CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede mrlaw Nybegynder
12. november 2010 - 23:43 Der er 11 kommentarer og
1 løsning

virus og malware

Hej !

har fulgt `fromsej´s programpakke til at fjerne diverse skidt med, er der nogen "kompetente" der har lyst til at kigge på min logfiler?

på forhånd tak.
P.s
HiJackThis sagde følgende  "fore som reason your system denied write access to Host file"


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5103

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

12-11-2010 22:53:58
mbam-log-2010-11-12 (22-53-58).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 238138
Tid gået: 56 minut(ter), 39 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 1
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 4

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\Users\Gæst\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PEUK9NJU\setup[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Gæst\AppData\Local\Temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Gæst\AppData\Local\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Gæst\AppData\Local\Temp\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


ComboFix 10-11-12.01 - fam. juel krarup 12-11-2010  23:11:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.45.1030.18.3070.1977 [GMT 1:00]
Kører fra: c:\users\fam. juel krarup\Desktop\langsom pc fikser\ComboFix.exe
Kommandoer benyttet :: c:\users\fam. juel krarup\Desktop\langsom pc fikser\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 48 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtectionI.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\SearchGuardPlus.exe
c:\program files\Search Guard Plus\SearchGuardPlus.ico
c:\program files\Search Guard Plus\uninstalSGP.exe
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\users\fam. juel krarup\AppData\Roaming\inst.exe
c:\windows\system\BisonC07.dll

.
(((((((((((((((((((((((((((((  Filer skabt fra 2010-10-12 til 2010-11-12  )))))))))))))))))))))))))))))))))))
.

2010-11-12 20:53 . 2010-11-12 20:53    --------    d-----w-    c:\users\fam. juel krarup\AppData\Roaming\Malwarebytes
2010-11-12 20:52 . 2010-04-29 14:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-12 20:52 . 2010-11-12 20:52    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-11-12 20:52 . 2010-11-12 20:52    --------    d-----w-    c:\programdata\Malwarebytes
2010-11-12 20:52 . 2010-04-29 14:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-11-12 20:43 . 2010-11-12 20:43    --------    d-----w-    c:\program files\CCleaner
2010-11-12 20:22 . 2010-10-07 23:21    6146896    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9BAB599-17DD-4278-8754-CBB97EAFA83B}\mpengine.dll
2010-11-10 22:34 . 2010-11-12 20:32    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2010-11-10 22:34 . 2010-11-12 20:28    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2010-11-10 20:08 . 2010-11-10 20:20    --------    d-----w-    c:\program files\Eusing Free Registry Cleaner
2010-11-10 19:58 . 2010-10-07 11:35    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
2010-11-08 17:24 . 2010-11-08 17:24    --------    d-----w-    c:\windows\Sun
2010-11-03 15:33 . 2010-11-03 15:33    --------    d-----w-    c:\users\fam. juel krarup\.oces2
2010-10-26 19:43 . 2010-08-26 16:01    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2010-10-26 19:43 . 2010-08-26 14:11    4240384    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-16 10:57 . 2010-09-20 09:25    231936    ----a-w-    c:\windows\system32\msshsq.dll
2010-10-15 18:27 . 2010-08-20 15:21    866816    ----a-w-    c:\windows\system32\wmpmde.dll
2010-10-15 18:27 . 2010-09-10 16:37    8147456    ----a-w-    c:\windows\system32\wmploc.DLL
2010-10-15 18:27 . 2010-09-10 16:35    168960    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2010-10-15 18:27 . 2010-09-06 16:24    125952    ----a-w-    c:\windows\system32\srvsvc.dll
2010-10-15 18:27 . 2010-09-06 14:13    303616    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-10-15 18:27 . 2010-09-06 14:12    101888    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2010-10-15 18:27 . 2010-09-06 16:23    17920    ----a-w-    c:\windows\system32\netevent.dll
2010-10-15 18:27 . 2010-09-06 14:12    145408    ----a-w-    c:\windows\system32\drivers\srv2.sys
2010-10-15 18:25 . 2010-08-31 15:40    531968    ----a-w-    c:\windows\system32\comctl32.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 09:08    222080    ------w-    c:\windows\system32\MpSigStub.exe
2010-09-15 03:50 . 2010-09-22 15:26    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2010-09-08 09:17 . 2010-09-08 09:17    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-08-04 22:43    38848    ----a-w-    c:\windows\avastSS.scr
2010-09-07 15:11 . 2008-12-24 13:58    167592    ----a-w-    c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2008-12-24 13:58    46672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2008-12-24 13:58    165584    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2008-12-24 13:58    23376    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2008-12-24 13:58    50768    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2008-12-24 13:58    17744    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 16:01 . 2010-10-26 19:43    173056    ----a-w-    c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01 . 2010-10-26 19:43    459776    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01 . 2010-10-26 19:43    541696    ----a-w-    c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01 . 2010-10-26 19:43    2153984    ----a-w-    c:\windows\apppatch\AcGenral.dll
2010-08-17 13:32 . 2010-09-15 14:36    126464    ----a-w-    c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12    1244040    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00    39472    ----a-w-    c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-02 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-29 205744]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-29 103344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\fam. juel krarup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\users\fam. juel krarup\Desktop\LimeWire\LimeWire.exe [2010-8-19 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07    932288    ----a-r-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47    35760    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]

.
Indhold af mappen 'Planlagte Opgaver'

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 20:52]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 20:52]

2010-09-21 c:\windows\Tasks\Norton Security Scan for fam. juel krarup.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-17 07:48]

2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{95F54B9D-BA51-4B44-8545-D94D6DC0ADD7}.job
- c:\windows\system32\msfeedssync.exe [2010-10-15 04:25]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://da.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.

**************************************************************************
scanner skjulte processer ... 

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer:

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,f4,09,67,e1,2f,16,47,b8,55,99,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,f4,09,67,e1,2f,16,47,b8,55,99,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(1684)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxcgcoms.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Gennemført tid: 2010-11-12  23:24:05 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-11-12 22:23

Pre-Kørsel: 72.294.612.992 byte ledig
Post-Kørsel: 72.207.671.296 byte ledig

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - A4AD855283CBA672324141FA89D39471


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:39:20, on 12-11-2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\BR040286.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\fam. juel krarup\Desktop\LimeWire\LimeWire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Users\FAM~1.JUE\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\fam. juel krarup\Desktop\langsom pc fikser\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Users\fam. juel krarup\Desktop\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device -  - C:\Windows\system32\lxcgcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9561 bytes
Avatar billede haverslev Novice
13. november 2010 - 08:50 #1
Med fildelingsprommer, som f.eks Limewire, som du kører med, så beder du selv om at få "snavs" osv. på din maskine.

Afinstaller Limewire i Tilføj/Fjern programmer.

Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Kør Hijackthis, scan, sæt flueben ved følgende, luk alle vinduer undtaget Hijackthis, klik på fix checked, når den er færdig, genstart.

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - Startup: LimeWire On Startup.lnk = C:\Users\fam. juel krarup\Desktop\LimeWire\LimeWire.exe

Kør en ny HiJackThis og smid den nye log herind.
Avatar billede Computer Hjælp (Gratis) Mester
13. november 2010 - 09:39 #2
PS: Det er mere 'rigtigt' at afinstall
* Ask Toolbar
* LimeWire Toolbar
* Yahoo! Toolbar (Eller elsker du den ?)
* Norton Security Scan

---

Desuden mangler du M$ ServicePack2 til Vista -> (32bit) -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d + efterfølgende mange opdateringer fra WindowsUpdate ...
Avatar billede mrlaw Nybegynder
13. november 2010 - 10:16 #3
´haverslev´ og `karise_larry´ jeg gør en god gerning for at forsøge at hjælpe et hold venner,  så både Limewire og de andre ting i foreslog er væk nu. samt opdateringer er på vej.

Men jeg kunne ikke finde denne:

O4 - Startup: LimeWire On Startup.lnk = C:\Users\fam. juel krarup\Desktop\LimeWire\LimeWire.exe

her er en ny log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:03:46, on 13-11-2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\BR040286.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\FAM~1.JUE\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\fam. juel krarup\Desktop\langsom pc fikser\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [BisonInst0402] C:\Windows\BR040286.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device -  - C:\Windows\system32\lxcgcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9028 bytes
Avatar billede Computer Hjælp (Gratis) Mester
13. november 2010 - 11:45 #4
Lidt oprydning ->
---
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

Genstart normalt...

---

Den der SP2 kan godt ta' nogle timer at gennemføre *S* ...

---

Oprydning med CCleaner...

Hvordan kører PC'en så nu ?

---

PS: fore som reason your system denied write access to Host file - hvis du kører HiJackThis med trixet "HøjreMusseTAst - Kør som Administrator...", så vil den ikke brokke sig...
Avatar billede mrlaw Nybegynder
13. november 2010 - 13:28 #5
nu kører det bare...  og dog, jeg synes den læser utroligt meget på HDD


opdateringerne er installeret samt sp2.


det kniber med en vigtig opdatering til powerpoint 2003
den melder fejlkode 80070643, jeg har forsøgt med deres guide til at rette denne fejl, men uden held.  Nogen forslag ??
Avatar billede mrlaw Nybegynder
13. november 2010 - 13:31 #6
Hov !det er powerpoint 2007
Avatar billede Computer Hjælp (Gratis) Mester
13. november 2010 - 14:05 #7
Kør [Microsoft Office Diagnosticering] - findes i start menuen hvor M$ Office 'bor' ...

---

Hvor meget fysisk RAM har du ' dyret' ?
Avatar billede mrlaw Nybegynder
13. november 2010 - 14:18 #8
jeg kan nu ikke lige finde (Microsoft Office Diagnosticering)??

den har 3.00 GB RAM
Avatar billede Computer Hjælp (Gratis) Mester
13. november 2010 - 14:37 #9
[Start] [Programmer] [Microsoft Office] [Microsoft Office værktøjer] [Microsoft Office Diagnosticering]

---

http://office.microsoft.com/assistance/diagnostichelp.aspx?V=12.0.6425.1000

http://office.microsoft.com/da-dk/outlook-help/diagnosticere-og-reparere-fejl-i-office-programmer-der-lukker-ved-en-fejl-ved-brug-af-office-diagnosticering-HA001234076.aspx?CTT=5

http://office.microsoft.com/da-dk/outlook-help/diagnosticere-og-reparere-fejl-i-office-programmer-der-lukker-ved-en-fejl-ved-brug-af-office-diagnosticering-HA001234076.aspx?CTT=5#BM2
Avatar billede mrlaw Nybegynder
24. november 2010 - 22:11 #10
Tak for hjælpen ! det lykkedes at få styr på det nu.
Avatar billede Computer Hjælp (Gratis) Mester
24. november 2010 - 22:18 #11
* Oprydning med CCleaner
* Opret et FRISK SYSTEMGENDANNELSESPUNKT
* CCleaner - værktøjer - Systemgendannelse - Slet de gamle punkter
* Defragmentering


PS: Du skal ikke selv lægge [svar]; er 'reserveret' til (til løsninger og pointgivning) ...
Avatar billede mrlaw Nybegynder
24. november 2010 - 22:35 #12
ok tak, det med kommentar / svar er lidt bøvlet at finde ud af nogen gange :) synes jeg
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 10:45 Microsoft Outlook Af made18 i Andet software
I dag 09:53 Lave et ark med forskellige tekst og billede bokse Af lurup i Word
I går 19:34 Synology NAS Af desist i Andet hardware
I går 12:49 Finder i Mac skal bruge adgangskode ved flytning/kopiering af filer Af CHC i Andet software
I går 10:26 Adgang til BT Af Carl i Mobiltelefoner
White papers
Flere white papers »


Premium
Teaser billede
Er chef for it-afdeling med 250 medarbejdere: Nu rykkes han helt op i direktionen i Jysk med 31.000 ansatte - får ny titel
Læs mere »
Med software kommer opdatering af dansk simulator til at koste 125 millioner kroner
Advarsel: Donald Trumps fiksfakserier kan gøre amerikanske cloud-tjenester knaldende ulovlige i Europa
Netcompany skal modernisere det græske skattesystem: Lander kæmpe-ordre på mere end 500 millioner kroner
Se alle »
Computerworld
Teaser billede
Gratis og helt lovligt: Her kan du læse magasiner og aviser fra hele verden
Læs mere »
Anmeldes til datatilsyn: Disse kinesiske selskaber overfører data til Kina, når du anvender deres løsninger
Test: Hurra - den billigste Mac er nu faktisk også den bedste
Disse vilde sci-fi-visioner er overraskende tæt på at blive til virkelighed: Kan være på vej
Se alle »
CIO
Teaser billede
Region Midtjylland dropper LibreOffice: Flytter 36.000 medarbejdere over på Microsoft 365
Læs mere »
Traf afgørende beslutning i 00'erne: Nu høster Salling Group frugterne af sin ERP-strategi
I dag træder ny stor sikkerhedslov fra EU i kraft: Dora-forordningen er nu gældende lov
Her er de største overraskelser i den danske implementering af NIS2: Det skal du være opmærksom på
Se alle »
Job & Karriere
Teaser billede
Merete Søby klar med nyt top-job efter pludselig exit fra Schultz: Her er hendes nye job
Læs mere »
40 år gammelt dansk it-selskab fusionerer med hollandsk firma og skifter navn
Her er deres månedsløn: Så meget tjener CIO'erne i de danske regioner - den bedst lønnede får mere end digitaliseringsministeren
Dansk headhunter: Dette spørgsmål bliver jeg næsten altid stillet, når jeg forsøger at rekruttere it-folk
Se alle »
White paper
Teaser billede
SAP: Skab værdi og minimér omkostninger med effektiv dokumenthåndtering
Læs mere »
Sæt professionel døgnvagt på din it-infrastruktur
Sådan: Én løsning til compliance, sikkerhed og overblik
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »