Kontrol af HiJack Log. grundet popups

Nu siger/skriver en HiJackThis ikke 'alt' ->
---

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

---

Der er også andet 'oprydning' - det senerer...

Ok tak, havde ellers kørt cc cleaner inden Hijack kørsel.
Prøver det andet program.

PS: Du skal ikke selv lægge [svar]; er 'reserveret' til (til løsninger og pointgivning), som der står. Når man ser oversigten over spørgsmål, tror folk at der er lagt løsning/svar og så bliver spørgsmålet sprunget over...

Undskyld det var en fejltagelse da jeg skrev fra min telefon.

Kan man klare sig med den gratis version af Malwarebytes Anti-Malware.

Jeg synes jeg har kørt den før og fået besked på at jeg skal købe den fulde version for rense de inficeret filer.

Azureus burde du nok overveje at fjerne.
Du kender vel farerne ved fildeling...

#5 Gør venligst blot beskrevet. Så tager vi den derfra.

Omkring Azeureus høre jeg gerne nærmere senere da jeg ikke umiddelbart har hørt om risici.

http://www.spywarefri.dk/artikel/farerne-ved-fildeling

Hej
Hermed log over de 2 programmer, jeg har bemærket at der står
følgende:
c:\WINDOWS\Zvyqeb.exe (Trojan.Downloader.VCP) -> 1036 -> No action taken.

Er virus ikke fjernet.



Malwarebytes' Anti-Malware log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6634

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21-05-2011 18:38:41
mbam-log-2011-05-21 (18-38-33).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 630240
Tid gået: 1 time(e), 24 minut(ter), 31 sekund(er)

Hukommelses Processorer Inficeret: 1
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 15
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 5

Hukommelses Processorer Inficeret:
c:\WINDOWS\Zvyqeb.exe (Trojan.Downloader.VCP) -> 1036 -> No action taken.

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\OO1310T0QS (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SNJQ66R8MU (Trojan.FakeAlert.SA) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\idgbn5xehg (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\WINDOWS\Zvyqeb.exe (Trojan.Downloader.VCP) -> No action taken.
c:\system volume information\_restore{43ae11db-f653-415b-bea3-6501c1edfd32}\RP629\A0604453.dll (Trojan.Downloader.VCP) -> No action taken.
c:\documents and settings\edbmi\dokumenter\hentede filer\cucusoft.psp.video.converter.3.16.crack.45064.exe (Trojan.Downloader.VCP) -> No action taken.
c:\WINDOWS\Zvyqea.exe (Trojan.Downloader.VCP) -> No action taken.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.





Hermed HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:10, on 21-05-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\ibmpmsvc.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\windows\system32\svchost.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\Programmer\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\windows\system32\spoolsv.exe
C:\Programmer\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\drivers\trcboot.exe
C:\windows\system32\IPSSVC.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\windows\system32\cisvc.exe
c:\programmer\ibm\personal communications\PCS_AGNT.EXE
C:\Programmer\IBM\SQLLIB\BIN\db2mgmtsvc.exe
C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
c:\windows\system32\DWRCS.exe
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\IBM\Lotus\Notes\nsd.exe
C:\windows\system32\lxeccoms.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\Programmer\HTC\Internet Pass-Through\PassThruSvr.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system32\userinit.exe
C:\Programmer\LENOVO\HOTKEY\tposdsvc.exe
c:\windows\system32\DWRCST.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\windows\Explorer.EXE
C:\Programmer\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\windows\system32\rundll32.exe
C:\windows\system32\TpShocks.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\NILaunch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmer\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Programmer\Lexmark 6300 Series\ezprint.exe
C:\Programmer\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Voddler\service\VNetManager.exe
C:\Programmer\Lexmark 6300 Series\lxcdmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\Lenovo\VIRTSCRL\virtscrl.exe
C:\windows\system32\RUNDLL32.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\IBM\SQLLIB\BIN\db2systray.exe
C:\windows\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\windows\system32\lxcdcoms.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Documents and Settings\edbmi\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programmer\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [lxecmon.exe] "C:\Programmer\Lexmark Pro800-Pro900 Series\lxecmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programmer\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Programmer\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VoddlerNet Manager] C:\Programmer\Voddler\service\VNetManager.exe
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Programmer\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Programmer\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DB2COPY1 - db2systray.exe DB2] C:\Programmer\IBM\SQLLIB\BIN\db2systray.exe DB2
O4 - HKLM\..\Run: [SODCPreLoad] C:\Programmer\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe D:\Programmer\IBM\Lotus\Notes\Data\workspace\.sodc\
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\windows\system32\DWRCST.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\RunOnce: [pcsmig] "C:\Programmer\IBM\Personal Communications\pcsmig.exe" -L (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [pcsmig] "C:\Programmer\IBM\Personal Communications\pcsmig.exe" -L (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-21-332842275-1982490892-4196859005-1009\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'db2admin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [pcsmig] "C:\Programmer\IBM\Personal Communications\pcsmig.exe" -L (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [pcsmig] "C:\Programmer\IBM\Personal Communications\pcsmig.exe" -L (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\edbmi\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.danskebank.dk
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://sea.search.msn.dk
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://sea.search.msn.dk (HKLM)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {3281EA0C-FA5F-4BB9-A5C0-B15F4C2050A9} (xArcUpdate Control) - http://update.i-seven.dk/Update/i-Update.nsf/pg.i7.i-Update.ActiveX/$File/iUpdateControl.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211456645500
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211520261187
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: DB2 - DB2COPY1 - DB2 (DB2) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2DAS - DB2DAS01 (DB2DAS01) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2-ressourcegrænsefunktion (Governor) (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2-licensserver (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: Ekstern DB2-kommandoserver (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - c:\windows\system32\DWRCS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\windows\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Domino Server (CProgrammerLotusDominodata) - IBM Corp - C:\Programmer\Lotus\Domino\nservice.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Programmer\IBM\Lotus\Notes\nsd.exe
O23 - Service: lxcd_device - Unknown owner - C:\windows\system32\lxcdcoms.exe
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe
O23 - Service: lxec_device -  - C:\windows\system32\lxeccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Programmer\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Programmer\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Programmer\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: Vis på skærm (TPHKSVC) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\system32\drivers\trcboot.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: VoddlerNet - Voddler - C:\Programmer\Voddler\service\voddler.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Programmer\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 22543 bytes

"No action taken" er fordi du ikke har gjort som beskrevet.


Altså: Ny scanning, hvorefter flg. udføres:
"Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på [b]"Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen."[/b]
Kopier den nye log herind.

Indlægget blev lidt bøvlet, men meningen er til at forstå.

Det eneste Jeg ikke fik gjort var en opdatering efter at have installeret malware bytes.
Skal Jeg køre malware en gang til.

Du skal gøre som der står.

Så ja, selvfølgelig skal du det.

"Det eneste Jeg ikke fik gjort var en opdatering efter at have installeret malware bytes."

Nej, det fik du gjort :D

Hej
Hvad mener du, Kan du se at malware var opdateret.

Jep: Database version: 6634

Hvor bliver loggen af?

Loggen for mailware samt hijack er med i nit svar fra lør. d. 21. maj 2011 kl. 18:53:53.

Hvad er det du ikke er helt med på?
For at vi skal kunne hjælpe skal du gøre som vi skriver og det har du altså ikke gjort.

Du skal scanne igen og denne gang, vælge Fjern det valgte.
Kopier så loggen herind.

Der er intet af det malwarebytes har fundet der er fjernet.

Du spørger i #10


Svaret er nej. Gør som beskrevet, så fjerner Malwarebytes' Anti-Malware det den har fundet.

Hvis man kikker på "Running processes" er det fjernet.

I forlængelse af teksten du referere til finder også loggen for de 2 programmer.
Kommunikation Kan være meget svær.

Er det udtryk for at virussen er fjernet.

Det har du ret i, for jeg er ikke klar over hvor du vil hen...


Det vil jeg ikke udtale mig om på baggrund af MBAM og HJT. Lad nu john_stigers eller karise_larry fortsætte.

... vi vil - stadig - se loggen fra MalwareBytes, hvor der IKKE står "No action taken"...

Ok Jeg køre en omgang igen

Og den kan miq68 sikkert finde under fanebladet "Logs"

#28 Nej, for han har kun kørt den en gang uden at gør noget :)

#23 ja kommunikation kan være svær. Især når du ikke læser/forstår hvad der står sort på hvidt :D

Den er jeg med på, men jeg er ret sikker på miq68 har gemt loggen inden Malwarebytes blev færdig.
Man skal nemlig være ret "dygtig", hvis man vil forhindre rensning.

Hermed loggene:
Kan du fortælle hvad som muligvis er addware i HiJack filen.

Er der noget jeg kan fjerne.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6641

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22-05-2011 19:34:26
mbam-log-2011-05-22 (19-34-26).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 631150
Tid gået: 1 time(e), 22 minut(ter), 25 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)



Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:45:25, on 23-05-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\ibmpmsvc.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\windows\system32\svchost.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
C:\Programmer\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\windows\system32\spoolsv.exe
C:\Programmer\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\drivers\trcboot.exe
C:\windows\system32\IPSSVC.EXE
c:\programmer\ibm\personal communications\PCS_AGNT.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\windows\system32\cisvc.exe
C:\Programmer\IBM\SQLLIB\BIN\db2mgmtsvc.exe
C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
c:\windows\system32\DWRCS.exe
C:\Programmer\Intel\WiFi\bin\EvtEng.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\IBM\Lotus\Notes\nsd.exe
C:\windows\system32\lxeccoms.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\Programmer\HTC\Internet Pass-Through\PassThruSvr.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\LENOVO\HOTKEY\tposdsvc.exe
c:\windows\system32\DWRCST.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\windows\Explorer.EXE
C:\Programmer\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\windows\system32\rundll32.exe
C:\windows\system32\TpShocks.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\NILaunch.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Programmer\Lexmark 6300 Series\ezprint.exe
C:\Programmer\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Voddler\service\VNetManager.exe
C:\Programmer\Lexmark 6300 Series\lxcdmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\Lenovo\VIRTSCRL\virtscrl.exe
C:\windows\system32\RUNDLL32.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\IBM\SQLLIB\BIN\db2systray.exe
C:\windows\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\windows\system32\lxcdcoms.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Documents and Settings\edbmi\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\windows\system32\cidaemon.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\lotus\notes7\nlnotes.exe
C:\Programmer\lotus\notes7\ntaskldr.EXE
C:\Programmer\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\IBM\SDP75\eclipse.exe
C:\IBM\SDP75\jdk\jre\bin\javaw.exe
C:\windows\system32\cidaemon.exe
C:\IBM\SDP75\runtimes\base_v61\java\bin\java.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Programmer\lotus\notes7\nEvent.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\NOTEPAD.EXE
C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programmer\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [lxecmon.exe] "C:\Programmer\Lexmark Pro800-Pro900 Series\lxecmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Programmer\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Programmer\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VoddlerNet Manager] C:\Programmer\Voddler\service\VNetManager.exe
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Programmer\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Programmer\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DB2COPY1 - db2systray.exe DB2] C:\Programmer\IBM\SQLLIB\BIN\db2systray.exe DB2
O4 - HKLM\..\Run: [SODCPreLoad] C:\Programmer\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090922-1655\preload.exe D:\Programmer\IBM\Lotus\Notes\Data\workspace\.sodc\
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\windows\system32\DWRCST.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\RunOnce: [pcsmig] "C:\Programmer\IBM\Personal Communications\pcsmig.exe" -L (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [pcsmig] "C:\Programmer\IBM\Personal Communications\pcsmig.exe" -L (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-21-332842275-1982490892-4196859005-1009\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'db2admin')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [pcsmig] "C:\Programmer\IBM\Personal Communications\pcsmig.exe" -L (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [pcsmig] "C:\Programmer\IBM\Personal Communications\pcsmig.exe" -L (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\edbmi\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.danskebank.dk
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://sea.search.msn.dk
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://sea.search.msn.dk (HKLM)
O15 - ESC Trusted Zone: http://semnav.semlernet.dk (HKLM)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {3281EA0C-FA5F-4BB9-A5C0-B15F4C2050A9} (xArcUpdate Control) - http://update.i-seven.dk/Update/i-Update.nsf/pg.i7.i-Update.ActiveX/$File/iUpdateControl.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211456645500
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211520261187
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: DB2 - DB2COPY1 - DB2 (DB2) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2DAS - DB2DAS01 (DB2DAS01) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2-ressourcegrænsefunktion (Governor) (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2-licensserver (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: Ekstern DB2-kommandoserver (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\Programmer\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmer\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - c:\windows\system32\DWRCS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\windows\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Domino Server (CProgrammerLotusDominodata) - IBM Corp - C:\Programmer\Lotus\Domino\nservice.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Programmer\IBM\Lotus\Notes\nsd.exe
O23 - Service: lxcd_device - Unknown owner - C:\windows\system32\lxcdcoms.exe
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe
O23 - Service: lxec_device -  - C:\windows\system32\lxeccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Programmer\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmer\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmer\Fælles filer\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmer\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Programmer\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Programmer\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: Vis på skærm (TPHKSVC) - Lenovo Group Limited - C:\Programmer\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\system32\drivers\trcboot.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: VoddlerNet - Voddler - C:\Programmer\Voddler\service\voddler.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Programmer\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe

--
End of file - 23172 bytes

...få jeg stadigvæk Popups.... - er dette da stadig aktuelt ?

Popups fra hvor/hvilket 'program' ?

Jeg får ikke længere popups, men efter at have kørt symantic antivirus program har den fange en virus ved navn 'Bloodhound.MalPE'.

Det har ikke være muligt at fjerne den for antivirus programmet.

... som er placeret hvor ?

c:\system volume information\restore{43aaa

... havde det på fornæmelsen *S*...

* Opret et FRISK SYSTEMGENDANNELSESPUNKT -> http://spywareinfo.dk/index.htm#/tip-og-tricks/opret_et_systemgendannelsespunkt.htm
* CCleaner - værktøjer - Systemgendannelse - Slet de gamle punkter...

Ok.

CCleaner - værktøjer - Systemgendannelse - Slet de gamle punkter...

Hvad vil der ske nå jeg sletter de gamle punkter, er det programmer som bliver fjernet:

Nej det er blot gendannelsespunkter. Og det er der virus ligger gemt nu, derfor skal de slettes.

Så er de gamle punkter slettet efter systemgendannelse, men desværre finder mit virus stadigvæk virus filer i c:\System Volumen Information\_rest

Har du først oprettet et NYT Systemgendannelsespunkt ???

Ja

Prøv dette.

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Kopier nedenstånde med fed skrift ind i feltet "Custom Scans/Fixes"

:files
ipconfig /flushdns /c

:Commands
[resethosts]
[ClearAllRestorePoints]
[Reboot]

Luk alle andre åbne vinduer og klik på "Run Fix"

Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

Ok, prøver det senere på dagen tak.

========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev tømt.
C:\Documents and Settings\administrator\Skrivebord\cmd.bat deleted successfully.
C:\Documents and Settings\administrator\Skrivebord\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.23.0 log created on 05252011_193826

Er der flere forslag eller skal vi lukke tråden.

(Lad lige <f-arn> komme tilbage...)