CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede speedytech Nybegynder
01. september 2008 - 12:36 Der er 12 kommentarer og
1 løsning

Hijack This Log file - total mærkelig computer.

Hej
Her er en HijackThis log.

Jeg kan ikke åbne "joblisten" via "ctrl"+"control"+"delete" - den er lås af administrator.. Jeg er administrator.. Der er ikke nogle "denne computer" + "kør" under start menuen.. Men jeg ka åbne "kør" via "windows key" + "r"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30: VIRUS ALERT!, on 01-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Programmer\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Programmer\DanDomain RemoteBackup\bin\SystemTray.exe
C:\Programmer\CyberLink\PCM4Everio\EverioService.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmer\DanDomain RemoteBackup\aua\bin\AuaObm.exe
C:\Programmer\DanDomain RemoteBackup\aua\jvm\bin\AuaObmJW.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.exe
C:\Programmer\OpenOffice.org 2.3\program\soffice.BIN
C:\Programmer\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft SQL Server\MSSQL$LABEL\Binn\sqlservr.exe
C:\Programmer\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Programmer\DanDomain RemoteBackup\bin\Scheduler.exe
C:\Programmer\DanDomain RemoteBackup\jvm\bin\SchedulerOBM.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Documents and Settings\Administrator\temp\TeamViewer3\TeamViewer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: qalkfxor - {C719AFA9-6F98-44FD-AC37-13789098EBFC} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MVS Splash] "C:\Programmer\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Programmer\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AhsayBackupManager] C:\Programmer\DanDomain RemoteBackup\bin\SystemTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Programmer\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programmer\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkcentre
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208336276734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208350096750
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60D44299-1EC7-45C1-ADA7-160BB8A336EE}: NameServer = 192.168.1.1
O21 - SSODL: pdoskegl - {5646A68F-4E6D-4279-BE20-932018ACAE09} - C:\WINDOWS\pdoskegl.dll
O21 - SSODL: rqbmvpso - {1FCB11E5-6D91-41B7-B45E-195995474DFB} - C:\WINDOWS\rqbmvpso.dll
O23 - Service: AutoUpdateAgent (DanDomain RemoteBackup) (AutoUpdateAgentOBM) - Unknown owner - C:\Programmer\DanDomain RemoteBackup\aua\bin\AuaObm.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Programmer\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Programmer\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: OKI OPHD DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
O23 - Service: OKI OPHG DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHGLDCS.EXE
O23 - Service: Online Backup Scheduler (DanDomain RemoteBackup) (OnlineBackupScheduler) - Unknown owner - C:\Programmer\DanDomain RemoteBackup\bin\Scheduler.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
O23 - Service: System Update (SUService) -  - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe

--
End of file - 9996 bytes
Avatar billede speedytech Nybegynder
01. september 2008 - 12:46 #1
Hej igen

Jeg har lige fjern nogle programmer.. Men computeren siger hele tiden "system alert" , og "antispaware 2008 XP alert" og det kender jeg ikke noget til..

Der kommer også en Spyware Alert. Security Warning! Worm.Win32.netbooster detected on you computer. Den kommer som et windows program popup..

Jeg sender lige enny hijack THIS log..
Avatar billede speedytech Nybegynder
01. september 2008 - 12:52 #2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:40, on 01-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Programmer\DanDomain RemoteBackup\bin\SystemTray.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Programmer\CyberLink\PCM4Everio\EverioService.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmer\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmer\DanDomain RemoteBackup\aua\bin\AuaObm.exe
C:\Programmer\DanDomain RemoteBackup\aua\jvm\bin\AuaObmJW.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft SQL Server\MSSQL$LABEL\Binn\sqlservr.exe
C:\Programmer\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Programmer\DanDomain RemoteBackup\bin\Scheduler.exe
C:\Programmer\DanDomain RemoteBackup\jvm\bin\SchedulerOBM.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\temp\TeamViewer3\TeamViewer.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MVS Splash] "C:\Programmer\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Programmer\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AhsayBackupManager] C:\Programmer\DanDomain RemoteBackup\bin\SystemTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Programmer\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkcentre
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208336276734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208350096750
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60D44299-1EC7-45C1-ADA7-160BB8A336EE}: NameServer = 192.168.1.1
O23 - Service: AutoUpdateAgent (DanDomain RemoteBackup) (AutoUpdateAgentOBM) - Unknown owner - C:\Programmer\DanDomain RemoteBackup\aua\bin\AuaObm.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Programmer\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Programmer\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: OKI OPHD DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
O23 - Service: OKI OPHG DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHGLDCS.EXE
O23 - Service: Online Backup Scheduler (DanDomain RemoteBackup) (OnlineBackupScheduler) - Unknown owner - C:\Programmer\DanDomain RemoteBackup\bin\Scheduler.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: System Update (SUService) -  - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe

--
End of file - 8604 bytes
Avatar billede speedytech Nybegynder
01. september 2008 - 12:54 #3
Hej

Jeg fandt ud af, at ved hjælp af msconfig , at der lå as2008xp.exe som blev startet under opstart.. Den fjernet jeg fluebenet til og jeg kan pludselig komme i joblisten og "kør" mm.. Men jeg tror ikke programmet er fjernet endnu..
Avatar billede nva Praktikant
01. september 2008 - 12:55 #4
Download "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer programmet, start det, lav "fuld systemscanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind. Plus ny log fra HiJackThis.
Avatar billede speedytech Nybegynder
01. september 2008 - 12:56 #5
Jeg har nu slettet denne her mappe - C:\Documents and Settings\All Users\Application Data\Secure Solutions\*.* så jeg tror ikke at det program starter op igen..
Avatar billede nva Praktikant
01. september 2008 - 13:25 #6
Du bør efter min ringe overbevisning alligevel udføre det forslag jeg gav dig -  blandt andet pga. denne:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
Avatar billede speedytech Nybegynder
01. september 2008 - 13:31 #7
Malwarebytes log

Malwarebytes' Anti-Malware 1.25
Database version: 1102
Windows 5.1.2600 Service Pack 2

13:26:28 01-09-2008
mbam-log-09-01-2008 (13-26-28).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 112586
Tid tilbagelagt: 23 minute(s), 13 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 3
Inficerede Registeringsdatabase Nøgler: 14
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 26

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\mlJDsRhh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtUoOGy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uxtsjk.dll (Trojan.Vundo) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{89a102f5-de15-4417-b87f-9dbb392fcf15} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{89a102f5-de15-4417-b87f-9dbb392fcf15} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9505b806-9f2e-4fce-afc5-175d410db89c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9505b806-9f2e-4fce-afc5-175d410db89c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2b532cc-0605-40d4-9659-54b020abcec3} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuoogy (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e2b532cc-0605-40d4-9659-54b020abcec3} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e2b532cc-0605-40d4-9659-54b020abcec3} (Trojan.Vundo) -> Delete on reboot.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mljdsrhh -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljdsrhh  -> Delete on reboot.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\system32\mlJDsRhh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hhRsDJlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhRsDJlm.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxtsjk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtUoOGy.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jmkgntfb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bftngkmj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umimayap.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\payamimu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\ET4KNKX9\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\ET4KNKX9\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\elge.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\pdoskegl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icevgxvq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\okyrovvj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMFuuVO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vfdpjh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rodqgpvlwmk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rvoelbxt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\rqbmvpso.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\qalkfxor.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Foretrukne\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Foretrukne\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Foretrukne\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Avatar billede speedytech Nybegynder
01. september 2008 - 13:32 #8
ny hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:28, on 01-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Programmer\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Programmer\DanDomain RemoteBackup\bin\SystemTray.exe
C:\Programmer\CyberLink\PCM4Everio\EverioService.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmer\DanDomain RemoteBackup\aua\bin\AuaObm.exe
C:\Programmer\DanDomain RemoteBackup\aua\jvm\bin\AuaObmJW.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft SQL Server\MSSQL$LABEL\Binn\sqlservr.exe
C:\Programmer\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Programmer\DanDomain RemoteBackup\bin\Scheduler.exe
C:\Programmer\DanDomain RemoteBackup\jvm\bin\SchedulerOBM.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Documents and Settings\Administrator\temp\TeamViewer3\TeamViewer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MVS Splash] "C:\Programmer\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Programmer\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AhsayBackupManager] C:\Programmer\DanDomain RemoteBackup\bin\SystemTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EverioService] "C:\Programmer\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkcentre
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208336276734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208350096750
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60D44299-1EC7-45C1-ADA7-160BB8A336EE}: NameServer = 192.168.1.1
O23 - Service: AutoUpdateAgent (DanDomain RemoteBackup) (AutoUpdateAgentOBM) - Unknown owner - C:\Programmer\DanDomain RemoteBackup\aua\bin\AuaObm.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Programmer\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Programmer\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: OKI OPHD DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
O23 - Service: OKI OPHG DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHGLDCS.EXE
O23 - Service: Online Backup Scheduler (DanDomain RemoteBackup) (OnlineBackupScheduler) - Unknown owner - C:\Programmer\DanDomain RemoteBackup\bin\Scheduler.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: System Update (SUService) -  - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe

--
End of file - 8716 bytes
Avatar billede Computer Hjælp (Gratis) Mester
01. september 2008 - 13:51 #9
Der ka' du selv se/læse [Malwarebytes' Anti-Malware] fik nappet en hel del snavs!!!
Avatar billede nva Praktikant
01. september 2008 - 13:52 #10
Så ser den ren ud men du kan give den en tur med Ccleaner http://www.spywarefri.dk/manualer/ccleaner-manual.htm og stoppe/starte din systemgendannelse, så du ikke kommer til at gendanne tilbage til et tidspunkt, hvor du havde snavs på maskinen.

Hvordan kører den så nu?
Avatar billede nva Praktikant
01. september 2008 - 13:54 #11
Tillader mig at lægge et svar :)
Avatar billede nva Praktikant
01. september 2008 - 13:55 #12
Nu hvor den er ren skulle du måske beytte lejligheden til at lægge SP3 på.
Avatar billede speedytech Nybegynder
01. september 2008 - 14:02 #13
Jeg vil sige at den store hjælp skete dengang jeg fjernet as2008xp.exe fra opstart.. Men jeg kunne godt se at den fjernet en masse andet.. Jeg siger tak for hjælpen..

Jeg begynder nu at installer SP3, og jeg har fjernet system gendannelse før jeg startet denne her process.. Så den bliver lige aktiveret igen..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Google ser ud til at være malware, lyder advarsel på alle vore mobiler! Af vbr i Virus 9 30/10/202312:12 15/12/202310:17
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 15:30 signalforstærker til trådløs rutrer tænkes brugt til pc næt pc -og MÅSKE TV 4 m borte eller begge Af Novice-1 i Routere & Switches
I dag 11:43 Hvilket styresystem på en gammel Pc ??? Af Jan Post i Andre styresystemer
I dag 07:44 Virus advarsler - falske Af jdann i Backup- & Antivirus
I går 19:32 Formler der blev væk Af Klaus W i Excel
I går 15:22 Hent array key Af nemlig i PHP
White papers
Flere white papers »


Premium
Teaser billede
Her er de nye medlemmer af Statens It-råd: Skal vurdere it-projekter på over 15 millioner kroner
Læs mere »
Antallet af anmeldelser af ulovligt indhold på beskedtjenester stiger: Regeringen skubber ansvaret videre til EU og Belgien
Efter masser af kritik af store prisstigninger: VMware åbner for gratis licenser - ændrer i licens-strukturen
Seks store selskaber med på årets image-liste for første gang: Kæmper alle med lav kendskabsgrad
Se alle »
Computerworld
Teaser billede
Nyopdaget sårbarhed rammer næsten alle VPN'er: Gør dem usikre og nærmest ubrugelige
Læs mere »
Om under en uge går det løs: Pc’en bliver aldrig den samme igen
VPN-test fra virkeligheden: To tjenester som glimrer på hver deres måde
Test: Samsungs nyeste laptop er noget af det tætteste du kommer på en Windows-Macbook
Se alle »
CIO
Teaser billede
Nu begynder den største GDPR-retssag mod dansk myndighed nogensinde: Står over for million-bøde
Læs mere »
Lukker it-systemerne ned i to uger på grund af implementering: Den bedste måde at sikre, at ingen data går tabt
Sådan har Coop sagt farvel til mainframen - sparer et to-cifret millionbeløb årligt på licenser
Hundredevis af selskaber klager over Microsofts licens-policy: Vi er låst fast og bundet
Se alle »
Job & Karriere
Teaser billede
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
Læs mere »
Medarbejderne fik udleveret badetøfler ved indflytningen: Kom med inden for i IBM Danmarks nye topmoderne hovedkontor
Så meget tjener dine kollegaer: Her er alle data fra Computerworlds store it-lønstatistik for 2024
Får du den løn, du fortjener? Få overblikket over hvor meget dine kolleger tjener hver måned
Se alle »
White paper
Teaser billede
Få mere ud af din cloudinfrastruktur og gør op med de konstant stigende omkostninger
Læs mere »
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
Guide: Sådan udvikler du en moderne netværksstrategi
Det behøver ikke at gøre ondt: Sådan gør du livet lettere for kunder med multicloud
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »