CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede thp89 Nybegynder
23. april 2011 - 20:08 Der er 13 kommentarer

hvordan slipper jeg af med den fandens trojaner?

jeg har været så uheldig at få en trojaner på min nye computer, der kører med windows 7, og jeg har, efter mange timers forsøg på at fjerne den, måtte give op.
det er en trojan.generic, jeg har fået, og jeg er ret sikker på, at den forhindrer stort set alle antivirus-programmer i at fungere. desuden er den skyld i irriterende pop-up's og ændrede destinationer i min browser (google chrome).
jeg fandt frem til, at en zmz.exe kunne være problemet, og lukkede derfor processen og slettede filen efter grundigt at have læst div. fora herom. men der er stadig ændrede slutdestinationer i min browser og ingen antivirus-programmer kan starte op. jeg har kørt med windows sikkerhedscenter og får den kendte fejl: "windows sikkerhedscenter kan ikke starte".

håber virkelig, der er nogen derude, der kan hjælpe mig igennem det her.
Avatar billede Computer Hjælp (Gratis) Mester
23. april 2011 - 20:18 #1
Velkommen til E. ...

Gennemfør de procedurer du kan herfra ->

---

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Mht.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator..."

------------------

Ovenstående programmer skal du sansynligvis hente/downloade via en anden PC; overfør til passende andet medie (USB memorystick ell. lign.); og DERFRA køre/installere programmerne på den 'syge' PC ...
Avatar billede chalde Seniormester
23. april 2011 - 21:27 #2
Ovenstående efterfulgt af en god omgang oprydning efter anvisning fra personer med forstand på det kan i mange tilfælde klare det, men det kan ikke garanteres at alt er væk.

Vil du være helt sikker på at alle huller er lukket, så tager du en format + reinstall samt sørger for at få ændret samtlige kodeord til alt hvad du har haft benyttet i mellemtiden samt hvad der kan have været gemt i browsere m.m.
Avatar billede johnstigers Seniormester
23. april 2011 - 22:07 #3
#1 vil sikkert løse dit problem.
Avatar billede thp89 Nybegynder
24. april 2011 - 11:11 #4
Her er log'en fra Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6432

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24-04-2011 10:51:36
mbam-log-2011-04-24 (10-51-36).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 253240
Tid gået: 24 minut(ter), 1 sekund(er)

Hukommelses Processorer Inficeret: 4
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 2
Registreringsdatabaseværdier Inficeret: 4
Registreringsdatabasedata Objekter Inficeret: 1
Inficerede Mapper: 0
Inficerede Filer: 7

Hukommelses Processorer Inficeret:
c:\Users\Teresa\AppData\Roaming\dwm.exe (Trojan.Downloader) -> 2560 -> Unloaded process successfully.
c:\Users\Teresa\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent.Gen) -> 2896 -> Unloaded process successfully.
c:\Users\Teresa\AppData\Local\Temp\csrss.exe (Trojan.Agent.Gen) -> 2592 -> Unloaded process successfully.
c:\Windows\Zfimea.exe (Trojan.Downloader) -> 4388 -> Unloaded process successfully.

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent.Gen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent.Gen) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent.Gen) -> Bad: (C:\Users\Teresa\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\Users\Teresa\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Teresa\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Teresa\AppData\Local\Temp\csrss.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Zfimea.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.



Og her er log'en fra HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:43, on 24-04-2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Teresa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Teresa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Teresa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Teresa\Downloads\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53556
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Teresa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Google] C:\Users\Teresa\AppData\Roaming\GD1.exe
O4 - HKCU\..\Run: [D1T2EUR7FZ] C:\Users\Teresa\AppData\Local\Temp\Zmz.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11427 bytes


håber virkelig i kan få noget ud af det.
Avatar billede thp89 Nybegynder
24. april 2011 - 11:20 #5
Tror jeg har indsat forkert log fra HiJackThis. Dette er den korrekte:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:10, on 24-04-2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Teresa\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53556
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Teresa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Google] C:\Users\Teresa\AppData\Roaming\GD1.exe
O4 - HKCU\..\Run: [D1T2EUR7FZ] C:\Users\Teresa\AppData\Local\Temp\Zmz.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETVÆRKSTJENESTE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11481 bytes
Avatar billede Computer Hjælp (Gratis) Mester
24. april 2011 - 13:01 #6
Selvom MalwareBytes har 'nappet' en del, er der stadig noget utøj tilbage !!!

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

NB: Du må ikke døbe den Combofix.exe, men eksempelvis BANAN.exe

-- Kør så combofix.exe (BANAN.exe), som du hentede tidligere, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

---

(Andre må gerne ta' over herfra ...)
Avatar billede thp89 Nybegynder
24. april 2011 - 16:19 #7
her er logfilen:


ComboFix 11-04-23.02 - Teresa 24-04-2011  15:34:20.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.45.1030.18.4061.2809 [GMT 2:00]
Kører fra: c:\users\Teresa\Downloads\banan.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Teresa\AppData\Roaming\14.0.4734.1000_ProfessionalPlus_volume_ship_x86_en-us_exe.exe
c:\users\Teresa\AppData\Roaming\GD1.exe
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-03-24 til 2011-04-24  )))))))))))))))))))))))))))))))))))
.
.
2011-04-24 13:44 . 2011-04-24 13:44    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-04-24 08:26 . 2011-04-24 08:26    --------    d-----w-    c:\programdata\Malwarebytes
2011-04-24 08:26 . 2010-12-20 16:09    38224    ----a-w-    c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-24 08:26 . 2011-04-24 08:26    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-24 08:26 . 2010-12-20 16:08    24152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-04-24 08:23 . 2011-04-24 08:23    --------    d-----w-    c:\program files\CCleaner
2011-04-23 14:34 . 2011-04-24 09:21    --------    d-----w-    c:\program files (x86)\Panda Security
2011-04-22 19:12 . 2010-09-14 06:45    367104    ----a-w-    c:\windows\system32\wcncsvc.dll
2011-04-22 19:12 . 2010-09-14 06:07    276992    ----a-w-    c:\windows\SysWow64\wcncsvc.dll
2011-04-22 16:48 . 2011-04-22 16:48    --------    d-----w-    c:\program files (x86)\Microsoft Synchronization Services
2011-04-22 16:47 . 2011-04-22 16:47    --------    d-----w-    c:\windows\PCHEALTH
2011-04-22 16:32 . 2011-04-22 16:32    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 8
2011-04-22 16:31 . 2011-04-22 16:31    --------    d-----w-    c:\program files (x86)\Microsoft Analysis Services
2011-04-22 16:28 . 2011-04-22 16:28    106496    --sha-r-    c:\windows\SysWow64\MRINFOA.dll
2011-04-22 16:28 . 2011-04-22 16:28    106496    --sha-r-    c:\windows\SysWow64\lv-LV0.dll
2011-04-22 15:13 . 2011-04-22 15:13    --------    d-----w-    c:\users\Public\CyberLink
2011-04-22 09:12 . 2009-11-25 10:47    99176    ----a-w-    c:\windows\SysWow64\PresentationHostProxy.dll
2011-04-22 09:12 . 2009-11-25 10:47    49472    ----a-w-    c:\windows\SysWow64\netfxperf.dll
2011-04-22 09:12 . 2009-11-25 10:47    297808    ----a-w-    c:\windows\SysWow64\mscoree.dll
2011-04-22 09:12 . 2009-11-25 10:47    295264    ----a-w-    c:\windows\SysWow64\PresentationHost.exe
2011-04-22 09:12 . 2009-11-25 10:47    48960    ----a-w-    c:\windows\system32\netfxperf.dll
2011-04-22 09:12 . 2009-11-25 10:47    1130824    ----a-w-    c:\windows\SysWow64\dfshim.dll
2011-04-22 09:12 . 2009-11-25 10:47    109912    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2011-04-22 09:12 . 2009-11-25 10:47    444752    ----a-w-    c:\windows\system32\mscoree.dll
2011-04-22 09:12 . 2009-11-25 10:47    320352    ----a-w-    c:\windows\system32\PresentationHost.exe
2011-04-22 09:12 . 2009-11-25 10:47    1942856    ----a-w-    c:\windows\system32\dfshim.dll
2011-04-22 09:08 . 2011-02-19 06:37    1135104    ----a-w-    c:\windows\system32\FntCache.dll
2011-04-22 09:08 . 2011-02-19 05:32    1074176    ----a-w-    c:\windows\SysWow64\DWrite.dll
2011-04-22 09:08 . 2011-02-19 06:37    1540608    ----a-w-    c:\windows\system32\DWrite.dll
