HiJack log, på meget langsom computer.

---

Hent og instalér CCleaner www.ccleaner.com/ + www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
www.alt-til-windows.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

http://gratisupload.dk/vis/62873/
http://gratisupload.dk/vis/62874/
http://gratisupload.dk/vis/63036/

--------

Hent Malwarebytes Anti-Malware herfra:
www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7770

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22-09-2011 15:24:39
mbam-log-2011-09-22 (15-24-24).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 225729
Tid gået: 1 time(e), 3 minut(ter), 29 sekund(er)

Hukommelses Processorer Inficeret: 1
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Hukommelses Processorer Inficeret:
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> 1644 -> No action taken.

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> No action taken.
c:\documents and settings\Test\lokale indstillinger\Temp\10C.tmp\kmservice.exe (RiskWare.Tool.CK) -> No action taken.

Efter at have kørt en M-bam, dukkede denne text op på mit skrivebord:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x00000000, pid=2316, tid=4776
#
# JRE version: 6.0_26-b03
# Java VM: Java HotSpot(TM) Client VM (20.1-b02 mixed mode windows-x86 )
# Problematic frame:
# C  0x00000000
#
# If you would like to submit a bug report, please visit:
#  http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

---------------  T H R E A D  ---------------

Current thread (0x16f7cc00):  JavaThread "AWT-Windows" daemon [_thread_in_native, id=4776, stack(0x17330000,0x17380000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000000

Registers:
EAX=0x170de480, EBX=0x00000001, ECX=0x16faf638, EDX=0x00000004
ESP=0x1737fa00, EBP=0x1737fa2c, ESI=0x16f7cd28, EDI=0x16faf638
EIP=0x00000000, EFLAGS=0x00010293

Top of Stack: (sp=0x1737fa00)
0x1737fa00:  6d09cb90 1737fa94 6d09c650 00000000
0x1737fa10:  00000000 00000001 16f7cd28 1737fa04
0x1737fa20:  1737fab0 6d0c04a8 00000001 1737fa58
0x1737fa30:  7e368734 00060532 0000981a 16faf638
0x1737fa40:  00000000 6d09c650 dcbaabcd 00000000
0x1737fa50:  1737fa94 6d09c650 1737fac0 7e368816
0x1737fa60:  6d09c650 00060532 0000981a 16faf638
0x1737fa70:  00000000 1737fb54 1737fb4c 00614ef0

Instructions: (pc=0x00000000)
0xffffffe0: 


Register to memory mapping:

EAX=0x170de480 is an unknown value
EBX=0x00000001 is an unknown value
ECX=0x16faf638 is an unknown value
EDX=0x00000004 is an unknown value
ESP=0x1737fa00 is pointing into the stack for thread: 0x16f7cc00
EBP=0x1737fa2c is pointing into the stack for thread: 0x16f7cc00
ESI=0x16f7cd28 is an unknown value
EDI=0x16faf638 is an unknown value


Stack: [0x17330000,0x17380000],  sp=0x1737fa00,  free space=318k
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  sun.awt.windows.WToolkit.eventLoop()V+0
j  sun.awt.windows.WToolkit.run()V+52
j  java.lang.Thread.run()V+11
v  ~StubRoutines::call_stub

---------------  P R O C E S S  ---------------

Java Threads: ( => current thread )
  0x16f7e800 JavaThread "Thread-16" [_thread_blocked, id=5284, stack(0x17f40000,0x17f90000)]
  0x17046400 JavaThread "Thread-15" [_thread_blocked, id=4236, stack(0x18570000,0x185c0000)]
  0x170e8c00 JavaThread "Timer-2" [_thread_blocked, id=3684, stack(0x17f90000,0x17fe0000)]
  0x170df000 JavaThread "Keep-Alive-Timer" daemon [_thread_blocked, id=5736, stack(0x180d0000,0x18120000)]
  0x16a60c00 JavaThread "thread applet-dk.pbs.applet.bootstrap.BootApplet-1" [_thread_in_native, id=5240, stack(0x17180000,0x171d0000)]
  0x16fa7800 JavaThread "AWT-EventQueue-2" [_thread_in_native, id=4480, stack(0x18030000,0x18080000)]
  0x16fc7800 JavaThread "AWT-Shutdown" [_thread_blocked, id=4448, stack(0x17fe0000,0x18030000)]
  0x16f95c00 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=4416, stack(0x17ef0000,0x17f40000)]
  0x16a7b400 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=4172, stack(0x172e0000,0x17330000)]
  0x16a7b800 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=4168, stack(0x17570000,0x175c0000)]
  0x16f91400 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=3620, stack(0x17520000,0x17570000)]
  0x16f88400 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=6076, stack(0x174d0000,0x17520000)]
  0x16f80c00 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=6044, stack(0x17430000,0x17480000)]
=>0x16f7cc00 JavaThread "AWT-Windows" daemon [_thread_in_native, id=4776, stack(0x17330000,0x17380000)]
  0x16f77000 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=6008, stack(0x17280000,0x172d0000)]
  0x16a8c400 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=5940, stack(0x171d0000,0x17220000)]
  0x16a88800 JavaThread "Timer-0" [_thread_blocked, id=3876, stack(0x17130000,0x17180000)]
  0x16a61c00 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=5728, stack(0x16ea0000,0x16ef0000)]
  0x16a21000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=5844, stack(0x16c70000,0x16cc0000)]
  0x16a1d400 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=5812, stack(0x16c20000,0x16c70000)]
  0x16a19000 JavaThread "Attach Listener" daemon [_thread_blocked, id=3488, stack(0x16bd0000,0x16c20000)]
  0x16a17c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5808, stack(0x16b80000,0x16bd0000)]
  0x16a0b000 JavaThread "Finalizer" daemon [_thread_blocked, id=5192, stack(0x16b30000,0x16b80000)]
  0x16a06800 JavaThread "Reference Handler" daemon [_thread_blocked, id=4500, stack(0x16ae0000,0x16b30000)]
  0x003c8000 JavaThread "main" [_thread_blocked, id=1404, stack(0x00990000,0x009e0000)]

Other Threads:
  0x16a02c00 VMThread [stack: 0x16a90000,0x16ae0000] [id=272]
  0x16a23800 WatcherThread [stack: 0x16cc0000,0x16d10000] [id=4320]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation  total 4864K, used 1862K [0x02a60000, 0x02fa0000, 0x07f00000)
  eden space 4352K,  31% used [0x02a60000, 0x02bb1ad0, 0x02ea0000)
  from space 512K, 100% used [0x02f20000, 0x02fa0000, 0x02fa0000)
  to  space 512K,  0% used [0x02ea0000, 0x02ea0000, 0x02f20000)
tenured generation  total 10880K, used 4436K [0x07f00000, 0x089a0000, 0x12860000)
  the space 10880K,  40% used [0x07f00000, 0x083550d8, 0x08355200, 0x089a0000)
compacting perm gen  total 12288K, used 11623K [0x12860000, 0x13460000, 0x16860000)
  the space 12288K,  94% used [0x12860000, 0x133b9c00, 0x133b9c00, 0x13460000)
No shared spaces configured.

Code Cache  [0x009e0000, 0x00b50000, 0x029e0000)
total_blobs=792 nmethods=580 adapters=147 free_code_cache=32065920 largest_free_block=0

Dynamic libraries:
0x00400000 - 0x00424000     C:\Programmer\Java\jre6\bin\java.exe
0x7c900000 - 0x7c9b4000     C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8fa000     C:\WINDOWS\system32\kernel32.dll
0x77dc0000 - 0x77e6b000     C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f03000     C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000     C:\WINDOWS\system32\Secur32.dll
0x5d060000 - 0x5d086000     C:\WINDOWS\system32\ShimEng.dll
0x71650000 - 0x716c9000     C:\WINDOWS\AppPatch\AcLayers.DLL
0x7e360000 - 0x7e3f1000     C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000     C:\WINDOWS\system32\GDI32.dll
0x7c9c0000 - 0x7d1da000     C:\WINDOWS\system32\SHELL32.dll
0x77c00000 - 0x77c58000     C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000     C:\WINDOWS\system32\SHLWAPI.dll
0x774d0000 - 0x7760e000     C:\WINDOWS\system32\ole32.dll
0x769b0000 - 0x76a65000     C:\WINDOWS\system32\USERENV.dll
0x72fb0000 - 0x72fd6000     C:\WINDOWS\system32\WINSPOOL.DRV
0x76370000 - 0x7638d000     C:\WINDOWS\system32\IMM32.DLL
0x773c0000 - 0x774c3000     C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
0x7c340000 - 0x7c396000     C:\Programmer\Java\jre6\bin\msvcr71.dll
0x6d7f0000 - 0x6da9f000     C:\Programmer\Java\jre6\bin\client\jvm.dll
0x76b30000 - 0x76b5e000     C:\WINDOWS\system32\WINMM.dll
0x6d7a0000 - 0x6d7ac000     C:\Programmer\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000     C:\Programmer\Java\jre6\bin\java.dll
0x76be0000 - 0x76beb000     C:\WINDOWS\system32\PSAPI.DLL
0x6d7e0000 - 0x6d7ef000     C:\Programmer\Java\jre6\bin\zip.dll
0x6d420000 - 0x6d426000     C:\Programmer\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000     C:\Programmer\Java\jre6\bin\deploy.dll
0x77a70000 - 0x77b06000     C:\WINDOWS\system32\CRYPT32.dll
0x77b10000 - 0x77b22000     C:\WINDOWS\system32\MSASN1.dll
0x77110000 - 0x7719b000     C:\WINDOWS\system32\OLEAUT32.dll
0x40b10000 - 0x40bf6000     C:\WINDOWS\system32\WININET.dll
0x16d10000 - 0x16d19000     C:\WINDOWS\system32\Normaliz.dll
0x45540000 - 0x45673000     C:\WINDOWS\system32\urlmon.dll
0x411b0000 - 0x41399000     C:\WINDOWS\system32\iertutil.dll
0x6d6a0000 - 0x6d6e6000     C:\Programmer\Java\jre6\bin\regutils.dll
0x77bf0000 - 0x77bf8000     C:\WINDOWS\system32\VERSION.dll
0x6d600000 - 0x6d613000     C:\Programmer\Java\jre6\bin\net.dll
0x71a80000 - 0x71a97000     C:\WINDOWS\system32\WS2_32.dll
0x71a70000 - 0x71a78000     C:\WINDOWS\system32\WS2HELP.dll
0x6d620000 - 0x6d629000     C:\Programmer\Java\jre6\bin\nio.dll
0x6d000000 - 0x6d14b000     C:\Programmer\Java\jre6\bin\awt.dll
0x5d5a0000 - 0x5d63a000     C:\WINDOWS\system32\comctl32.dll
0x5b250000 - 0x5b288000     C:\WINDOWS\system32\uxtheme.dll
0x746e0000 - 0x7472c000     C:\WINDOWS\system32\MSCTF.dll
0x77b30000 - 0x77b52000     C:\WINDOWS\system32\apphelp.dll
0x75190000 - 0x751be000     C:\WINDOWS\system32\msctfime.ime
0x6d230000 - 0x6d27f000     C:\Programmer\Java\jre6\bin\fontmanager.dll
0x6d1a0000 - 0x6d1c3000     C:\Programmer\Java\jre6\bin\dcpr.dll
0x6d780000 - 0x6d788000     C:\Programmer\Java\jre6\bin\sunmscapi.dll
0x68000000 - 0x68036000     C:\WINDOWS\system32\rsaenh.dll
0x60930000 - 0x60985000     C:\WINDOWS\system32\netapi32.dll
0x71a20000 - 0x71a60000     C:\WINDOWS\System32\mswsock.dll
0x76f10000 - 0x76f37000     C:\WINDOWS\system32\DNSAPI.dll
0x76d50000 - 0x76d69000     C:\WINDOWS\system32\iphlpapi.dll
0x76fa0000 - 0x76fa8000     C:\WINDOWS\System32\winrnr.dll
0x76f50000 - 0x76f7d000     C:\WINDOWS\system32\WLDAP32.dll
0x76fb0000 - 0x76fb6000     C:\WINDOWS\system32\rasadhlp.dll
0x62f70000 - 0x62fc8000     C:\WINDOWS\system32\hnetcfg.dll
0x71a60000 - 0x71a68000     C:\WINDOWS\System32\wshtcpip.dll
0x6d550000 - 0x6d559000     C:\Programmer\Java\jre6\bin\management.dll

VM Arguments:
jvm_args: -D__jvm_launched=1017222576 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Dsun.awt.warmup=true
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid4352_pipe6,read_pipe_name=jpi2_pid4352_pipe5
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\Programmer\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
USERNAME=Test
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 28 Stepping 2, GenuineIntel



---------------  S Y S T E M  ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 2 (1 cores per cpu, 2 threads per core) family 6 model 28 stepping 2, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, ht

Memory: 4k page, physical 1037552k(73512k free), swap 2498684k(1309264k free)

vm_info: Java HotSpot(TM) Client VM (20.1-b02) for windows-x86 JRE (1.6.0_26-b03), built on May  4 2011 00:50:59 by "java_re" with MS VC++ 7.1 (VS2003)

time: Thu Sep 22 14:21:36 2011
elapsed time: 81 seconds

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:51, on 22-09-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\AVG\AVG10\avgfws.exe
C:\Programmer\AVG\AVG10\avgwdsvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Test\Skrivebord\oprydning\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmer\System Control Manager\MSIService.exe
C:\Programmer\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\AVG\AVG10\avgam.exe
C:\Programmer\AVG\AVG10\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\System Control Manager\MGSysCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\AVG\AVG10\avgtray.exe
C:\Documents and Settings\Test\Skrivebord\oprydning\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe
C:\Programmer\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Documents and Settings\Test\Application Data\Dropbox\bin\Dropbox.exe
C:\Programmer\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programmer\AVG\AVG10\avgcsrvx.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Test\Skrivebord\oprydning\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programmer\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programmer\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Programmer\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~1\FLLESF~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [IME14 JPN Setup] C:\PROGRA~1\FLLESF~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
O4 - HKLM\..\Run: [IME14 KOR Setup] C:\PROGRA~1\FLLESF~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /KOR /Log
O4 - HKLM\..\Run: [IME14 CHS Setup] C:\PROGRA~1\FLLESF~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHS /Log
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Documents and Settings\Test\Skrivebord\oprydning\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SRSTrayApp] C:\Programmer\SRS Labs\WOWHD and TSXT Driver\SRSTrayApp.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Test\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmer\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245006396296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257769062765
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Documents and Settings\Test\Skrivebord\oprydning\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Programmer\System Control Manager\MSIService.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Programmer\SRS Labs\WOWHD and TSXT Driver\SRS_PostInstaller.exe

--
End of file - 9922 bytes

Under alle omstændigheder...
Hvad tror du
-> No action taken. betyder i MalwareBytes Loggen ?
Du glemte denne 'detalje'->
Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte"

Såååå - OM igen med MalwareBytes ...

---

...denne kommer på nettet... er det IE der er tale om ???

Den fortalte den fandt tre inficerede objekter efter første scanning. Men da jeg trykkede på fjern valgte, skrev den efterfølgende, no action tacken. Jeg ville forsøge at køre en ny scanning senere, og smide en log en af de nærmeste dage. Ian

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7770

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23-09-2011 12:49:38
mbam-log-2011-09-23 (12-49-37).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 225038
Tid gået: 1 time(e), 23 minut(ter), 13 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

jeg kan se at den efter den første gennemkørsel ahr sat to objekter i karantæne:

Inficerede Filer:
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> Delete on reboot.
c:\documents and settings\Test\lokale indstillinger\Temp\10C.tmp\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

Hukommelses Processorer Inficeret:
c:\WINDOWS\kmservice.exe (RiskWare.Tool.CK) -> 1644 -> Failed to unload process.

Den fandt ingen ting under anden gennemkørsel.. Loggen er smidt i denne tråd.

...denne kommer på nettet... er det IE der er tale om ???

Ja. Det er IE der er tale om. IE8.

Lukket