Søg
Avatar billede hearnz Nybegynder
02. marts 2009 - 20:02 Der er 3 kommentarer og
1 løsning

vil gerne have efterset hijack log efter virus.

Hej exp's..

Jeg har lige haft min bærbare på nettet for første gang i et halvt år ca. Logisk nok var hverken windows eller antivirus opdateret og maskinen blev straks sløv. Kørte en fin guide som skulle fjerne al virus/malware..men vil alligevel meget gerne have en af jer til at kigge min log igennem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:32, on 02-03-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Programmer\Network Associates\VirusScan\vstskmgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\PostgreSQL\8.3\bin\postgres.exe
C:\Programmer\PostgreSQL\8.3\bin\postgres.exe
C:\Programmer\PostgreSQL\8.3\bin\postgres.exe
C:\Programmer\PostgreSQL\8.3\bin\postgres.exe
C:\Programmer\PostgreSQL\8.3\bin\postgres.exe
C:\Programmer\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Fælles filer\Network Associates\TalkBack\tbmon.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programmer\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Programmer\IC Media Corp\ICM532\Launchpad.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Programmer\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = xxx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = xxx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = xxx
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = xxx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmer\Fælles filer\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmer\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-21-899655842-942587650-411072931-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-21-899655842-942587650-411072931-1007\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Launchpad.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programmer\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programmer\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - E:\Denne HD\installerede programmer\party\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - E:\Denne HD\installerede programmer\party\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Denne HD\installerede programmer\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/dk/da
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FF6C8EF-9DA1-4758-9591-7413BC8D37BF}: NameServer = 80.251.201.177 80.251.201.178
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programmer\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe

--
End of file - 15528 bytes


På forhånd tak.

Hearnz
Avatar billede Computer Hjælp (Gratis) Mester
02. marts 2009 - 20:16 #1
Jeg går ud fra at du har FULD WindowsUpdate + FULD opdatering af dit Sikkerhedsprogram ?

Og at [Malwarebytes] (opdateret) ikke viste noget/har fixet noget ?

--------------
Mest lidt oprydning - efter min mening...

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"

O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programmer\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programmer\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - E:\Denne HD\installerede programmer\party\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - E:\Denne HD\installerede programmer\party\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - E:\Denne HD\installerede programmer\Bodog Poker\BPGame.exe (file missing)

O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe

Genstart normalt...

------------------------------------------------------------------------


Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
http://www.ccleaner.com/download/builds/downloading-slim
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.

http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

---------

Hvordan kører PC'en så nu ?

------------------------------------------------------------------------

PS:
Opdatér JAVA ->
http://www.java.com/en/download/download_the_latest.jsp
Opdatér AcrobatReader ->
http://www.adobe.dk/products/acrobat/readstep2.html
Opdatér Macromedia Flash Player ->
http://get.adobe.com/flashplayer/ (FRAKLIK GoogleToolbar!)
Avatar billede hearnz Nybegynder
02. marts 2009 - 20:32 #2
Jeps windows er fuldt opdateret og det samme er mit antivirus. Jeg har kørt en disinfection guide og har også log fra malwarebytes og et par andre programmer.
Kan lige poste dem her imens jeg prøver det du har skrevet.

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 3

02-03-2009 14:39:07
mbam-log-2009-03-02 (14-39-07).txt

Skan type: Hurtig skanning
Objekter skannet: 80417
Tid tilbagelagt: 5 minute(s), 55 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\splash.exe (Trojan.Agent) -> Quarantined and deleted successfully.


----------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/02/2009 at 03:47 PM

Application Version : 4.25.1014

Core Rules Database Version : 3780
Trace Rules Database Version: 1738

Scan type      : Complete Scan
Total Scan Time : 00:51:21

Memory items scanned      : 802
Memory threats detected  : 0
Registry items scanned    : 7564
Registry threats detected : 0
File items scanned        : 32627
File threats detected    : 2

Adware.Tracking Cookie
    C:\Documents and Settings\TEK\Cookies\tek@doubleclick[1].txt
    C:\Documents and Settings\TEK\Cookies\tek@tribalfusion[1].txt

-----------------------------------------------------------------------------------------

BitDefender Online Scanner
 
 

Scan report generated at: Mon, Mar 02, 2009 - 19:22:40


 
 

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;
 
 


 
 

Statistics

Time
03:07:29

Files
637085

Folders
16661

Boot Sectors
0

Archives
13546

Packed Files
23497

 
 

Results

Identified Viruses
8

Infected Files
14

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
14

 
 

Engines Info

Virus Definitions
2697114

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4

 
 

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions
 

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

 
 

  Scanned File
  Status

C:\Programmer\Alcohol Soft\Alcohol 120\blz-a120_1954212-patch.exe
Infected with: Virtool.4623

C:\Programmer\Alcohol Soft\Alcohol 120\blz-a120_1954212-patch.exe
Deleted

C:\quarantine\asx-aoe3.rar.Vir=>Resource_Trainer\GameHook.dll
Infected with: Trojan.Small.FP

C:\quarantine\asx-aoe3.rar.Vir=>Resource_Trainer\GameHook.dll
Deleted

C:\quarantine\asx-aoe3.rar.Vir
Update failed

C:\quarantine\asx-aoe3.rar.Vir=>Resource_Trainer\Main.exe
Infected with: Trojan.Small.FP

C:\quarantine\asx-aoe3.rar.Vir=>Resource_Trainer\Main.exe
Deleted

C:\quarantine\asx-aoe3.rar.Vir
Update failed

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Matrix.class
Infected with: Java.Trojan.Downloader.OpenStream.C

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Matrix.class
Disinfection failed

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Matrix.class
Deleted

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir
Update failed

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Counter.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Counter.class
Disinfection failed

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Counter.class
Deleted

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir
Update failed

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Dummy.class
Disinfection failed

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Dummy.class
Deleted

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir
Update failed

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Parser.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Parser.class
Disinfection failed

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir=>Parser.class
Deleted

C:\quarantine\loaderadv644.jar-73aef3bc-1ca18c19.zip.Vir
Update failed

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>VaaaaaaaBaa.class
Infected with: Trojan.Java.Classloader.AO

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>VaaaaaaaBaa.class
Deleted

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir
Update failed

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Dvnny.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Dvnny.class
Disinfection failed

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Dvnny.class
Deleted

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir
Update failed

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Baaaaa.class
Infected with: Java.Trojan.Exploit.Bytverify.I

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Baaaaa.class
Deleted

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir
Update failed

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Dex.class
Infected with: Trojan.Classloader.G

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Dex.class
Deleted

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir
Update failed

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Dix.class
Infected with: Trojan.Java.ClassLoader.D

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Dix.class
Deleted

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir
Update failed

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Dux.class
Infected with: Trojan.Java.ClassLoader.D

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir=>Dux.class
Deleted

C:\quarantine\statistic.jar-16a246c7-52a37a4f.zip.Vir
Update failed

C:\System Volume Information\_restore{FFE3DD74-AB25-4E7C-BFB9-A7F203C9FB2A}\RP586\A0171272.exe
Infected with: Virtool.4623
-------------------------------------------------------------

tak for hjælpen indtil vidre..

prøver lige det du har skrevet og vender tilbage
Avatar billede hearnz Nybegynder
02. marts 2009 - 21:03 #3
ok har fixet i hijack og fjernet problemerne med ccleaner. Dog kører min maskine stadig af H... til. Men det er nok bare fordi det er en IBM laptop aka bloatware kasse :( Men det kræver jo en doktorgrad at fjerne de ting man ikke bruger og stadig bibeholde dem man bruger...

smid alligevel et svar hvis du ikke har mere at tilføje, så er points dine.
Avatar billede Computer Hjælp (Gratis) Mester
02. marts 2009 - 22:31 #4
Jeg ka' ikke nå mere fra min side...

(Andre må gerne tilføje?)

Ellers et [svar]...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:50 Ingen forb. fra ny pc'er til printer Af arnel i Printere
I dag 13:24 Stempel ur start og stop Af lurup i Excel
21/0300:56 3 skærme 27 Af bbm i Skærme
20/0316:18 "gratis" "reklamefri" hjemmeside -næsten --som man kan lave i søvne : Af Novice-1 i Andet software
19/0316:52 Proxy router/server Af joki i Routere & Switches
White papers
Flere white papers »