Søg
Avatar billede mortenhartmann Nybegynder
29. december 2004 - 17:50 Der er 9 kommentarer og
1 løsning

hjælp til problem/HijackThis

Hej

Jeg har nogle problemer med min com, når den starter op. Den starter fint op, men når den når det til hvor ikonerne skulle komme frem på skærmen, er det eneste der kommer fram mit baggrundsbillede. Så står den sådan i ca et par min., hvor man kan hører at com arbejder helt vildt og så kommer ikonerne så frem. Den gør det også selvom at kcom har kørt i lang tid. hvis jeg fx ser en film eller hører musik på som vil den ikke lukke det ned når jeg er færdig. Det hele fryser ligesom fast, men når jeg trykker "CTRL, ALT & DELITE" er det ligesom den kommer i gang igen og kører videre.

Hvad kan det være??? Kan det være noget virus som mit antivirus ikke kan finde(bruger AVG). Jeg har prøvet at lave Diskdefragmentering, køre ad-aware og spybot men det hjalp ikke.

Her er min HijackThis:
Avatar billede andersenph Nybegynder
29. december 2004 - 17:56 #1
Ja kom du bare med den ;O)
Avatar billede mortenhartmann Nybegynder
29. december 2004 - 17:59 #2
Sorry, her er så min HijackThis:

Logfile of HijackThis v1.98.2
Scan saved at 17:02:26, on 29-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\vf18\iswxsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Programmer\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\burndl32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
E:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
E:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Gallup Interactive\NetBehaviour\NetBehaviour.exe
C:\WINDOWS\system32\wuauclt.exe
E:\PROGRAMMER\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\DOCUME~1\Morten\LOKALE~1\Temp\Rar$EX00.032\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Programmer\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Programmer\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [JSAParental] E:\Programmer\JSAParental\JSAParentalControl.exe -nolog
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Mobile Phone Suite] e:\Programmer\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe -nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Morten config] C:\WINDOWS\system32\vf18\iswxsrv.exe
O4 - HKLM\..\Run: [System settings] burndl32.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [System settings] burndl32.exe
O4 - HKLM\..\RunOnce: [Morten config] C:\WINDOWS\system32\vf18\iswxsrv.exe /RunOnce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] e:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Morten\Lokale indstillinger\Temp\{14F8C079-A49D-4DBF-800E-38C4BF8E77B0}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: Sid Registration.lnk = G:\ATR1.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetBehaviour.lnk = C:\Programmer\Gallup Interactive\NetBehaviour\NetBehaviour.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/316/webolr/OCX/FlashAX.cab
O18 - Protocol: bw+0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Avatar billede andersenph Nybegynder
29. december 2004 - 18:07 #3
Hent og opdater Ad-Aware: http://www.spywarefri.dk/vaerktoj.htm#adaware
Programmet samt brugervejledning på dansk finder du her: http://www.spywarefri.dk/vaerktoj.htm#adaware
Følg også vejledningen her til udvidet søgning: http://www.spywarefri.dk/tipsogtricks.htm#adaware

Sæt lige de indstillinger korrekt, så det er klar til brug senere.



Følg vejledningen her: http://www.spywarefri.dk/hjtanv.htm (punkt 6). Fix disse med HijackThis:

O4 - HKLM\..\Run: [Morten config] C:\WINDOWS\system32\vf18\iswxsrv.exe
O4 - HKLM\..\Run: [System settings] burndl32.exe
O4 - HKLM\..\RunServices: [System settings] burndl32.exe
O4 - HKLM\..\RunOnce: [Morten config] C:\WINDOWS\system32\vf18\iswxsrv.exe /RunOnce
O4 - HKCU\..\Run: [LDM] e:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Alle O18 - Protocol: bw+0 - {69D4A906-4576-4633-B698-8063031215B6} - e:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll





Vi skal kunne se dine skjulte filer for at finde snavs, der skal slettes manuelt. Det er en del af processen.

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".


Disse programmer skal slettes i fejlsikret tilstand. Du genstarter og trykker F8 når Windows starter op.

Søg efter disse filer:

C:\WINDOWS\system32\vf18\iswxsrv.exe


Søg efter disse mapper:

Ingen.



Kør så programmet Ad-aware, fjern alt hvad den finder.



Hent den her scanner:
http://www.spywareinfo.dk/download/mwav.exe

Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Den skanner nu, og dette kan godt tage et par timer.

Derefter genstarter du og sender en ny log ind til check
Avatar billede mortenhartmann Nybegynder
29. december 2004 - 21:11 #4
hmmmm, så prøver vi igen. problemet er ikke løst, men jeg kunne heller ikke finde en fil du ville have mig til at slette.

Logfile of HijackThis v1.98.2
Scan saved at 21:09:16, on 29-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Nu ser den sådan ud????

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\vf18\iswxsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Programmer\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
E:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Gallup Interactive\NetBehaviour\NetBehaviour.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
E:\PROGRAMMER\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\Programmer\WinRAR\WinRAR.exe
C:\DOCUME~1\Morten\LOKALE~1\Temp\Rar$EX00.546\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Programmer\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Programmer\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Mobile Phone Suite] e:\Programmer\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe -nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Morten config] C:\WINDOWS\system32\vf18\iswxsrv.exe
O4 - HKLM\..\RunOnce: [Morten config] C:\WINDOWS\system32\vf18\iswxsrv.exe /RunOnce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Morten\Lokale indstillinger\Temp\{14F8C079-A49D-4DBF-800E-38C4BF8E77B0}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: Sid Registration.lnk = G:\ATR1.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetBehaviour.lnk = C:\Programmer\Gallup Interactive\NetBehaviour\NetBehaviour.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/316/webolr/OCX/FlashAX.cab

HÆÆÆÆLP
Avatar billede andersenph Nybegynder
29. december 2004 - 22:19 #5
Nu er din log i hvert fald ren :O)

Prøv at smide xp disken i drevet og gå i start -> kør og skriv sfc /scannow.
Så får du checket og rettet fejl på xp´s systemfiler.
Husk mellemrum mellem / og c
Avatar billede andersenph Nybegynder
30. december 2004 - 07:49 #6
UPS

Jeg fandt lige disse to her:
O4 - HKLM\..\Run: [Morten config] C:\WINDOWS\system32\vf18\iswxsrv.exe
O4 - HKLM\..\RunOnce: [Morten config] C:\WINDOWS\system32\vf18\iswxsrv.exe /RunOnce

Dem skal du fixe.

Genstart i fejlsikret tilstand og slet denne mappe:
C:\WINDOWS\system32\vf18>>>kun vf18 mappen.

Genstart og ny log please :O)
Avatar billede mortenhartmann Nybegynder
30. december 2004 - 22:55 #7
Så prøver vi igen, nu har jeg slettet den mappe som du sagde, men com brokkede sig altså da jeg startede den op igen over at den var væk? Skal den det??? Hvad er det egentlig vi sletter????

Nu ser den såda ud!!!!

Logfile of HijackThis v1.98.2
Scan saved at 22:52:50, on 30-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
E:\Programmer\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
E:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Gallup Interactive\NetBehaviour\NetBehaviour.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
E:\PROGRAMMER\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\DOCUME~1\Morten\LOKALE~1\Temp\Rar$EX04.340\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Programmer\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Programmer\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Mobile Phone Suite] e:\Programmer\Logitech\Mobile Phone Suite\MobilePhoneSuite.exe -nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Morten config] C:\WINDOWS\system32\vf18\iswxsrv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\Morten\Lokale indstillinger\Temp\{14F8C079-A49D-4DBF-800E-38C4BF8E77B0}\{0325F1C1-883A-41AB-8981-B27359ABDFAF}\NOVG.EXE
O4 - Startup: Sid Registration.lnk = G:\ATR1.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetBehaviour.lnk = C:\Programmer\Gallup Interactive\NetBehaviour\NetBehaviour.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/316/webolr/OCX/FlashAX.cab
Avatar billede andersenph Nybegynder
30. december 2004 - 23:12 #8
Jeg kan ikke finde nogen information om den mappe og fil i system 32 mappen.
Når jeg ikke kan det er det snavs og så skal det væk :O)

Vi bliver nødt til at fjerne den med killbox:

http://downloads.subratam.org/KillBox.zip

http://home8.inet.tele.dk/fbj/TheKillBoxBrugsanvisning.htm

Pak Killbox ud i en mappe for sig selv og følg brugsanvisningen.


Det er vigtigt, at du afbryder forbindelsen til internettet inden du sletter nedenstående fil - hiv internetstikket ud af computeren.

Her er så filen der skal slettes med KillBox:

C:\WINDOWS\system32\vf18\iswxsrv.exe

Kør KillBox, sæt prik i "Delete on reboot". Kopier linien ind i tekstfeltet på Killbox og klik herefter på den røde knap med det hvide kryds. Programmet vil spørge om du vil genstarte - svar  JA, og din computer vil genstarte.

Kom med en ny log, når det er gjort :O)
Avatar billede mortenhartmann Nybegynder
29. januar 2005 - 12:20 #9
hej
Avatar billede andersenph Nybegynder
29. januar 2005 - 17:00 #10
Selv hej ;O)


Hvordan går det? Skal vi gøre arbejdet færdigt eller?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 14:15 PHP Html Af Asky i Programmeringsværktøjer
I går 11:06 Rufus mange muligheder - valg ved install Windows Af Uvanga i Windows
06/0516:53 HTML Af Asky i Programmeringsværktøjer
06/0510:01 Mister internettet efter slumre, Af valby i Windows
05/0513:02 Lille smart tingest Af nu_igen i Fitness & Smartwatches
White papers
Flere white papers »