CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede vesel Juniormester
08. oktober 2011 - 19:28 Der er 22 kommentarer og
1 løsning

Hijackthis logfil

Hej,

er der en hjælpsom sjæl, som vil hjælpe mig her? :-D

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7888

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06-11-2011 23:29:21
mbam-log-2011-11-06 (23-29-21).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 221865
Tid gået: 34 minut(ter), 48 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 9
Registreringsdatabaseværdier Inficeret: 7
Registreringsdatabasedata Objekter Inficeret: 1
Inficerede Mapper: 1
Inficerede Filer: 2

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F158A1E-A687-4A11-9679-B3AC64B86A1C} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FBSearch (PUP.Fbsearch) -> Value: FBSearch -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Value: {C5428486-50A0-4A02-9D20-520B59A9F9B2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Value: {C5428486-50A0-4A02-9D20-520B59A9F9B3} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Value: {C5428486-50A0-4a02-9D20-520B59A9F9B3} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{C5428486-50A0-4a02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Value: {C5428486-50A0-4a02-9D20-520B59A9F9B2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/ (...)) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Inficerede Mapper:
c:\documents and settings\JJJ\application data\dealassistant (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Filer:
c:\programmer\search guard plus\searchguardplus.exe (PUP.Fbsearch) -> Not selected for removal.
c:\documents and settings\JJJ\application data\dealassistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.


ComboFix 11-10-06.03 - JJJ 06-11-2011  23:49:16.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.2047.1443 [GMT 1:00]
Kører fra: c:\documents and settings\JJJ\Skrivebord\Eksperten\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\JJJ\Skrivebord\Eksperten\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\hpe1D1.dll
c:\documents and settings\JJJ\WINDOWS
c:\programmer\3
c:\programmer\3\3Connect\3ConnectHelp.chm
c:\programmer\3\3Connect\AceDB.encrypt
c:\programmer\3\3Connect\AutoUpdateSrv.exe
c:\programmer\3\3Connect\BlackListedDev.cfg
c:\programmer\3\3Connect\BlacklistedProcesses.xml
c:\programmer\3\3Connect\capicom.dll
c:\programmer\3\3Connect\Config.encrypt
c:\programmer\3\3Connect\Config.xml
c:\programmer\3\3Connect\Config_23806.encrypt
c:\programmer\3\3Connect\Config_23806.xml
c:\programmer\3\3Connect\Config_24002.encrypt
c:\programmer\3\3Connect\Config_24002.xml
c:\programmer\3\3Connect\Config_Default.encrypt
c:\programmer\3\3Connect\Config_Default.xml
c:\programmer\3\3Connect\Convert.xsl
c:\programmer\3\3Connect\Dialog.cfg
c:\programmer\3\3Connect\ExeAddOns\SetTcpWindowScaling.exe
c:\programmer\3\3Connect\Flash.ocx
c:\programmer\3\3Connect\Huawei.dll
c:\programmer\3\3Connect\HuaweiE220.dll
c:\programmer\3\3Connect\HuaweiE620.dll
c:\programmer\3\3Connect\InstallHelpers.dll
c:\programmer\3\3Connect\Logger.dll
c:\programmer\3\3Connect\modemcust.cfg
c:\programmer\3\3Connect\modeminfo.cfg
c:\programmer\3\3Connect\Modems\Huawei Modems_v2.93.exe
c:\programmer\3\3Connect\msvcp71.dll
c:\programmer\3\3Connect\msvcr71.dll
c:\programmer\3\3Connect\NDISAPI.dll
c:\programmer\3\3Connect\NDISAPI.log
c:\programmer\3\3Connect\NetworkCodes.cfg
c:\programmer\3\3Connect\OperatorList.xml
c:\programmer\3\3Connect\OperatorList_23806.xml
c:\programmer\3\3Connect\OperatorList_24002.xml
c:\programmer\3\3Connect\Res.dll
c:\programmer\3\3Connect\Roaming\RoamingPrice_23806.ini
c:\programmer\3\3Connect\Roaming\RoamingPrice_24002.ini
c:\programmer\3\3Connect\Skins\FlexSkin\assets\banner.swf
c:\programmer\3\3Connect\Skins\FlexSkin\assets\bec_go_lite.swf
c:\programmer\3\3Connect\Skins\FlexSkin\assets\config.xml
c:\programmer\3\3Connect\Skins\FlexSkin\assets\menu_lite.xml
c:\programmer\3\3Connect\Skins\FlexSkin\assets\signal.swf
c:\programmer\3\3Connect\Skins\FlexSkin\assets\strings.xml
c:\programmer\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_0.png
c:\programmer\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_1.png
c:\programmer\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_2.png
c:\programmer\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_3.png
c:\programmer\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_4.png
c:\programmer\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_5.png
c:\programmer\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_6.png
c:\programmer\3\3Connect\Skins\FlexSkin\assets\tredktab.swf
c:\programmer\3\3Connect\Skins\FlexSkin\assets\tresetab.swf
c:\programmer\3\3Connect\Skins\FlexSkin\assets\tretab.swf
c:\programmer\3\3Connect\Skins\FlexSkin\gui.swf
c:\programmer\3\3Connect\Skins\FlexSkin\modules\guiOverrides.swf
c:\programmer\3\3Connect\Sms.xml
c:\programmer\3\3Connect\SmsApp2.dll
c:\programmer\3\3Connect\SocketMgr.dll
c:\programmer\3\3Connect\SoftOpt.encrypt
c:\programmer\3\3Connect\Strings.txt
c:\programmer\3\3Connect\SysConfig.dat
c:\programmer\3\3Connect\SystemInfo.txt
c:\programmer\3\3Connect\Update\ConfigAup.encrypt
c:\programmer\3\3Connect\Update\ConfigAup.xml
c:\programmer\3\3Connect\Wilog.exe
c:\programmer\3\3Connect\WilogApp.exe
c:\programmer\3\3Connect\WWanDevice.dll
c:\programmer\Search Guard Plus
c:\programmer\Search Guard Plus\FbsSearchProviderIE8.exe
c:\programmer\Search Guard Plus\SearchGuardPlus.exe
c:\programmer\Search Guard Plus\SearchGuardPlus.ico
c:\programmer\Search Guard Plus\uninstalSGP.exe
c:\programmer\Search Guard PlusU
c:\programmer\Search Guard PlusU\SGPU.ico
c:\programmer\Search Guard PlusU\sgpUpdater.exe
c:\programmer\Search Guard PlusU\sgpUpdaters.exe
c:\programmer\Search Guard PlusU\uninstalSGPU.exe
c:\programmer\SGPSA
c:\programmer\SGPSA\BHO.dll
c:\programmer\SGPSA\SeARchassistant.dll
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-10-06 til 2011-11-06  )))))))))))))))))))))))))))))))))))
.
.
2011-11-06 23:05 . 2011-11-06 23:05    56200    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D490D586-9FCC-4F9B-99B5-E7E62A035463}\offreg.dll
2011-11-06 21:28 . 2011-11-06 21:28    --------    d-----w-    c:\documents and settings\JJJ\Application Data\Malwarebytes
2011-11-06 21:28 . 2011-11-06 21:28    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-06 21:28 . 2011-11-06 21:28    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2011-11-06 21:28 . 2011-08-31 16:00    22216    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-11-05 20:07 . 2011-09-12 23:14    7269712    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D490D586-9FCC-4F9B-99B5-E7E62A035463}\mpengine.dll
2011-11-05 20:00 . 2011-11-05 20:00    --------    d-----w-    c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 20:41 . 2011-05-15 21:21    404640    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 23:14 . 2009-03-17 00:06    7269712    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-09 09:11 . 2006-03-02 12:00    602112    ----a-w-    c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43    122512    ----a-w-    c:\programmer\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\programmer\3MobileWiFi\3MobileWiFi" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"type32"="c:\programmer\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\programmer\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"InCD"="c:\programmer\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\programmer\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
hp psc 1000 series.lnk - c:\programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2008-12-11 6144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12-03-2011 01:15 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02-10-2008 20:40 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02-10-2008 20:40 19544]
R2 MBAMService;MBAMService;c:\programmer\Malwarebytes' Anti-Malware\mbamservice.exe [06-11-2011 22:28 366152]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [07-02-2010 20:13 90112]
R2 WinDefend;Windows Defender;c:\programmer\Windows Defender\MsMpEng.exe [03-11-2006 19:19 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06-11-2011 22:28 22216]
S1 SASKUTIL;SASKUTIL;\??\c:\programmer\SUPERAntiSpyware\SASKUTIL.sys --> c:\programmer\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [29-11-2009 16:40 117504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [04-06-2009 21:28 13224]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [26-09-2011 20:32 100992]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [04-06-2009 21:06 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [04-06-2009 21:06 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [04-06-2009 21:06 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [04-06-2009 21:06 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [04-06-2009 21:06 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [04-06-2009 21:06 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [04-06-2009 21:06 117544]
.
Indhold af mappen 'Planlagte Opgaver'
.
2009-01-17 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8220044780.job
- c:\programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
.
2011-11-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmer\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mSearch Bar = hxxp://www.google.com
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - TOMME GENVEJE FJERNET - - - -
.
WebBrowser-{7E26ACD4-2FF0-4A68-8AF1-D91544F90721} - (no file)
HKLM-Run-SGPUpdater - c:\programmer\Search Guard PlusU\sgpUpdaters.exe
HKLM-Run-FBSearch - c:\programmer\Search Guard Plus\SearchGuardPlus.exe
AddRemove-{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} - c:\programmer\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe
AddRemove-DealAssistant - c:\documents and settings\JJJ\Application Data\DealAssistant\dealassistant.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-07 00:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  SGPUpdater = c:\programmer\Search Guard PlusU\sgpUpdaters.exe??o????????????????????????????????????????????????
  FBSearch = c:\programmer\Search Guard Plus\SearchGuardPlus.exe????????????????????????????????????????????????
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'explorer.exe'(2516)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Ahead\InCD\InCDsrv.exe
c:\programmer\Alwil Software\Avast5\AvastSvc.exe
c:\programmer\Sektornet VPN\cvpnd.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\HPZipm12.exe
c:\programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Gennemført tid: 2011-11-07  00:15:16 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-11-06 23:15
.
Pre-Kørsel: 180.883.451.904 byte ledig
Post-Kørsel: 180.933.435.392 byte ledig
.
WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - EA109C9E2234A4BA5B10D346485CC17E


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:28:45, on 07-11-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Sektornet VPN\cvpnd.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ (...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ (...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ (...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Mobile Partner] C:\Programmer\3MobileWiFi\3MobileWiFi
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/ (...)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/ (...)
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/ (...)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/ (...)
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/ (...)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/ (...)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/ (...)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ (...)
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/ (...)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ (...)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/ (...)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/ (...)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Uni-C Sektornet VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Sektornet VPN\cvpnd.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10234 bytes
Avatar billede johnstigers Seniormester
08. oktober 2011 - 19:33 #1
Fra Malwarebytes log:
Inficerede Filer:
c:\programmer\search guard plus\searchguardplus.exe (PUP.Fbsearch) -> Not selected for removal.


Hvorfor er denne fravalgt?
Avatar billede vesel Juniormester
08. oktober 2011 - 19:38 #2
Det ved jeg sørme ikke.....
Avatar billede f-arn Guru
09. oktober 2011 - 11:14 #3
@john_stigers
Prøv at slå PUP op.
Jeg kommenterer ikke længere logs på Eksperten.
Avatar billede johnstigers Seniormester
09. oktober 2011 - 13:08 #4
#3> "Potentially Unwanted Program"

vesel> search guard plus ligger under tilføj/fjern programmer. Fjern det.
Avatar billede vesel Juniormester
09. oktober 2011 - 20:00 #5
Skal jeg fjerne den, køre en gang til og lave en ny log?
Avatar billede vesel Juniormester
09. oktober 2011 - 21:13 #6
-> john

Jeg finder ingen "search guard plus" i tilføj/fjern programmer.
Avatar billede Computer Hjælp (Gratis) Mester
09. oktober 2011 - 21:40 #7
MAPPEN

c:\programmer\search guard plus\

ER blevet slettet af ComboFix...

---

Du bør (skal) opdatere din gamle AcrobatReader
http://get.adobe.com/dk/reader/  (FRAKlik der det Google Halløj...)

---

Oplever du ellers problemer derefter... ???
Avatar billede vesel Juniormester
09. oktober 2011 - 21:45 #8
Når jeg laver en søgning på C:, viser den, at der ligger nogle filer her:

C:\Qboobox\Quarantine\Programmer

men jeg kan ikke åbne dem.
Avatar billede vesel Juniormester
09. oktober 2011 - 21:50 #9
se bort fra #8
Avatar billede vesel Juniormester
09. oktober 2011 - 22:03 #10
AcrobatReader er nu opdateret
Avatar billede Computer Hjælp (Gratis) Mester
09. oktober 2011 - 22:57 #11
---

Oplever du ellers problemer derefter... ???
Avatar billede vesel Juniormester
09. oktober 2011 - 23:05 #12
Jeg er ikke stødt på nogle. :-D

Skulle den være renset og ok nu?
Avatar billede vesel Juniormester
23. oktober 2011 - 10:13 #13
Skal jeg ind og slette noget, før rensningsprocessen er færdig?
Avatar billede Computer Hjælp (Gratis) Mester
23. oktober 2011 - 10:41 #14
Du kan jo lige stikke mig/os en FRISK log fra HiJackThis ...
Avatar billede vesel Juniormester
29. oktober 2011 - 22:51 #15
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:51:26, on 29-10-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Sektornet VPN\cvpnd.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Mobile Partner] C:\Programmer\3MobileWiFi\3MobileWiFi
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmer\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Uni-C Sektornet VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Sektornet VPN\cvpnd.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9722 bytes
Avatar billede Computer Hjælp (Gratis) Mester
29. oktober 2011 - 23:02 #16
Mest oprydnings mæssigt:

Afinstall ->
* Windows Live Toolbar
* PartyGaming\PartyPoker  (Hvis det er der ?)

---

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"

O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

Genstart normalt...

---

Hvordan kører PC'en så nu ?
Avatar billede vesel Juniormester
29. oktober 2011 - 23:14 #17
jeg kan ikke finde

* Windows Live Toolbar
* PartyGaming\PartyPoker

men jeg kan finde noget, der hedder "windows live essentials". Kan det være den?

Og jeg kan ved ikke lukke "hijackthis-vinduet"ned, før jeg har trykket fix?!?!?
Avatar billede vesel Juniormester
29. oktober 2011 - 23:16 #18
aha....sorry, du mente DETTE vindue. :-P
Avatar billede johnstigers Seniormester
29. oktober 2011 - 23:17 #19
* Windows Live Toolbar
* PartyGaming\PartyPoker

Ligger under tilføj/fjern programmer.
Avatar billede vesel Juniormester
29. oktober 2011 - 23:44 #20
De ligger ikkw under tilføj/fjern programmer
Avatar billede vesel Juniormester
22. november 2011 - 09:20 #21
Er der en, der vil kikke på denne?
Avatar billede johnstigers Seniormester
22. november 2011 - 10:52 #22
#20 Jo. Kig igen. Måske ikke helt præcist de navne...
#21 Opret igen = gammelt spørgsmål.
Avatar billede vesel Juniormester
13. januar 2012 - 17:17 #23
......
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
3 min siden Lopslag Af Luffe i Excel
I går 19:15 Personlige indstillinger på Facebook Af nu_igen i Sociale medier
I går 17:56 Bluetooth Højttalersæt Af valby i Andet hardware
I går 16:52 Flextids registrering Af Kenneth Kirsgart i Excel
I går 14:28 Telenor og Iphone skal genstarte ofte Af Carpathia i Mobilnetværk
White papers
Flere white papers »


Premium
Teaser billede
Analyse: Microsoft og Lenovo har fanget den, Dell er med og SAP sakker bagud - sådan har du vurderet alle 50 it-virksomheder
Læs mere »
Efter forbud fra Datatilsynet: Nu ændres data-håndteringen i din kørekort-app
Halter mange år bagefter: Langsom software-udvikling udfordrer kæmpe digitalt løft af Billund Lufthavn
Disse 10 it-virksomheder klarer sig bedst i Computerworlds store image-undersøgelse
Se alle »
Computerworld
Teaser billede
Softwarefirmaet Teamviewer med 640.000 kunder globalt ramt af avanceret hackerangreb
Læs mere »
En pladesaks, 1000W og et Nvidia-grafikkort til 14.000 kroner - sådan opgraderede jeg min pc
Dansk-stiftet ingeniørfirma blev franarret 178 millioner kroner i deepfake-svindel
Test: Endelig en skærm der er god til alt - lige fra gaming og underholdning til kontorbrug
Se alle »
CIO
Teaser billede
Efter stort hackerangreb mod Teamviewer: Stop dine opdateringer og tjek opsætningen nu
Læs mere »
I dag træder nye de regler om registrering af din arbejdstid i kraft: Er du klar?
Frygtet melding: Russiske hackere har stjålet Microsoft-kunders e-mails
Russisk hack af Microsoft er meget større end først antaget
Se alle »
Job & Karriere
Teaser billede
Bo solgte sit software-system for et treciftret millionbeløb: Brugte pengene på at købe 80 medarbejdere til ny storsatsning
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
Kontorer er ofte øde og tomme - især efter frokost og op til ferier: Nu vil Dell give de ansatte farve-stempler efter deres fremmøde
Se alle »
White paper
Teaser billede
SASE: Træf det rette valg – første gang
Læs mere »
Informationshåndtering på frontlinjen: Sådan optimerer du med automatisering
Guide: Sådan udvikler du en moderne netværksstrategi
Unbreakable - sådan sikrer du dig vedvarende og uafbrudt adgang til dine data
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »