Søg
Avatar billede mjl Nybegynder
28. december 2004 - 19:36 Der er 13 kommentarer og
2 løsninger

Hjælp til Hijackthis - tak

En der vil se denne igennem - er den ok, eller...?

Logfile of HijackThis v1.97.7
Scan saved at 19:43:29, on 28-12-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Apache\Apache\Apache.exe
C:\WINNT\System32\svchost.exe
C:\Apache\Apache\Apache.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINNT\system32\CTHELPER.EXE
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Programmer\Fælles filer\Nokia\Services\ServiceLayer.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINNT\tppaldr.exe
C:\WINNT\system32\InfoNT.exe
C:\WINNT\tppnttry.exe
C:\WINNT\system32\fensvc32.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmer\Serv-U\ServUTray.exe
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmer\Privoxy\privoxy.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Programmer\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
C:\Programmer\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Administrator\Skrivebord\HijackThisMappen\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mjldesign.dk/link_portal_2004
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ServiceLayer] C:\Programmer\Fælles filer\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Lamp] C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Sysgate Personal Firewall] win32s.exe
O4 - HKLM\..\Run: [Windows Media] syscont.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] InfoNT.exe
O4 - HKLM\..\Run: [reggsdg] spoolsrv.exe
O4 - HKLM\..\Run: [Fen Startups] fensvc32.exe
O4 - HKLM\..\Run: [Norton Antivirus CCDebug] CCSEVRT.exe
O4 - HKLM\..\RunServices: [Sysgate Personal Firewall] win32s.exe
O4 - HKLM\..\RunServices: [Windows Media] syscont.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] InfoNT.exe
O4 - HKLM\..\RunServices: [reggsdg] spoolsrv.exe
O4 - HKLM\..\RunServices: [Fen Startups] fensvc32.exe
O4 - HKLM\..\RunServices: [Norton Antivirus CCDebug] CCSEVRT.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Programmer\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [Sysgate Personal Firewall] win32s.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] InfoNT.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Privoxy.lnk = C:\Programmer\Privoxy\privoxy.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = C:\Programmer\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = C:\Programmer\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
O4 - Global Startup: BTTray.lnk = C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://c:\programmer\microsoft office\office\excel.exe/3000
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38060.187025463
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
Avatar billede mjl Nybegynder
28. december 2004 - 19:45 #1
Nogen der vil hjælpe?
Avatar billede arlet Juniormester
28. december 2004 - 19:52 #2
ja, jeg tjekker den nu
Avatar billede mjl Nybegynder
28. december 2004 - 19:52 #3
1000 tak!
Avatar billede victor-1 Nybegynder
28. december 2004 - 19:52 #4
Ja da - skulle lige være færdig med aftensmaden *S*

Download og gem denne "engangs" virus-scanner på dit skrivebord - den skal du bruge senere.
http://www.spywareinfo.dk/download/mwav.exe

Udfør følgende:

Åbn en mappe, (lige gyldigt hvilken) klik i menuen øverst oppe på Funktioner > Mappeindstillinger > Vis
Fjern flueben ved "Skjul beskyttede operativsystemfiler" (bare klik <Ok> til en eventuel advarsel)
Fjern flueben ved "Skjul filtypenavne for kendte filtyper"
Sæt prik i "Vis skjulte filer og mapper", tryk Ok og luk mappen.

Kør nu virus-scanneren fra Kaspersky som du hentede i starten (måske skal du også trykke på knappen <Kør> i en "åbn-fil advarsel" fra Windows) og klik derefter på knappen <Unzip>. Nu pakker programmet sig ud til C:\Kaspersky og du skal klikke på knappen <Ok> når det er udpakket, hvorefter programmet starter.
Sæt flueben i følgende:
<Memory>, <Starup Folders>, <Drive>, <Registry>, <System Folders> og <Services>
Sæt prik i følgende:
<All Local Drives> og <Scan All Files>
Klik nu på knappen <Scan Clean>

Derefter genstarter du normalt, scanner med den nyeste version af HijackThis som du finder her http://www.spywarefri.dk/vaerktoj.htm , gemmer loggen og kopierer indholdet af den herind *S*
Avatar billede victor-1 Nybegynder
28. december 2004 - 19:53 #5
Ups - undskyld arlet :-(
Avatar billede arlet Juniormester
28. december 2004 - 19:55 #6
victor-1-> Helt i orden.

mjl ->(som victor-1 skriver) scanner med den nyeste version af HijackThis som du finder her http://www.spywarefri.dk/vaerktoj.htm , gemmer loggen og kopierer indholdet af den herind..

Så tager vi den derfra
Avatar billede mjl Nybegynder
28. december 2004 - 19:57 #7
Logfile of HijackThis v1.99.0
Scan saved at 20:06:59, on 28-12-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Apache\Apache\Apache.exe
C:\WINNT\System32\svchost.exe
C:\Apache\Apache\Apache.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINNT\system32\CTHELPER.EXE
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Programmer\Fælles filer\Nokia\Services\ServiceLayer.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINNT\tppaldr.exe
C:\WINNT\system32\InfoNT.exe
C:\WINNT\tppnttry.exe
C:\WINNT\system32\fensvc32.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmer\Serv-U\ServUTray.exe
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmer\Privoxy\privoxy.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Programmer\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
C:\Programmer\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\InfoNT.exe
C:\WINNT\system32\win32s.exe
C:\WINNT\system32\syscont.exe
C:\WINNT\system32\crss.exe
C:\WINNT\system32\lssas.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\InfoNT.exe
C:\WINNT\system32\win32s.exe
C:\Documents and Settings\Administrator\Skrivebord\HijackThisMappen\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mjldesign.dk/link_portal_2004
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ServiceLayer] C:\Programmer\Fælles filer\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Lamp] C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Sysgate Personal Firewall] win32s.exe
O4 - HKLM\..\Run: [Windows Media] syscont.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] InfoNT.exe
O4 - HKLM\..\Run: [reggsdg] spoolsrv.exe
O4 - HKLM\..\Run: [Fen Startups] fensvc32.exe
O4 - HKLM\..\Run: [Norton Antivirus CCDebug] CCSEVRT.exe
O4 - HKLM\..\Run: [CRSS] C:\WINNT\system32\lssas.exe
O4 - HKLM\..\RunServices: [Sysgate Personal Firewall] win32s.exe
O4 - HKLM\..\RunServices: [Windows Media] syscont.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] InfoNT.exe
O4 - HKLM\..\RunServices: [reggsdg] spoolsrv.exe
O4 - HKLM\..\RunServices: [Fen Startups] fensvc32.exe
O4 - HKLM\..\RunServices: [Norton Antivirus CCDebug] CCSEVRT.exe
O4 - HKLM\..\RunServices: [CRSS] C:\WINNT\system32\lssas.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Programmer\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [Sysgate Personal Firewall] win32s.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] InfoNT.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Privoxy.lnk = C:\Programmer\Privoxy\privoxy.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = C:\Programmer\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = C:\Programmer\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
O4 - Global Startup: BTTray.lnk = C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://c:\programmer\microsoft office\office\excel.exe/3000
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O23 - Service: Apache - Unknown - C:\Apache\Apache\Apache.exe
O23 - Service: Client Runtime Server Subsystem - Unknown - crss.exe lssas.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\NORMAN\Nvc\BIN\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
Avatar billede arlet Juniormester
28. december 2004 - 20:03 #8
Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


O4 - HKLM\..\Run: [Sysgate Personal Firewall] win32s.exe
O4 - HKLM\..\Run: [Windows Media] syscont.exe
O4 - HKLM\..\Run: [Microsoft Synchronization Manager] InfoNT.exe
O4 - HKLM\..\Run: [reggsdg] spoolsrv.exe
O4 - HKLM\..\Run: [Fen Startups] fensvc32.exe
O4 - HKLM\..\Run: [Norton Antivirus CCDebug] CCSEVRT.exe
O4 - HKLM\..\RunServices: [Sysgate Personal Firewall] win32s.exe
O4 - HKLM\..\RunServices: [Windows Media] syscont.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] InfoNT.exe
O4 - HKLM\..\RunServices: [reggsdg] spoolsrv.exe
O4 - HKLM\..\RunServices: [Fen Startups] fensvc32.exe
O4 - HKLM\..\RunServices: [Norton Antivirus CCDebug] CCSEVRT.exe
O4 - HKCU\..\Run: [Sysgate Personal Firewall] win32s.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] InfoNT.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab



Find og slet manuelt i fejlsikret(f8 ved opstart):


C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINNT\system32\InfoNT.exe
C:\WINNT\system32\fensvc32.exe

----------------------------------

Gå i søg og søg efter:
win32s.exe
syscont.exe
spoolsrv.exe
CCSEVRT.exe


--------------------------------------------------

Hent og kør ad-aware herfra: http://www.arlet.dk/spywarescanner.htm
scan hele computeren og slet alt hvad den finder


----------------------------------------------------------

Hent og kør denne scanner fra Kaspersky : http://www.spywareinfo.dk/download/mwav.exe
Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files
Og så trykker du på Scan Clean


----------------------------------------------------------


Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Avatar billede mjl Nybegynder
28. december 2004 - 21:24 #9
Så er det gjort - puh ha - tog sin tid!

Logfile of HijackThis v1.99.0
Scan saved at 21:33:47, on 28-12-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Apache\Apache\Apache.exe
C:\Apache\Apache\Apache.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Fælles filer\Nokia\Services\ServiceLayer.exe
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINNT\tppaldr.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\tppnttry.exe
C:\Programmer\Serv-U\ServUTray.exe
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmer\Privoxy\privoxy.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
C:\Programmer\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINNT\system32\syscont.exe
C:\WINNT\system32\win32s.exe
C:\WINNT\system32\win32s.exe
C:\WINNT\system32\fensvc32.exe
C:\Documents and Settings\Administrator\Skrivebord\HijackThisMappen\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mjldesign.dk/link_portal_2004
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ServiceLayer] C:\Programmer\Fælles filer\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Lamp] C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKLM\..\Run: [Sysgate Personal Firewall] win32s.exe
O4 - HKLM\..\Run: [Windows Media] syscont.exe
O4 - HKLM\..\Run: [Fen Startups] fensvc32.exe
O4 - HKLM\..\RunServices: [Sysgate Personal Firewall] win32s.exe
O4 - HKLM\..\RunServices: [Windows Media] syscont.exe
O4 - HKLM\..\RunServices: [Fen Startups] fensvc32.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Programmer\Serv-U\ServUTray.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Privoxy.lnk = C:\Programmer\Privoxy\privoxy.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = C:\Programmer\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = C:\Programmer\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
O4 - Global Startup: BTTray.lnk = C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://c:\programmer\microsoft office\office\excel.exe/3000
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O23 - Service: Apache - Unknown - C:\Apache\Apache\Apache.exe
O23 - Service: Client Runtime Server Subsystem - Unknown - crss.exe lssas.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\NORMAN\Nvc\BIN\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
Avatar billede arlet Juniormester
28. december 2004 - 21:29 #10
Det har vel også taget sin tid og skrabe så meget skrammel sammen*S*

Fix i hijackthis:

O4 - HKLM\..\Run: [Sysgate Personal Firewall] win32s.exe
O4 - HKLM\..\Run: [Windows Media] syscont.exe
O4 - HKLM\..\Run: [Fen Startups] fensvc32.exe
O4 - HKLM\..\RunServices: [Sysgate Personal Firewall] win32s.exe
O4 - HKLM\..\RunServices: [Windows Media] syscont.exe
O4 - HKLM\..\RunServices: [Fen Startups] fensvc32.exe

genstart og ny log
Avatar billede mjl Nybegynder
28. december 2004 - 21:35 #11
Logfile of HijackThis v1.99.0
Scan saved at 21:45:19, on 28-12-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Apache\Apache\Apache.exe
C:\Apache\Apache\Apache.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINNT\system32\CTHELPER.EXE
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmer\Fælles filer\Nokia\Services\ServiceLayer.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINNT\tppaldr.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmer\Serv-U\ServUTray.exe
C:\WINNT\tppnttry.exe
C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmer\Privoxy\privoxy.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
C:\Programmer\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Programmer\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Administrator\Skrivebord\HijackThisMappen\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mjldesign.dk/link_portal_2004
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ServiceLayer] C:\Programmer\Fælles filer\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Lamp] C:\Programmer\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\tppaldr.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Programmer\Serv-U\ServUTray.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Privoxy.lnk = C:\Programmer\Privoxy\privoxy.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = C:\Programmer\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = C:\Programmer\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
O4 - Global Startup: BTTray.lnk = C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://c:\programmer\microsoft office\office\excel.exe/3000
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.41.18.51/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O23 - Service: Apache - Unknown - C:\Apache\Apache\Apache.exe
O23 - Service: Client Runtime Server Subsystem - Unknown - crss.exe lssas.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown - C:\mysql\bin\mysqld-nt.exe
O23 - Service: Norman API-hooking helper - Unknown - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown - C:\NORMAN\Nvc\BIN\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown - C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown - C:\Norman\NVC\BIN\Zanda.exe
O23 - Service: Norman Virus Control on-access component - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
Avatar billede arlet Juniormester
28. december 2004 - 21:38 #12
Så er din log ren.

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm
Avatar billede mjl Nybegynder
28. december 2004 - 21:38 #13
Jeg forstår ikke hvordan i alverden, jeg har kunnet skrabe dette til mig - der har ikke været noget i lang tid, så skifter jeg ADSL-modem fra det gamle ATM, til det TDC bruger nu, og så starter al balladen....underligt!
Avatar billede mjl Nybegynder
28. december 2004 - 21:38 #14
1000 tak - du er fantastisk!!!!!!
Avatar billede arlet Juniormester
28. december 2004 - 21:42 #15
Velbekommen..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 14:15 PHP Html Af Asky i Programmeringsværktøjer
I går 11:06 Rufus mange muligheder - valg ved install Windows Af Uvanga i Windows
06/0516:53 HTML Af Asky i Programmeringsværktøjer
06/0510:01 Mister internettet efter slumre, Af valby i Windows
05/0513:02 Lille smart tingest Af nu_igen i Fitness & Smartwatches
White papers
Flere white papers »