CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede TobiasJ95 Nybegynder
27. juli 2012 - 03:33 Der er 18 kommentarer og
1 løsning

Hjælp angående Virus og ETC.

Hej

jeg har på det seneste haft problemer med en meget langsom og sløv computer.

jeg startede bare med at slette nogle gamle programmer som jeg ikke brugte længere, men da det ikke hjalp ville jeg prøve at se om det ville virke at afslutte nogle processer fra proceslinjen ud.

her stødte jeg på 2 processer ved navn "csrss.exe" og "winlogon.exe" og da jeg prøvede at afslutte processerne fik jeg en besked med " adgang nægtet"

jeg surfede lidt og fandt ud af at det skulle være virus med trojansk hest (har virkelig ikke den helt store viden på dette område, så bær venligst over med mig)

jeg spørgner nu jer på eksperten.dk for tips og hjælp.

jeg har sikkerhedsprogrammet "ESET NOD32" og jeg vil gerne høre, om det er et program man kan stole blindt på, og om man kan/skal bruge et andet program.

jeg håber virkelig der er nogle der vil give sig tid til at hjælpe mig, da jeg virkelig er bange for at det skulle (i værste tilfælde) gå ud over mine bank konti.

uanset hvad, tak

Tobias
Avatar billede Chickencry Novice
27. juli 2012 - 08:13 #1
jeg har også den her csrss.exe processor, er det virkelig en virus?
Avatar billede Slettet bruger
27. juli 2012 - 08:18 #2
hent hirens og lav en bootbar cd

boot op på den og bruge eventuelt denne her

se under antivirus tools

de ligger som perler på en snor

start med

Malwarebytes Anti-Malware 1.51.1 (07-12-2011)

http://www.hiren.info/pages/bootcd

du kan starte den op i xp mode så du har billede på ok

lad dewn fjerne hvad den finder




m.v.h
Avatar billede pstidsen Novice
27. juli 2012 - 09:46 #3
Ceres.exe kan sagtens være uskadelig? Den rigtige csrss.exe skal være i mappen c:\windows\system32 og ikke i c:\windows\config. Hvor lægger filen?

Det der sikkerhedsprogram kender eg ikke. Jeg anbefaler personligt Norton,
Avatar billede TobiasJ95 Nybegynder
27. juli 2012 - 19:22 #4
pstidsen: programmet csrss.exe ligger her : (C/Windows/System32)

Så det vil så sige at det skulle være den rigtige csrss.exe
vil det så sige at det er den uskadelige eller skadelige ?

M.V.H
Avatar billede TobiasJ95 Nybegynder
27. juli 2012 - 19:36 #5
og hvad med Winlogon.exe?

det ville jeg også være glad for hvis jeg kunne få hjælp med det :)
Avatar billede Computer Hjælp (Gratis) Mester
27. juli 2012 - 19:56 #6
Du kan jo gennemføre denne 'pakke' ->

Under hvilket system:
Win98, ME, W2000, XP, Vista, Win7, ... ?

---

Hent og instalér CCleaner www.ccleaner.com/ + www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
www.alt-til-windows.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

http://gratisupload.dk/vis/62873/
http://gratisupload.dk/vis/62874/
http://gratisupload.dk/vis/63036/

--------

Hent Malwarebytes Anti-Malware herfra:
www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Mht.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator..."
Avatar billede Chickencry Novice
27. juli 2012 - 20:23 #7
Det her fik jeg ud af at køre en Malwarebyte Full Scan :

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.07.27.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
ChickenCry :: CHICKENCRY-PC [administrator]

Protection: Disabled

27-07-2012 17:12:11
mbam-log-2012-07-27 (17-12-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302816
Time elapsed: 2 hour(s), 48 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 29
C:\Program Files\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 114
C:\Program Files\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\WGASetup.exe (Hacktool.WPA) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Desktop\andet end spil\sony vegas install files\Sony vegas pro 10 crack and keygen\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Desktop\andet end spil\sony vegas install files\Sony vegas pro 10 crack and keygen\SonyVegasPro Patch.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Documents\Vuze Downloads\Malwarebytes.Anti-Malware.PRO.v1.60.0.1800.MULTILINGUAL-CRD\crd.exe (TheftMarker.Crude) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Downloads\ADLSoft_UnCompressor (1).exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Downloads\ADLSoft_UnCompressor (2).exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Downloads\ADLSoft_UnCompressor (3).exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Downloads\ADLSoft_UnCompressor.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Downloads\SoftonicDownloader_for_numlocker.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\fb.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\json.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Program Files\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

(end)
Avatar billede Computer Hjælp (Gratis) Mester
27. juli 2012 - 20:54 #8
Yffer Pyffer ... en masse 'skrammel' som MalwaBytes fik nappet !!!

Status nu ???
Avatar billede f-arn Guru
27. juli 2012 - 22:13 #9
Hmmm...

C:\WGASetup.exe (Hacktool.WPA) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Desktop\andet end spil\sony vegas install files\Sony vegas pro 10 crack and keygen\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Desktop\andet end spil\sony vegas install files\Sony vegas pro 10 crack and keygen\SonyVegasPro Patch.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
C:\Users\ChickenCry\Documents\Vuze Downloads\Malwarebytes.Anti-Malware.PRO.v1.60.0.1800.MULTILINGUAL-CRD\crd.exe (TheftMarker.Crude) -> Quarantined and deleted successfully.
Avatar billede 220661 Ekspert
28. juli 2012 - 09:06 #10
#9 Ja så er man måske også selv ude om at pc bliver sløv ;-)

Den  log ligner en jeg så hos min brors pc.
Og så tænker man bare, hvad med det som Malwarebytes ikke ar fundet af skjulte rootkits og lignende.
Vi valgte at formatere og starte helt forfra (for en sikkerheds skyld).
Avatar billede 220661 Ekspert
28. juli 2012 - 09:08 #11
Tror faktisk også jeg overskrev hele disken også med Killdisk først.
Avatar billede TobiasJ95 Nybegynder
28. juli 2012 - 19:19 #12
Karise_larry: så har jeg fået givet den en tur med malwarebytes. her er loggen

Malwarebytes Anti-Malware (Prøveversion) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tobias :: TOBIAS-PC [administrator]

Beskyttelse: Slået til

28-07-2012 16:34:20
mbam-log-2012-07-28 (16-34-20).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|)
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 527580
Tid gået: 2 time(e), 41 minut(ter), 32 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Dårlig: ("regedit.exe" "%1") God: (regedit.exe "%1") -> Sat i karantæne og erstattet succesfuldt.

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 1
C:\Program Files\Supreme Commander 2\Trainer.exe (HackTool.GamesCheat) -> Sat i karantæne og slettet succesfuldt.

(færdig)
Avatar billede TobiasJ95 Nybegynder
28. juli 2012 - 19:37 #13
og her er min log fra hijackthis så


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:43, on 28-07-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Users\Tobias\Desktop\DIV. programmer\HiJackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=91&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Tobias\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tobias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Lucy's%20Expedition/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Lucy's%20Expedition/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

--
End of file - 12730 bytes


ps. Karise_larry: efter at havet fulgt din guide punkt og prikke har jeg tydeligt kunne mærke en forskel på min computers ydeevne, og på forhånd tusind tak til både dig og i andre som har villet hjælpe.

hvis jeg så venligst kunne få tjekket mine logs for at høre om min pc er iorden, så vil jeg være mere end tilfreds
Avatar billede jensenjs Juniormester
29. juli 2012 - 12:38 #14
csrss er en Windows fil (Under normale omstændigheder)
Men der er flere variationer af trojanere der udgiver sig for at være csrss.
Læs om dem her
http://www.processlibrary.com/directory/files/csrss/26031/


Angående den langsomme PC så vil jeg anbefale samme kur som #10+#11

du har simpelthen for meget skadelig software på maskinen til at du kan bruge den sikkert.
Så en god ide, gen installer med alle de reelle programmer og drivere du har brug for både nu og fremover.
Registrer / Aktiver de programmer du har købt.
Opsæt diverse parametre, genveje, skrivebord og osv.
Lav en backup af system drevet som det skal se ud.
Selvfølgelig på et andet fysisk drev eller en anden partition.

Hvis du så ønsker at fortsætte med de andre programmer, så lav en ny backup enden du installerer tvivlsom software.
Det sparer dig for en masse besvær.
Avatar billede Chickencry Novice
31. juli 2012 - 17:49 #15
Okay så har jeg besluttet mig for at geninstalere windows. vil det sige at den fjerne ALT? Og hvordan laver jeg en backup af det ting og sager jeg ikke vil have slettet såsom FrapsKlips og andre sony vegas ting.
men ved at geninstalere windows vil den fjerne alle de der viruser der ligger i mine processor og gør min pc langsom ik?
Håber snart jeg vil kunne optage noget gameplay igen snart.

