (no name) - {3F7A6187-468C-8AC0-A5B9-3A9D4D75D3BE} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\lykkk lindhardtsen\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

Desuden kunne du overveje at gå i msconfig og slå det fra du ikke bruger hele tiden!

Jeg troede at der var installeret Windows opdateringer, men det er der jo så åbenbart ikke. Hvordan gør jeg dette?

-----

Jeg har afinstalleret Dealio og Lexmark Værktøjslinje.

-----

Jeg kan ikke slette mapperne manuelt, da Windows Stifinder stadig genstarter konstant og jeg kan derfor ikke nå at komme ind og finde mapperne.

-----

Og så den friske log fra HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:11, on 10-01-2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Windows\vVX3000.exe
C:\Program Files\Windows Live\Familiesikkerhed\fssui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Users\lykkk lindhardtsen\Desktop\HiJackThis\HiJackThis.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\wermgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Familiesikkerhed\fssbho.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark 4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Familiesikkerhed\fssui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] C:\Windows\system32\cmd.exe /c rmdir /q /s "C:\Program Files\Lexmark Toolbar"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Tjenesten Google Update (gupdate1c9b87c9f350f80) (gupdate1c9b87c9f350f80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device -  - C:\Windows\system32\lxdecoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9302 bytes

1. Gå i Start - Skriv i søgefeltet > cmd > vælg det program som hedder > cmd.exe > og højreklik på den og sig "Kør som administrator"
2. Skriv: SFC.exe /Scannow > Enter
3. Indsæt din Windows CD/DVD, hvis du bliver bedt om det
4. Genstart computeren

http://peter.mpbrun.dk/20070705/kontroller-og-reparer-systemfiler-med-sfc/

---

Så har jeg gjort som du skrev. Dog kunne jeg stadig ikke bruge Start. Den skriver så:

Microsoft Windows [version 6.0.6000]
Copyright <c> 2006 Microsoft Corporation. Alle rettigheder forbeholdes.

C:\Windows\system32>SFC /scannow

Starter systemscanning. Denne proces kan tage et stykke tid.

Bekræftelsesfasen af systemscanningen startes.
Bekræftelsen 100% er fuldført. Windows Ressourcebeskyttelse fandt beskadigede filer, men det var ikke alle filer, der kunne repareres.
Du finder flere oplysninger i CBS.Log windir\Logs\CBS\CBS.log, f.eks.
C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>

------------------

Jeg ville prøve at åbne logfilen, men den skriver "Adgang nægtet".

Hmmm,... andre i denne tråd ?

Har du ikke flere ideer? :s

Hvad med ComboFix?

Hent og gem Combofix på dit skrivebord som alg.exe:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Start alg.exe og følg anvisningerne.

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

ComboFix 10-01-12.05 - lykkk lindhardtsen 13-01-2010  22:15:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.45.1030.18.1918.1214 [GMT 1:00]
Kører fra: c:\users\lykkk lindhardtsen\Desktop\ComboFix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-706447487-3534836695-3561498142-500
C:\ARK2906.tmp
C:\ARK4CDA.tmp
C:\ARK6F46.tmp
C:\ARK9379.tmp
C:\ARKEAF1.tmp
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\system32\SIntf16.dll

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-12-13 til 2010-01-13  )))))))))))))))))))))))))))))))))))
.

2010-01-13 21:31 . 2010-01-13 21:31    --------    d-----w-    c:\users\lykkk lindhardtsen\AppData\Local\temp
2010-01-13 16:36 . 2010-01-13 16:43    --------    d-----w-    C:\2319858cd07816f6664fe004
2010-01-13 13:20 . 2009-10-19 14:42    156672    ----a-w-    c:\windows\system32\t2embed.dll
2010-01-13 13:20 . 2009-10-19 14:37    72704    ----a-w-    c:\windows\system32\fontsub.dll
2010-01-13 13:20 . 2009-10-19 14:39    24064    ----a-w-    c:\windows\system32\lpk.dll
2010-01-13 13:20 . 2009-10-19 14:37    10240    ----a-w-    c:\windows\system32\dciman32.dll
2010-01-13 13:20 . 2009-10-19 14:36    34304    ----a-w-    c:\windows\system32\atmlib.dll
2010-01-13 13:20 . 2009-10-19 11:45    289792    ----a-w-    c:\windows\system32\atmfd.dll
2010-01-07 15:07 . 2009-08-27 08:00    84912    ----a-w-    c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100106.002\NAVENG.SYS
2010-01-07 15:07 . 2009-08-27 08:00    177520    ----a-w-    c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100106.002\NAVENG32.DLL
2010-01-07 15:07 . 2009-08-27 08:00    1647984    ----a-w-    c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100106.002\NAVEX32A.DLL
2010-01-07 15:07 . 2009-08-27 08:00    1323568    ----a-w-    c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100106.002\NAVEX15.SYS
2010-01-07 15:07 . 2009-10-19 08:00    259440    ----a-w-    c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100106.002\ECMSVR32.DLL
2010-01-07 15:07 . 2009-08-27 08:00    371248    ----a-w-    c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100106.002\EECTRL.SYS
2010-01-07 15:07 . 2009-08-27 08:00    102448    ----a-w-    c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100106.002\ERASER.SYS
2010-01-07 15:07 . 2009-12-14 09:00    2747440    ----a-w-    c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100106.002\CCERASER.DLL
2010-01-06 21:44 . 2010-01-06 21:44    --------    d-----w-    c:\users\lykkk lindhardtsen\AppData\Roaming\Malwarebytes
2010-01-06 21:44 . 2009-12-30 13:55    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 21:43 . 2010-01-06 21:43    --------    d-----w-    c:\programdata\Malwarebytes
2010-01-06 21:43 . 2009-12-30 13:54    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-06 21:43 . 2010-01-06 21:44    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-01-06 18:42 . 2010-01-06 18:42    --------    d-----w-    C:\ATI
2010-01-06 18:12 . 2010-01-06 18:12    --------    d-----w-    c:\program files\CCleaner
2010-01-03 21:40 . 2010-01-03 21:40    --------    d-----w-    C:\$AVG
2010-01-03 21:38 . 2010-01-03 21:38    --------    d-----w-    c:\program files\AVG
2010-01-03 21:37 . 2010-01-13 20:52    --------    d-----w-    c:\programdata\avg9
2009-12-19 23:50 . 2009-12-19 23:50    --------    d-----w-    c:\programdata\PokerHost
2009-12-19 23:31 . 2009-12-19 23:50    --------    d-----w-    c:\users\lykkk lindhardtsen\AppData\Local\PokerHost
2009-12-19 23:31 . 2010-01-04 16:58    --------    d---a-w-    c:\program files\PokerHost
2009-12-19 17:00 . 2009-12-19 17:00    --------    d-----w-    c:\windows\system32\drivers\NSS
2009-12-19 14:54 . 2009-12-19 14:54    --------    d-----w-    c:\users\lykkk lindhardtsen\AppData\Local\SupportSoft
2009-12-19 14:53 . 2009-12-19 14:53    --------    d-----w-    c:\program files\Common Files\SupportSoft
2009-12-19 12:49 . 2009-12-19 12:49    396552    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 16:44 . 2008-03-26 14:53    --------    d-----w-    c:\programdata\Microsoft Help
2010-01-13 16:43 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-01-07 15:12 . 2009-08-02 16:01    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2010-01-07 13:10 . 2009-02-13 14:38    --------    d-----w-    c:\program files\Common Files\Nero
2010-01-07 00:17 . 2009-02-13 14:38    --------    d-----w-    c:\programdata\Nero
2010-01-06 21:49 . 2008-03-26 14:51    --------    d-----w-    c:\program files\Nero
2010-01-06 19:59 . 2008-05-25 12:27    --------    d-----w-    c:\program files\BitComet
2010-01-03 19:01 . 2009-11-25 16:41    439816    ----a-w-    c:\users\lykkk lindhardtsen\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-12-31 16:15 . 2008-03-27 11:29    --------    d-----w-    c:\users\lykkk lindhardtsen\AppData\Roaming\LimeWire
2009-12-31 16:09 . 1999-09-10 18:25    80598    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-31 16:09 . 1999-09-10 18:25    485894    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-25 21:44 . 2008-03-26 14:47    106072    ----a-w-    c:\users\lykkk lindhardtsen\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-20 22:31 . 2009-03-18 14:28    --------    d-----w-    c:\program files\Full Tilt Poker
2009-12-20 21:25 . 2009-01-03 16:08    --------    d-----w-    c:\program files\PokerStars
2009-12-19 17:00 . 2009-07-15 16:01    --------    d-----w-    c:\programdata\Norton
2009-12-19 17:00 . 2008-06-23 19:36    --------    d-----w-    c:\program files\Norton Security Scan
2009-12-19 17:00 . 2009-07-15 16:00    --------    d-----w-    c:\programdata\NortonInstaller
2009-12-19 12:43 . 2008-03-27 17:09    --------    d-----w-    c:\programdata\Lx_cats
2009-12-14 09:00 . 2009-12-14 09:00    2747440    ----a-w-    c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\CCERASER.DLL
2009-11-26 02:31 . 2009-11-26 02:31    118784    ----a-w-    c:\users\lykkk lindhardtsen\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll
2009-11-21 06:40 . 2009-12-09 11:43    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 11:42    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 11:42    71680    ----a-w-    c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 11:42    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2009-11-09 13:34 . 2009-12-10 02:24    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2009-11-09 13:30 . 2009-12-10 02:24    31232    ----a-w-    c:\windows\system32\httpapi.dll
2009-11-09 11:17 . 2009-12-10 02:24    396800    ----a-w-    c:\windows\system32\drivers\http.sys
2009-11-02 19:42 . 2009-10-05 11:27    195456    ------w-    c:\windows\system32\MpSigStub.exe
2009-10-29 07:59 . 2009-11-25 15:13    2048    ----a-w-    c:\windows\system32\tzres.dll
2009-10-19 08:00 . 2009-10-19 08:00    259440    ----a-w-    c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ECMSVR32.DLL
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-30 1232896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [1999-09-10 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-03 148888]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"fssui"="c:\program files\Windows Live\Familiesikkerhed\fssui.exe" [2007-12-17 243240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-08 198160]

c:\users\lykkk lindhardtsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [31-03-2008 13:03 43816]
R2 fsssvc;Windows Live OneCare Familiesikkerhed;c:\program files\Windows Live\Familiesikkerhed\fsssvc.exe [17-12-2007 10:13 523816]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdeserv.exe [29-05-2007 10:06 99248]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [12-10-2008 21:08 682232]
S2 gupdate1c9b87c9f350f80;Tjenesten Google Update (gupdate1c9b87c9f350f80);c:\program files\Google\Update\GoogleUpdate.exe [08-04-2009 20:02 133104]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\System32\drivers\usbaapl.sys [10-07-2008 08:35 32000]
.
Indhold af mappen 'Planlagte Opgaver'

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 19:02]

2010-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 19:02]

2010-01-07 c:\windows\Tasks\Norton Security Scan for lykkk lindhardtsen.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-19 17:00]

2008-04-12 c:\windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]

2010-01-13 c:\windows\Tasks\User_Feed_Synchronization-{AF1DCF58-F507-4269-9F99-06767B62FAE4}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/ig?hl=da
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: nordea.dk\www.netbank
.
- - - - TOMME GENVEJE FJERNET - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ActiveSetup-ccc-core-static - msiexec



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 22:31
Windows 6.0.6000  NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-459768594-2558343858-3368177966-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3c,2e,a4,9e,22,37,6e,fc,4c,0c,07,ff,7d,0d,8d,f0,8e,a2,ad,9f,b8,30,25,
  85,3d,1f,81,34,7e,78,93,d8,d8,1d,10,d1,a8,c5,c0,d1,cb,a1,08,4b,ba,ef,87,c9,\
"??"=hex:b9,b5,d8,18,93,e3,5d,9f,fa,f2,a3,b3,4b,9d,0b,82

[HKEY_USERS\S-1-5-21-459768594-2558343858-3368177966-1000\Software\SecuROM\License information*]
"datasecu"=hex:24,ef,f2,1e,4b,96,9b,44,0c,cd,6e,fa,23,ef,3a,d4,a4,5c,38,77,50,
  d6,24,49,2c,ab,a9,4e,08,c1,49,c3,f4,07,5e,2e,c8,64,4f,b7,fe,f4,c2,a4,39,23,\
"rkeysecu"=hex:8e,a3,4a,90,3a,38,00,52,89,cc,fc,72,2c,20,8f,51

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2010-01-13  22:37:48
ComboFix-quarantined-files.txt  2010-01-13 21:37

Pre-Kørsel: 54.437.859.328 byte ledig
Post-Kørsel: 54.191.390.720 byte ledig

- - End Of File - - 3DDC2036AACB3DB3DA8BA9E956BFCC15

*SUK* - du har tilsynelandende 'leget' med c:\program files\BitComet engang...
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/

Ja, det har jeg. Hvor stort et problem er det og hvad gør jeg så ? :s

<f-arn> forsætter ?

Fortsætter? Hvad mener du?

------

Jeg kom til at tænke på om det måske var muligt at jeg kunne finde min reg.key til Windows, låne en anden Windows Vista, installere det og bruge min reg.key?

... når du alligevel i en længere (?) periode har kørt uden WindowsUpdate (SP1 + SP2), samt 'leget' med nævnte program - eller retterer reslutater derfra ...

Så vil en 100% geninstalation nok være smart *S* ...

Hvor har du 'fået' din Vista instalation fra ?
Er putteren 'født' med denne instalation ? Eller lagt ind manuelt engang ?

Som tidligere nævnt er det svigermors computer, som jeg prøver at lave for hende. Da hun købte computeren, var Windows Vista installeret, så hun har den ikke liggende der hjemme. Men hvad gør jeg så? Kan det lade sig gøre at finde hendes reg.key, installere et lånt windows og bruge hendes reg.key?

... jeg kan godt forestille mig et der er en RECOVERY partion til at genindlæse FACTORY INSTALATION !

Fabrikat, model, type på putteren ???

Fujitsu Siemens Amilo

http://www.laptopworld.dk/assets/images/Amilo%20Pa1510/image003.jpg

Det vil jeg da' gi karise_larry ret i at der sikkert er.

------

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt


Killall::
Snapshot::
File::
c:\windows\system32\lxdecoms.exe
Driver::
lxde_device



Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

http://support.ts.fujitsu.com/Manuals/ShowDescription_KMT.asp?DokuID=200164 - Download manualen - se side 56

"Press F8 at PowerOn to load Recovery ..."

Jeg er på kursus nu og har et møde halv 5.

Jeg kigger på det i aften, tak for det ;)

Nu har der været flere aftener - og istedet for at fortsætte i denne tråd oprette du jo bare http://www.eksperten.dk/spm/897777 -> http://www.eksperten.dk/spm/898908

DET ER JO IKKE LIGE SAGEN ???

MANGLER OGSÅ SVAR PÅ http://www.eksperten.dk/spm/897777#reply_7521064

(Hvad endte denne tråd med ?)

(Hvad endte denne tråd med ?)

#30
At han ikke kunne bruge vores hjælp åbenbart!!!!

Er ked af jeg aldrig fik svaret tilbage. Fik aldrig lortet til at virke igen.