Notifikationer

Markér alle som læst Log ud

bravida Nybegynder

20. marts 2005 - 19:35 Der er 16 kommentarer og
1 løsning

HijackThis log

Hej - vil en eller anden lige kikke denne log efter. Det er for en ven som siger at der skulle være en virus på sin PCer.
Logfile of HijackThis v1.99.1
Scan saved at 19:14:03, on 20-03-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Lexmark X5100 Series\lxbabmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Lexmark X5100 Series\lxbabmon.exe
C:\Programmer\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Birgit\Dokumenter\Ny mappe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://212.10.10.20/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.3000.1001\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.3000.1001\da\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmer\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Programmer\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk500YYDK
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110231188920
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bw+0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe

Synes godt om

kalp Novice

20. marts 2005 - 19:35 #1

hej igen jeg ser på den

Synes godt om

kalp Novice

20. marts 2005 - 19:37 #2

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.
Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer. Klik herefter "Fix checked" i hijackthis:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk500YYDK

samt alle
O18 - Protocol: bw+0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Slet alt den finder..

Genstart normalt og kopir en ny log herind så jeg kan se om vi fik det hele med eller om noget er blevet overset:)

Tjah alt det med mwav er noget i selv bestemmer.. det er mere fordi jeg ikke kunne se virus i loggen.!

Synes godt om

kalp Novice

20. marts 2005 - 19:38 #3

glemte lige denne..

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://212.10.10.20/

dog kun hvis i ikke kender adressen

Synes godt om

johnstigers Seniormester

20. marts 2005 - 20:03 #4

kalp> den er ok - det er stofanets signon side :)

Synes godt om

kalp Novice

20. marts 2005 - 20:06 #5

okay jeg troede det var noget privat noget:P den kom nemlig ikke frem da jeg tjekede den

Synes godt om

johnstigers Seniormester

20. marts 2005 - 20:14 #6

Du får vel bare en side frem med noget stofanet vrøvl hvis du klikker på det?

Synes godt om

kalp Novice

20. marts 2005 - 20:21 #7

næh sjovt nok siden blev ikke fundet ... mon jeg burde køre hjt selv ? *G*

Synes godt om

majsmarken Nybegynder

21. marts 2005 - 00:05 #8

<kalp>: Nu har jeg smugkikket en del - Disse
O18 - Protocol: bw+0 - {BE887E2A-49FD-4132-BDA3-61A79499A3D9} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
... hvor kommer de fra? Og så på "mange" HJT linier ?

Synes godt om

kalp Novice

21. marts 2005 - 00:13 #9

Hej majsmarken > Jeg fixer Dem ud fra http://computercops.biz/HijackThis.html#o18
da jeg efter de første par gange jeg så Dem i nogen logge kunne kunne finde information omkring filen.

Synes godt om

majsmarken Nybegynder

21. marts 2005 - 00:18 #10

... Hmmm... Er det en "fejl" hos Logitech siden den er O18 representeret så mange gange ? Jeg har nu også ædt dem de steder som jeg har oplevet (på min primære arbejdsplads altså) - lærer en del her fra eksperten -

"Keep Up The Good Work" ...

Synes godt om

kalp Novice

21. marts 2005 - 00:20 #11

Hov der skulle selvfølgelig have ikke kunne finde info omkring filen:))
Det er ikke det eneste vi sletter fra logitech.. jeg mener også der er 2stk exe filer til at "overvåge" deres kunder:|!

Synes godt om

bravida Nybegynder

21. marts 2005 - 10:36 #12

Logfile of HijackThis v1.99.1
Scan saved at 10:12:41, on 21-03-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Lexmark X5100 Series\lxbabmgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Lexmark X5100 Series\lxbabmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Birgit\Dokumenter\Ny mappe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://212.10.10.20/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.3000.1001\da\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.3000.1001\da\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programmer\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Programmer\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110231188920
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe

Synes godt om

kalp Novice

21. marts 2005 - 14:05 #13

Så er loggen ren

Synes godt om

bravida Nybegynder

21. marts 2005 - 14:07 #14

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe ?????????????????

Synes godt om

kalp Novice

21. marts 2005 - 14:09 #15

Ja og den har du brugt
Det var denne del!

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

lig mærke til filnavnet

Synes godt om

bravida Nybegynder

21. marts 2005 - 14:12 #16

Tak for hjælpen vedr. en ven.

Synes godt om

kalp Novice

21. marts 2005 - 14:13 #17

selv tak:)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

08:30

Cyberorm forvandler udviklere til ufrivillige spredere: Nu er SAP ramt

08:00

Kritikken fyger over EU's storstilede projekt om at bygge AI-gigafabrikker

07:20

Danmark halter langt efter Sverige: Den danske telesektor kræver flere hundrede millioner kroner til beredskab

06:40

Morgen-briefing: Boligportaler politianmeldt: Gemte dyre aftaler bag billig prøveperiode / Ny topchef i it-virksomhed under stigende pres / Nu er næsten al phishing AI-genereret

01/05

Test: Kan danske Jabra egentlig hamle op med tech-giganterne med sin nye topmodel? Svaret er ja

01/05

Efter mange års tilbagegang i Danmark - nu vokser CGI's omsætning igen

01/05

Nørgaard: En marxistisk analyse af milliardærskat i dagens anledning - fik Marx egentlig ikke ret?

01/05

Rykker tættere på fælles it-drift: 19 kommuner siger ja til hinanden - Aarhus får central rolle

01/05

Den danske datacenter-branche efter kritik: Der skal bygges meget mere. Det haster

01/05

Emagine buldrer frem: Sætter ny omsætningsrekord og har vild vækst på jobfronten

01/05

En særlig ting får vores samfund til at fungere

Vis flere artikler

IT-JOB

Matas A/S

Matas Group is looking for a D365 FO Functional Consultant SCM

Netcompany A/S

Managing Architect

Netcompany A/S

Operations Engineer til drift af Infrastruktur

Politiets Efterretningstjeneste

IT Compliance Manager til PET- Kan du omsætte sikkerhedspolitiker til handlingsplaner?

European Stonecraft

Intern Navision/BC Supporter

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 00:59	Mobilepay app virker ikke mere på Xiaomi Redmi Note 13 Pro Af henrixx i Apps til Android
02/0519:09	Download Win 11 - 25H2 Af ErikHg i Windows
30/0410:42	Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
29/0419:37	Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
29/0412:23	Facebook Af hkv i Sociale medier

White papers

Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Erfaringer fra frontlinjen: Sådan ændrer trusselsbilledet sig
Arctic Wolf
Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta

Flere white papers »