Specs :

Corsair Enthusiast Series TX750 V2 - 750W
Antec Nine Hundred Two V3 - ATX Sort
LiteOn iHAS122 - SATA Intern DVD±RW (±R DL) / DVD-RAM Sort
Seagate Barracuda 7200.12 - 3.5&#8243; SATA-600 1TB
XFX Radeon HD 6950 - 2GB
16GB DDR3 1333MHz CL9 Kingston (4x4GB)
Gigabyte GA-990FXA-UD3 (rev. 1.0) - ATX AM3+
Arctic Cooling Freezer 7 Pro Rev2 Multi
AMD Phenom II X6 1090T / 3.2 GHz Processor - 6MB AM3
Avatar billede Computer Hjælp (Gratis) Mester
31. juli 2012 - 17:56 #16
Se #9 - så kan du måske 'lære det'  ;-)
Avatar billede Chickencry Novice
03. august 2012 - 03:48 #17
haha ja det sandt nok jeg er et værre lortehoved!
Avatar billede Chickencry Novice
03. august 2012 - 03:49 #18
Tak for hjælp btw!!!!!
Apreciate it!
Avatar billede TobiasJ95 Nybegynder
08. august 2012 - 17:31 #19
nå jamen tak for hjælpen alle sammen.

for en kort stund så det ud til at min computer kunne få hastigheden tilbage, men nu ser det ud til at det ikke er helt væk endnu :(. så jeg tror sku bare jeg starter helt forfra, og håber på det bedste.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Google ser ud til at være malware, lyder advarsel på alle vore mobiler! Af vbr i Virus 9 30/10/202312:12 15/12/202310:17
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 23:46 Er det journalisten Ole Ryborg? Af ErikHg i Fri debat
I går 21:25 find bestemt indehold i et felt Af gylling i Access
I går 18:08 Firefox adresse fra Firefox ned på proceslinjen Af valby i Windows
I går 14:22 Wake-On-LAN og RDP gennem CGNAT Af bat1234 i Andet netværk
I går 12:10 Fokus på element i Value List lavet i en combobox Af per2edb i Access
White papers
Flere white papers »


Premium
Teaser billede
Seks store selskaber med på årets image-liste for første gang: Kæmper alle med lav kendskabsgrad
Læs mere »
Netcompany i gang med at positionere sig som leverandør af nyt centralnerve-system til det danske forsvar
Sådan har Coop sagt farvel til mainframen - sparer et to-cifret millionbeløb årligt på licenser
Microsofts samlede udslip af drivhus-gasser buldrer i vejret: Er steget med 29 procent på blot tre år
Se alle »
Computerworld
Teaser billede
Nyopdaget sårbarhed rammer næsten alle VPN'er: Gør dem usikre og nærmest ubrugelige
Læs mere »
Om under en uge går det løs: Pc’en bliver aldrig den samme igen
Guide: Sådan surfer du under hackernes radarer – via en VPN-forbindelse
Opdater din browser med det samme: Stor sårbarhed rammer Chrome og en række andre browsere
Se alle »
CIO
Teaser billede
Nu begynder den største GDPR-retssag mod dansk myndighed nogensinde: Står over for million-bøde
Læs mere »
Lukker it-systemerne ned i to uger på grund af implementering: Den bedste måde at sikre, at ingen data går tabt
Hundredevis af selskaber klager over Microsofts licens-policy: Vi er låst fast og bundet
Oracle er eneste mulighed: Region Sjælland tvunget til at indgå million-aftale uden konkurrence
Se alle »
Job & Karriere
Teaser billede
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
Læs mere »
Knap 40 procent af disse it-folk tjener tjener mindst 57.000 kroner om måneden
Medarbejderne fik udleveret badetøfler ved indflytningen: Kom med inden for i IBM Danmarks nye topmoderne hovedkontor
Så meget tjener dine kollegaer: Her er alle data fra Computerworlds store it-lønstatistik for 2024
Se alle »
White paper
Teaser billede
Sådan høster du forretningsfordelene ved Internet of Things
Læs mere »
SASE: Træf det rette valg – første gang
Det behøver ikke at gøre ondt: Sådan gør du livet lettere for kunder med multicloud
Få mere ud af din cloudinfrastruktur og gør op med de konstant stigende omkostninger
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »