Hej har et problem med det der media2 popup

Velkommen til E. ...

Du kunne eksempelvis oplyse om :
Win98, ME, W2000, XP, Vista, Win7, OS/2, Unix, Linux, ... ?

---

Gennemføre denne 'pakke' ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------

jeg har windows xp

Nu har jeg scannet både med malware og hijackthis og her er nogen friske logs ;) den fandt  inficerede objekter med malware.

Håber om i kan finde noge i min logs der skal slettes ..

Malwarebytes' Anti-Malware 1.41
Database version: 3145
Windows 5.1.2600 Service Pack 3

11-11-2009 12:31:57
mbam-log-2009-11-11 (12-31-57).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 153577
Tid tilbagelagt: 21 minute(s), 12 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 4
Inficerede Registeringsdatabase Nøgler: 4
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 5
Inficerede Mapper: 1
Inficerede Filer: 24

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\drmstor32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\AB5.tmp (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\d3dim70032.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\deskperf32.dll (Trojan.Tracur) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05abf97b-a444-4b35-a41c-2feeec7645d2} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{05abf97b-a444-4b35-a41c-2feeec7645d2} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c82697bb697 (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{05abf97b-a444-4b35-a41c-2feeec7645d2} (Trojan.Tracur) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\drmstor32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\drmstor32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\WINDOWS\system32\d3dim70032.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\drmstor32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\AB5.tmp (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\deskperf32.dll (Trojan.Tracur) -> Delete on reboot.
C:\System Volume Information\_restore{D296FE16-C53B-4FE0-9F35-FB03497C6253}\RP31\A0011153.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D296FE16-C53B-4FE0-9F35-FB03497C6253}\RP32\A0012404.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drprov32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\329.crack.zip.kwd (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\330.keygen.zip (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\330.keygen.zip.kwd (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\331.serial.zip (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\331.serial.zip.kwd (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\332.setup.zip (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\332.setup.zip.kwd (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\333.music.au (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\333.music.au.kwd (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\334.music2.au (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\334.music2.au.kwd (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\335.music3.au (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\335.music3.au.kwd (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\336.music4.au (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\LocalService\336.music4.au.kwd (Worm.Archive) -> Delete on reboot.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.

------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:24, on 11-11-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmer\McAfee\Common Framework\UdaterUI.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe
C:\Programmer\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\McAfee\Common Framework\FrameworkService.exe
C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\BullGuard Ltd\BullGuard\BGScan.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\User\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmer\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Programmer\LimeWire\LimeWire.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Programmer\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmer\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send til Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\drmstor32.dll
O20 - Winlogon Notify: c82697bb697 - C:\WINDOWS\System32\drmstor32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Programmer\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Programmer\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10530 bytes

Nøøøj - Malwarebytes fik en del at se til der !!!

Her er årsagen ->
Afinstall
* LIMEWIRE

---

Hvordan kører putteren så nu ?

der popper ikke noget op mere det var skide irreterende når ;) taj for hjælpen

fik du point?

Du tildelte DIG SELV de omtalte 'Point' ...

hvordan overføre jeg dig dem nu her?

Der er mere endnu!!!

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll (Alle linierne)

O20 - AppInit_DLLs: C:\WINDOWS\System32\drmstor32.dll
O20 - Winlogon Notify: c82697bb697 - C:\WINDOWS\System32\drmstor32.dll

Genstart normalt...

------------------------------------------------------------------------

Ta' et check her -> http://kundeservice.tdc.dk/testcenter/

------------------------------------------------------------------------

Ta' en oprydning med CCleaner...

------------------------------------------------------------------------

Lige lidt 'afslutning'/oprydning ->

Med nævnte CCleaner - Værktøjer - Opstart - Disable/Fjern følgende elementer fra din opstart ->
* [Adobe Reader Speed Launcher]
* [NeroFilterCheck]
* [WatchDog]

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

Metoden er forholdsvis simpel. Opret et nyt spørgsmål i samme kategori som det oprindelige spørgsmål og kald det "Point til [brugernavn]" hvor du erstatter [brugernavn] med navnet på den bruger du ønsker skal have point. Husk at skrive et link til spørgsmålet hvor du normalt skriver en længere beskrivelse af dit problem ...

Lidt 'kontra' ordre ->

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll

skal IKKE fixes i HiJackThis ...

Jeg har haft et stædigt vedholdende problem med min putter, der ligner Mihailos. Jeg har prøvet med en del malware/anti virus programmer, de har fundet adskilleligt, men ikke de fordømte sidepanelpopuppere.
Jeg fulgte din procedure og det ser umiddelbart ud til at have virket :-)
Der er garanteret mere, der kan gøres, men det er ikke lige til for novicer at rode med Hijack this.

Tak for hjælpen!

Malwarebytes' Anti-Malware 1.43
Database version: 3494
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05-01-2010 00:05:15
mbam-log-2010-01-05 (00-05-15).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 275894
Tid tilbagelagt: 58 minute(s), 28 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\Windows\System32\BWUnpairElevated32.dll (Trojan.Agent) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\bwunpairelevated32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\bwunpairelevated32.dll -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\Windows\System32\BWUnpairElevated32.dll (Trojan.Agent) -> Delete on reboot.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:12:03, on 05-01-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\marianne\Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dr.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {15DCFB5C-15B3-4355-8EC3-B85BEB6EE96b} - C:\Windows\System32\cofiredm32.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\Windows\TEMP\E_SD276.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\marianne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O15 - Trusted Zone: *.e-boks.dk
O15 - Trusted Zone: *.nemadgang.dk
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,C:\Windows\System32\BWUnpairElevated32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\Windows\System32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 8786 bytes

<Jakobhoy>: Du skal oprette din egen 'tråd' med dit spørgsmål...