2011-04-22 09:08 . 2011-02-19 06:36    902656    ----a-w-    c:\windows\system32\d2d1.dll
2011-04-22 09:08 . 2011-02-19 05:32    739840    ----a-w-    c:\windows\SysWow64\d2d1.dll
2011-04-21 10:07 . 2011-04-21 10:07    --------    d-----w-    c:\windows\SysWow64\Wat
2011-04-21 10:07 . 2011-04-21 10:07    --------    d-----w-    c:\windows\system32\Wat
2011-04-21 09:15 . 2010-02-23 08:16    294912    ----a-w-    c:\windows\system32\browserchoice.exe
2011-04-21 07:59 . 2011-04-21 07:59    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2011-04-21 07:50 . 2010-03-04 04:40    184832    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2011-04-21 07:50 . 2010-03-04 04:32    243712    ----a-w-    c:\windows\system32\drivers\ks.sys
2011-04-20 10:36 . 2009-05-18 11:17    34152    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-20 10:36 . 2008-04-17 10:12    126312    ----a-w-    c:\windows\system32\GEARAspi64.dll
2011-04-20 10:36 . 2008-04-17 10:12    107368    ----a-w-    c:\windows\SysWow64\GEARAspi.dll
2011-04-20 10:35 . 2011-04-20 10:35    --------    d-----w-    c:\program files\iPod
2011-04-20 10:35 . 2011-04-20 10:36    --------    d-----w-    c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-04-20 10:35 . 2011-04-20 10:36    --------    d-----w-    c:\program files\iTunes
2011-04-20 10:35 . 2011-04-20 10:36    --------    d-----w-    c:\program files (x86)\iTunes
2011-04-20 10:34 . 2011-04-20 10:34    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-04-20 10:34 . 2011-04-20 10:34    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-04-20 10:34 . 2011-04-20 10:34    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-04-20 10:34 . 2011-04-20 10:34    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-04-20 10:34 . 2011-04-20 10:34    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-04-20 10:34 . 2011-04-20 10:34    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-04-20 10:34 . 2011-04-20 10:34    159744    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-04-20 10:33 . 2011-04-20 10:35    --------    d-----w-    c:\programdata\Apple Computer
2011-04-20 10:33 . 2011-04-20 10:34    --------    d-----w-    c:\program files (x86)\QuickTime
2011-04-20 10:33 . 2011-04-20 10:33    --------    d-----w-    c:\program files (x86)\Apple Software Update
2011-04-20 10:33 . 2011-04-20 10:33    --------    d-----w-    c:\program files\Common Files\Apple
2011-04-20 10:33 . 2011-04-20 10:33    --------    d-----w-    c:\program files (x86)\Bonjour
2011-04-20 10:33 . 2011-04-20 10:33    --------    d-----w-    c:\program files\Bonjour
2011-04-20 10:33 . 2011-04-20 10:35    --------    d-----w-    c:\program files (x86)\Common Files\Apple
2011-04-20 10:33 . 2011-04-20 10:33    --------    d-----w-    c:\programdata\Apple
2011-04-20 05:03 . 2010-11-02 05:12    1837568    ----a-w-    c:\windows\system32\d3d10warp.dll
2011-04-20 05:03 . 2010-11-02 04:35    1170944    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2011-04-20 05:03 . 2010-05-23 08:37    1888256    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2011-04-20 05:03 . 2010-05-23 08:35    4068864    ----a-w-    c:\windows\system32\mf.dll
2011-04-20 05:00 . 2010-12-23 06:07    961024    ----a-w-    c:\windows\system32\CPFilters.dll
2011-04-20 05:00 . 2010-12-23 06:07    723968    ----a-w-    c:\windows\system32\EncDec.dll
2011-04-20 05:00 . 2010-12-23 05:28    642048    ----a-w-    c:\windows\SysWow64\CPFilters.dll
2011-04-20 05:00 . 2010-12-23 05:28    534528    ----a-w-    c:\windows\SysWow64\EncDec.dll
2011-04-20 05:00 . 2010-12-23 06:07    1118720    ----a-w-    c:\windows\system32\sbe.dll
2011-04-20 05:00 . 2010-12-23 06:02    259072    ----a-w-    c:\windows\system32\mpg2splt.ax
2011-04-20 05:00 . 2010-12-23 05:28    850432    ----a-w-    c:\windows\SysWow64\sbe.dll
2011-04-20 05:00 . 2010-12-23 05:24    199680    ----a-w-    c:\windows\SysWow64\mpg2splt.ax
2011-04-20 04:59 . 2011-02-24 06:30    476160    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2011-04-20 04:59 . 2011-02-24 05:32    288256    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-20 04:59 . 2010-08-21 06:31    633856    ----a-w-    c:\windows\system32\comctl32.dll
2011-04-20 04:59 . 2010-08-21 05:33    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
2011-04-20 04:54 . 2011-01-07 07:31    442880    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2011-04-20 04:54 . 2011-01-07 08:07    662528    ----a-w-    c:\windows\system32\XpsPrint.dll
2011-04-20 04:54 . 2011-02-19 04:13    367104    ----a-w-    c:\windows\system32\atmfd.dll
2011-04-20 04:54 . 2011-02-19 03:37    294912    ----a-w-    c:\windows\SysWow64\atmfd.dll
2011-04-20 04:54 . 2009-10-19 14:46    100864    ----a-w-    c:\windows\system32\fontsub.dll
2011-04-20 04:54 . 2009-10-19 14:10    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2011-04-20 04:54 . 2011-02-19 06:36    46080    ----a-w-    c:\windows\system32\atmlib.dll
2011-04-20 04:54 . 2011-02-19 05:32    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2011-04-20 04:51 . 2010-07-29 06:30    82944    ----a-w-    c:\windows\SysWow64\iccvid.dll
2011-04-20 04:50 . 2010-10-12 05:05    35328    ----a-w-    c:\program files\Windows Mail\wabfind.dll
2011-04-20 04:50 . 2010-10-12 05:00    516096    ----a-w-    c:\program files\Windows Mail\wab.exe
2011-04-20 04:50 . 2010-10-12 04:25    516096    ----a-w-    c:\program files (x86)\Windows Mail\wab.exe
2011-04-20 04:48 . 2010-12-18 06:12    3138048    ----a-w-    c:\windows\system32\mstscax.dll
2011-04-20 04:48 . 2010-12-18 05:30    2690560    ----a-w-    c:\windows\SysWow64\mstscax.dll
2011-04-20 04:48 . 2010-12-18 06:08    1097216    ----a-w-    c:\windows\system32\mstsc.exe
2011-04-20 04:48 . 2010-12-18 05:26    1034240    ----a-w-    c:\windows\SysWow64\mstsc.exe
2011-04-20 04:48 . 2011-02-12 06:14    267776    ----a-w-    c:\windows\system32\FXSCOVER.exe
2011-04-20 04:47 . 2010-10-16 05:17    720896    ----a-w-    c:\windows\system32\odbc32.dll
2011-04-20 04:47 . 2010-10-16 05:16    466944    ----a-w-    c:\program files\Common Files\System\ado\msadomd.dll
2011-04-20 04:47 . 2010-10-16 05:16    1425408    ----a-w-    c:\program files\Common Files\System\ado\msado15.dll
2011-04-20 04:47 . 2010-10-16 04:34    573440    ----a-w-    c:\windows\SysWow64\odbc32.dll
2011-04-20 04:47 . 2010-10-16 05:16    495616    ----a-w-    c:\program files\Common Files\System\ado\msadox.dll
2011-04-20 04:47 . 2010-10-16 05:16    258048    ----a-w-    c:\program files\Common Files\System\msadc\msadco.dll
2011-04-20 04:47 . 2010-10-16 04:33    372736    ----a-w-    c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-04-20 04:47 . 2010-10-16 04:33    352256    ----a-w-    c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-04-20 04:47 . 2010-10-16 04:33    987136    ----a-w-    c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-04-20 04:47 . 2010-10-16 04:33    208896    ----a-w-    c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-04-20 04:46 . 2010-08-27 06:14    236032    ----a-w-    c:\windows\system32\srvsvc.dll
2011-04-20 04:46 . 2010-08-27 05:46    9728    ----a-w-    c:\windows\SysWow64\sscore.dll
2011-04-20 04:46 . 2010-12-18 06:11    714752    ----a-w-    c:\windows\system32\kerberos.dll
2011-04-20 04:46 . 2010-12-18 05:29    541184    ----a-w-    c:\windows\SysWow64\kerberos.dll
2011-04-20 04:46 . 2010-03-05 07:52    84992    ----a-w-    c:\windows\system32\asycfilt.dll
2011-04-20 04:46 . 2010-03-05 07:42    67584    ----a-w-    c:\windows\SysWow64\asycfilt.dll
2011-04-20 04:42 . 2010-08-26 05:27    148992    ----a-w-    c:\windows\system32\t2embed.dll
2011-04-20 04:42 . 2010-08-26 04:39    109056    ----a-w-    c:\windows\SysWow64\t2embed.dll
2011-04-20 04:41 . 2010-10-19 08:47    7680    ----a-w-    c:\program files\Internet Explorer\iecompat.dll
2011-04-20 04:41 . 2010-10-19 08:10    7680    ----a-w-    c:\program files (x86)\Internet Explorer\iecompat.dll
2011-04-20 04:37 . 2010-03-04 07:57    2080256    ----a-w-    c:\program files\Windows Mail\msoe.dll
2011-04-20 04:37 . 2010-03-04 07:33    1619968    ----a-w-    c:\program files (x86)\Windows Mail\msoe.dll
2011-04-20 04:37 . 2010-08-04 07:05    288256    ----a-w-    c:\windows\system32\MSNP.ax
2011-04-20 04:37 . 2010-08-04 07:07    552960    ----a-w-    c:\windows\system32\msdri.dll
2011-04-20 04:37 . 2010-08-04 06:15    204288    ----a-w-    c:\windows\SysWow64\MSNP.ax
2011-04-20 04:37 . 2009-12-13 09:46    613888    ----a-w-    c:\windows\system32\psisdecd.dll
2011-04-20 04:37 . 2009-12-13 09:30    465408    ----a-w-    c:\windows\SysWow64\psisdecd.dll
2011-04-20 04:36 . 2010-06-14 06:37    1896832    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2011-04-20 04:36 . 2010-08-21 06:36    340992    ----a-w-    c:\windows\system32\schannel.dll
2011-04-20 04:36 . 2010-08-21 05:36    224256    ----a-w-    c:\windows\SysWow64\schannel.dll
2011-04-20 04:36 . 2011-02-18 06:37    612352    ----a-w-    c:\windows\system32\vbscript.dll
2011-04-20 04:36 . 2011-02-18 05:36    428032    ----a-w-    c:\windows\SysWow64\vbscript.dll
2011-04-20 04:31 . 2010-04-07 07:10    571904    ----a-w-    c:\windows\SysWow64\oleaut32.dll
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08    143360    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
.
c:\users\Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-2-7 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-2-7 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3907764106-1535307355-1108113622-1001Core.job
- c:\users\Teresa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-19 12:30]
.
2011-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3907764106-1535307355-1108113622-1001UA.job
- c:\users\Teresa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-19 12:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52    159744    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49    70656    ----a-w-    c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Yderligere scanning -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:53556
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-Google - c:\users\Teresa\AppData\Roaming\GD1.exe
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Toolbar-Locked - (no file)
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
.
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2011-04-24  16:00:35
ComboFix-quarantined-files.txt  2011-04-24 14:00
.
Pre-Kørsel: 433.501.118.464 byte ledig
Post-Kørsel: 433.390.497.792 byte ledig
.
- - End Of File - - 1DBCDD78DA8348E62EB0937EA6C3CB69
Avatar billede Computer Hjælp (Gratis) Mester
24. april 2011 - 17:28 #8
Bingo - der blev 'nappet' lidt mere utøj ...

Hvordan kører PC'en så nu ?

---

Kommentar iøvrigt ->

Afinstall
* [Google Update]
* Oberon Media Game Console service (?)
* Bonjour tjeneste (Bonjour Service)
* iPod-tjeneste (iPod Service)

---

Du bør (skal) instalere et seriøst Sikkerhedsprogram; jeg kan se 'rester' efter MSE - derfor ->
www.microsoft.com/da-dk/security_essentials/default.aspx

---
Avatar billede thp89 Nybegynder
25. april 2011 - 15:51 #9
tusind tak for al hjælpen ! som det ser ud nu, er der ingen problemer længere. jeg har sågar fået mit sikkerhedsprogram op at køre igen.

igen - tak for hjælpen.
Avatar billede Computer Hjælp (Gratis) Mester
25. april 2011 - 16:08 #10
Tid til oprydning

Klik på START derefter Kør

Skriv/kopier: Combofix    /Uninstall i boxen, og klik OK.

Bemærk mellemrum mellem X og /Uninstall, det skal være der.

Ovennævnte procedure vil:
Slette følgende:
ComboFix og tilhørende filer og mapper.
Nulstille uret indstillinger.
Skjule filtypenavne, hvis det kræves.
Skjule System / Skjulte filer, hvis det kræves.

---

* Oprydning med CCleaner
* Opret et FRISK SYSTEMGENDANNELSESPUNKT
* CCleaner - værktøjer - Systemgendannelse - Slet de gamle punkter
* Defragmentering

---
Avatar billede la-jensen Nybegynder
27. oktober 2011 - 17:30 #11
Hej Karise_Larry, m.fl. Må man slippe en Malwarebyte-log og en HiJackThis kopilogfil ind her, hvis man nu har samme problem som ovenstående herre, thp89? (Trojaner, noget med "Shopper" i titlen.) Eller, er det bedst at oprette en ny tråd, pga pointene, eller hvordan?

Venlig hilsen

Lars H. Jensen
Avatar billede vejmand Juniormester
27. oktober 2011 - 17:43 #12
la-jensen >> Opret et nyt spørgsmål, da tråden ellers bliver forvirrende, med logs fra flere forskellige maskiner.  :-)
Avatar billede la-jensen Nybegynder
27. oktober 2011 - 21:26 #13
Ok - det gør jeg.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
49 min siden Bærbar til Sims 3? Af idamarie i PC
I dag 10:49 Adobe til excel Af densortehingst i Andet software
I dag 09:26 Chrome Af fjorbak i Andet netværk
I går 21:08 Hvor kan man se Alan Turings mekaniske apparat til at løse Enignas koder Af KurtG i Andet hardware
I går 18:46 Kan det passe ;-) Af fjorbak i Routere & Switches
White papers
Flere white papers »


Premium
Teaser billede
Microsoft skyder dele af skylden for CrowdStrike-nedbrud på 15 år gammel EU-aftale
Læs mere »
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Det er blevet kaldt ”det største it-nedbrud i historien” og omkostningerne kan nemt løbe op i syv milliarder kroner: Men hvem skal betale for Crowdstrikes fejl?
Europas største software-leverandør stryger frem på cloud-fronten – men 97 procent af overskuddet er forduftet
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Peter Lüth udlever CTO-drømmen: Bygger et system fra bunden og tjener kassen på det
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
SASE: Træf det rette valg – første gang
Læs mere »
Guide: Sådan udvikler du en moderne netværksstrategi
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »