Notifikationer

Markér alle som læst Log ud

zyp Nybegynder

20. april 2008 - 13:31 Der er 6 kommentarer og
1 løsning

Tjeck af Hijack log mv tak

Min datter har lige fået denne brugte pc af min bror - men den kører noget sløvt - Håber at der er der kan hjælpe, ved at chekke disse logs

ComboFix 08-04-18.3 - xxxxxxxxxxxxx 2008-04-20 10:51:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.52 [GMT 2:00]
Running from: C:\Documents and Settings\xxxxxxxxxxxxxxxx\Skrivebord\eksperten\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.

2008-04-20 11:21 . 2008-04-20 11:21 4,474 --a------ C:\WINDOWS\GATHER.KM
2008-04-20 10:49 . 2008-04-20 10:49 <DIR> d-------- C:\327882R2FWJFW
2008-04-20 09:28 . 2008-04-20 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-20 09:27 . 2008-04-20 09:28 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-04-20 09:27 . 2008-04-20 09:27 <DIR> d-------- C:\Documents and Settings\xxxxxxxxxxxxxx\Application Data\SUPERAntiSpyware.com
2008-04-20 09:26 . <DIR> C:\Programmer\Fælles filer\Wise Installation Wizard
2008-04-20 09:19 . 2008-04-20 09:19 <DIR> d-------- C:\Programmer\Yahoo!
2008-04-20 09:19 . 2008-04-20 09:20 <DIR> d-------- C:\Programmer\CCleaner
2008-04-18 19:00 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-04-18 18:57 . 2008-04-18 18:59 <DIR> d-------- C:\Programmer\Java
2008-04-18 18:56 . <DIR> C:\Programmer\Fælles filer\Java
2008-04-18 16:24 . 2008-04-18 16:24 <DIR> d-------- C:\Programmer\Startup Inspector for Windows
2008-04-18 15:20 . 2008-04-18 15:21 <DIR> d-------- C:\Documents and Settings\Jarl Cordua Nielsen\.housecall6.6
2008-04-18 13:22 . 2008-04-18 13:22 <DIR> d-------- C:\Programmer\ZyXEL Technology Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 11:53 --------- d-----w C:\Documents and Settings\xxxxxxxxxxxxxxxxxx\Application Data\Skype
2008-04-18 11:22 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-18 11:22 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-04-18 11:22 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2008-04-18 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-04-18 08:22 --------- d-----w C:\Programmer\Kodak
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:54 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:54 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:37 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:37 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:37 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 03:53 15360]
"ibmmessages"="C:\Programmer\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 12:10 442368]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard 5.0\BullGuard.exe" [2006-01-16 18:27 98304]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 09:32 69632 C:\WINDOWS\system32\S3Tray2.exe]
"TrackPointSrv"="tp4serv.exe" [2003-11-13 13:12 94208 C:\WINDOWS\system32\tp4serv.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-30 21:03 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-30 20:59 118784]
"TPKMAPHELPER"="C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 04:39 897024]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 05:26 94208]
"TP4EX"="tp4ex.exe" [2002-09-04 11:05 53248 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 12:04 208896]
"UC_Start"="C:\Programmer\IBM\Updater\\ucstartup.exe" [2004-06-26 01:39 36864]
"UC_SMB"="" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 11:05 127035]
"ibmmessages"="C:\Programmer\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 12:10 442368]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-03-19 22:12 90112]
"QCTRAY"="C:\Programmer\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2004-08-18 13:30 708608]
"QCWLICON"="C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 13:30 81920]
"BMMLREF"="C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 11:37 20480]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 11:37 395776]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Atheros Configuration Service"="C:\WINDOWS\system32\acs.exe" [2005-12-14 16:37 36864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 03:53 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-02-05 18:09:56 24576]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
ZyXEL G-270S Utility.lnk - C:\Programmer\ZyXEL Technology Corporation\ZyXEL G-270S Utility\ZyXEL G-270S.exe [2008-04-18 13:22:40 7692288]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2004-08-18 13:30 258048 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\IBM\\Updater\\jre\\bin\\java.exe"=
"C:\\Programmer\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\ZyXEL Technology Corporation\\ZyXEL G-270S Utility\\ZyXEL G-270S.exe"=

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-08-18 13:30]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-08-18 13:30]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-07-29 11:37]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2004-09-24 03:39]
R2 lfmf84nt;Lfmf84nt;C:\WINDOWS\system32\Lfmf84nt.sys [2001-02-23 11:25]
R2 Mfp;Mfp;C:\PROGRA~1\InkLab\mfp.exe [2002-02-06 14:58]
R2 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDCNDIS5.sys [2005-12-14 16:37]
R3 FileSpy5;BullGuard File Monitor;C:\Programmer\BullGuard Software\BullGuard 5.0\filespy5.sys [2005-10-14 16:26]
R3 NBAG723;ZyXEL 802.11a/b/g AG723 Driver;C:\WINDOWS\system32\DRIVERS\Wlanchag.sys [2005-12-14 16:37]
R3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-08-18 13:30]
R3 Reconn;BullGuard Mail Monitor;C:\Programmer\BullGuard Software\BullGuard 5.0\reconn.sys [2004-09-28 18:50]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2003-11-13 13:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bg5 REG_MULTI_SZ BGMainSvc BsFileSpy BsMailProxy BsFirewall

.
Contents of the 'Scheduled Tasks' folder
"2008-03-18 09:12:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2005-02-05 16:29:26 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 11:20:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Programmer\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\QCONSVC.EXE
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-20 11:27:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-20 09:27:20

Pre-Run: 24,413,065,216 byte ledig
Post-Run: 24,398,491,648 byte ledig

166 --- E O F --- 2008-04-18 13:10:43

Logfile of HijackThis v1.99.1
Scan saved at 10:48:16, on 20-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\PROGRA~1\InkLab\mfp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BullGuard Software\BullGuard 5.0\BullGuard.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\xxxxxxxxxxxxxx\Skrivebord\eksperten\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Programmer\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMLREF] C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\RunServices: [Atheros Configuration Service] C:\WINDOWS\system32\acs.exe -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard 5.0\BullGuard.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZyXEL G-270S Utility.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://business.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard 5.0\BullGuardUpdate.exe
O23 - Service: BullGuard Main (BGMainSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard File Monitoring (BsFileSpy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard Firewall (BsFirewall) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: BullGuard Email Monitoring (BsMailProxy) - Unknown owner - C:\WINDOWS\System32\svchost.exe" -k bg5 (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Mfp - Unknown owner - C:\PROGRA~1\InkLab\mfp.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/20/2008 at 10:21 AM

Application Version : 4.0.1154

Core Rules Database Version : 3442
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 00:39:01

Memory items scanned : 166
Memory threats detected : 0
Registry items scanned : 4560
Registry threats detected : 0
File items scanned : 15387
File threats detected : 0

Venligst

Synes godt om

Computer Hjælp (Gratis) Mester

20. april 2008 - 13:35 #1

Jeg ser på den...

Synes godt om

Computer Hjælp (Gratis) Mester

20. april 2008 - 13:40 #2

Ikke noget 'snavs' - mere lidt oprydning (efter min mening...) ->

Synes godt om

Computer Hjælp (Gratis) Mester

20. april 2008 - 13:43 #3

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Mfp - Unknown owner - C:\PROGRA~1\InkLab\mfp.exe

Genstart normalt.

------------------------------------------------------------------------

* Ta' en komplet tur med CCleaner (som du allerede har)

* En diskoprydning

* Defragmentering

* Opret Systemgendannelsespunkt

------------------------------------------------------------------------

* Check komplet WindowsUpdate http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=da

* Check Bullguard opdatering

Synes godt om

zyp Nybegynder

20. april 2008 - 14:33 #4

Tak for chekket
Har du evt. forslag til gratis firewall?

Synes godt om

zyp Nybegynder

20. april 2008 - 15:04 #5

Da jeg gerne vil give point må du også gerne give svar

Synes godt om

Slettet bruger

21. april 2008 - 12:00 #6

Gå i kontrolpanel der burde i kunne se Windows Firewall, den kan I da bruge

Synes godt om

Computer Hjælp (Gratis) Mester

27. april 2008 - 01:11 #7

Ping...
(Det var et [svar]...)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

27/03

Test: Lenovo sover i timen med sin lille og vågne kontorkriger

27/03

Martin er brændt ud efter mange år i den danske it-branche: Nu sælger han huset og kører ud i det blå med hunden Murphy

27/03

Nørgaard: Jeg vil ikke have sådan noget svineri

27/03

Nyt kæmpe datacenter på vej i Esbjerg: Klar til at investere 15 milliarder

27/03

Sådan ser fremtidens arbejdsplads ud ifølge Microsoft: Snart slipper du helt for at læse e-mails og gå til møder

27/03

EU udskyder centrale dele af AI Act: Men it-chefer bør arbejde, som om den stadig træder i kraft

27/03

Finland dropper AWS til centralt it-system: Ministerium trækker i nødbremsen

27/03

Lønnen stiger stabilt: Så meget får de danske it-driftfolk i månedsløn

27/03

Han har tjent millioner på at skabe AI-musik - og få sin egen hær af bots til afspille den på streaming-tjenester: Nu er han dømt

27/03

Science fiction-thrilleren Paradise bliver forlænget med en tredje sæson

27/03

Sådan vil nyuddannede Rune Gram Sand undgå at blive gjort overflødig af AI - her er hans plan

Vis flere artikler

IT-JOB

Netcompany A/S

Managing Architect

Forsvarsministeriets Materiel- og Indkøbsstyrelse

Netværksarkitekt til Forsvarets Cyberdivision i Hvidovre eller Karup

Styrelsen for Danmarks Fængsler

Teknisk Product Owner og projektleder til stort digitaliseringsprojekt i Danmarks Fængsler

Netcompany A/S

Microsoft Operations Engineer

Region Midtjylland

Bliv kontorchef og sæt retning for regionens arbejde med data

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 12:08	Problemer med replay af købte kursusvideoer Af annam i Browsere
I går 11:18	DENVER DVB-tMPEG-4 HD TUNER Af ole falsted i Fjernsyn & projektorer
I går 10:03	Låst D-drev skal genoprettes Af barth i Andet software
27/0313:51	Vest Tysk film - fra 1955 ? - Søges - Navn på film og forfatter har jeg glemt Af Ikke-ekspert i Fri debat
27/0305:41	Messenger kræver kode. Af Per i PC

White papers

Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf
Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta
Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf
Erfaringer fra frontlinjen: Sådan ændrer trusselsbilledet sig
Arctic Wolf

Flere white papers »