ADVARSEL om manglende virusbeskyttelse

Det er fordi der er kommet en form for SPYWARE/'snavs' ind på din putter alligevel.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qiehemejcowt.com/GIayvfDgUtdh7GJHKLXgqMdHGyUN2JLvwf5P47/TYzx2ZpObigXJFIVgH4Nn7F_/.htm

Nu har du jo allerede Microsoft® Windows AntiSpyware inde (fint); opdater den og la' den rulle en komlet scanning...

Ellers ka' jeg ikke lige overskue hvilke andre elementer i din log som _kan_ være mistænkelige. Du har jo at hav af værktøjer - mere eller mindre effektive...

"XP Proff. mener stadig jeg er uden antivirus-beskyttelse...  "
Hvordan meddeles det i praksis ?
Er det fra M$'s sikkerhedscenter ? Eller noget tredie ?

"XP Proff. mener stadig jeg er uden antivirus-beskyttelse...  "
Hvordan meddeles det i praksis ?
Er det fra M$'s sikkerhedscenter ? Eller noget tredie ?"

Ja det er windows sikkerhedscenter der giver disse meddelelser.

Er AVG ikonet i systray aktivt? (gråt eller med farver?)

anyway...
Du skal fjerne det ene antivirusprogram - det er ingen nytte til at køre med 2 el. flere.

Der er EEN ting i loggen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qiehemejcowt.com/GIayvfDgUtdh7GJHKLXgqMdHGyUN2JLvwf5P47/TYzx2ZpObigXJFIVgH4Nn7F_/.htm

Fix denne og genstart og kom med en ny log - tak :)

Hej,

Jeg har prøvet at "fixe" R1 - men det ser ikke ud som om Hi-jack-this er i stand til at udføre dette "indgreb".........  AVG-ikonet  (nyinstalleret) er IKKE gråt, men i farver - altså `aktiv` .....  Findes der eventuelt andre programmer der kan fjerne  den omtalte fil.. ?

Logfile of HijackThis v1.99.1
Scan saved at 10:58:18, on 28-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRAMMER\AVPERSONAL\AVGUARD.EXE
C:\Programmer\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\Prevx 1\PXConsole.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Prevx 1\PXAgent.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\AVPersonal\AVGNT.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Programmer\LiveUpdate\LiveUpdate.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Pixoria\Konfabulator\Konfabulator.exe
C:\Programmer\Morpheus\Morpheus.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\WinAce\WinAce.exe
C:\DOCUME~1\CJ1E1C~1.CJ-\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qiehemejcowt.com/GIayvfDgUtdh7GJHKLXgqMdHGyUN2JLvwf5P47/TYzx2ZpObigXJFIVgH4Nn7F_/.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmer\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmer\Prevx 1\PXConsole.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Programmer\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programmer\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Konfabulator.lnk = C:\Programmer\Pixoria\Konfabulator\Konfabulator.exe
O4 - Startup: Morpheus.lnk = C:\Programmer\Morpheus\Morpheus.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-søgning - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Lignende sider - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128867154500
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMMER\AVPERSONAL\AVGUARD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmer\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Programmer\Prevx 1\PXAgent.exe" -f (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe


Som du kan se fugurere R1 stadig på loggen, selv om jeg har "fixet" og genstartet. Hmmmm...  ? 

Stadig mystisk.....  Mvh. Claus

Skal jeg måske benytte "regedit"-funktionen?

Nej.
Brug Spybot: http://www.download.com/3001-8022-10289035.html
Vejledning: http://www.datasikring.dk/spybot.asp

Derefter en ny log.

En ting slår mig lige!
Er AVG opdateret? XP vil nemlig advare mod manglende virusbekyttelse hvis AVG ikke er opdateret!

Nåh, det var heller ikke nogen succes.... Spybot finder ingen problemer (overhovedet)  AVG er opdateret d.d. Jeg har fjernet unødvendige hjælpeprogrammer (5 stk.) så de ikke længere optræder i loggen........  herefter kørt Cleaner + Wndows registry repair pro... 


Logfile of HijackThis v1.99.1
Scan saved at 12:48:54, on 28-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Programmer\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\LiveUpdate\LiveUpdate.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Pixoria\Konfabulator\Konfabulator.exe
C:\Programmer\Morpheus\Morpheus.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\WinAce\WinAce.exe
C:\DOCUME~1\CJ1E1C~1.CJ-\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qiehemejcowt.com/GIayvfDgUtdh7GJHKLXgqMdHGyUN2JLvwf5P47/TYzx2ZpObigXJFIVgH4Nn7F_/.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmer\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Programmer\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programmer\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Konfabulator.lnk = C:\Programmer\Pixoria\Konfabulator\Konfabulator.exe
O4 - Startup: Morpheus.lnk = C:\Programmer\Morpheus\Morpheus.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-søgning - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Lignende sider - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128867154500
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe


Håber det kan hjælpe lidt...  Jeg tænkte om der var en anden måde at fjerne den dér  R1´er på?  Mvh. Claus

Ny Scan..

Logfile of HijackThis v1.99.1
Scan saved at 12:54:33, on 28-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Programmer\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\LiveUpdate\LiveUpdate.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Pixoria\Konfabulator\Konfabulator.exe
C:\Programmer\Morpheus\Morpheus.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\WinAce\WinAce.exe
C:\DOCUME~1\CJ1E1C~1.CJ-\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Programmer\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Programmer\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programmer\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Konfabulator.lnk = C:\Programmer\Pixoria\Konfabulator\Konfabulator.exe
O4 - Startup: Morpheus.lnk = C:\Programmer\Morpheus\Morpheus.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-søgning - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Lignende sider - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128867154500
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe



Nu er R1´ern væk, men antivirus programmet fungere stadig ikke......... (p.s. Jeg foretog mig egentlig ikke noget fra forrige scan og til denne....  Udover "fix chekced" - som denne gang virkede.!)  Mvh. Claus

ok - vender tilbage snarest!

(Log ser ok ud!)

Den linie risikerer at vende tilbage, det er en Lop infektion, så vi skal lige se om der ligger et eller flere skjulte "jobs" og kører.

Hent fl.zip, pak den ud og kør fl.bat - programmet laver en lille tekst fil, som du også skal kopiere herind:

http://www.ctrlaltdel.dk/Programmer/fl.zip

Hent Schtasks her:
http://fromsej.dk/download/schtasks.exe
Den skal ligge i C:\windows\system32\
Spørger den om den skal overskrive, så annuller download, så har du den.

Klik på Start->Kør skriv CMD og klik OK.
I "DOS"vinduet skriver du følgende:
schtasks /query>C:\tasks.txt
Det tager et splitsekund, så lukker du bare det vindue igen.
Find filen C:\tasks.txt, dobbeltklik på den og kopier indholdet herind.

Når du har gjort det, henter du en ny AVG installationsfil, og Regsupreme.
http://www.macecraft.com/downloads/RegSupreme_setup.exe

Afbryd din netforbindelse, afinstaller AVG, genstart.
Kør Regsupreme, du kan vælge sprog ved at klikke på Language på øverste bjælke.
Flyt prikken til Ekstra Grundig.(Hedder måske kun grundig)
Klik på Start, når den er færdig, klik på Vælg øverst til venstre, klik på alle.
Klik så på Orden nederst til højre, skriv et navn i Backupvinduet der kommer frem og klik OK.
Så kører det.
Kør scanningen to-tre gange.

Genstart, geninstaller AVG, tjek om dit ur står rigtigt, både dato, år og klokkeslet.
Lad os høre om det virker nu.

(Jeg har bedt fromsej overtage - tak fromme ;))

Hej,

Jeg har lige et par ting inden jeg fortsætter.........

fl.bat !! Kan det passe at tekstfilen bliver lagt på skirvebordet og hedder "strclearinner"? (med en masse uforklarligt tekst)

Missionen i DOS mislykkedes. Ved indtastning af "schtasks /query>C:\tasks.txt" returneres dette svar: "schtasks" blev ikke genkendt som en intern eller ekstern kommando, et program eller en tekstfil.

Mvh. Claus

Fl.zip indeholder to filer:
Fl.bat og jt.exe
den tekstfil der åbnes hedder findlop.txt og skulle gerne indeholde noget alá det her:
Disken i drev C har ikke noget navn.
Diskens serienummer er F063-A117

Indhold af C:\Documents and Settings\Administrator\Application Data

Disken i drev C har ikke noget navn.
Diskens serienummer er F063-A117

Indhold af C:\Documents and Settings\All Users\Application Data

01-10-2005  20:45    <DIR>          Adobe
22-10-2005  11:49    <DIR>          Ahead
09-09-2005  13:04    <DIR>          BOC412
09-09-2005  12:48    <DIR>          Kaspersky Anti-Virus Personal
29-10-2005  17:41    <DIR>          VMware
25-09-2005  19:33    <DIR>          Windows Genuine Advantage
              0 fil(er)                0 byte
              6 mappe(r)  26.721.943.552 byte ledig

Du har ikke fulgt vejledningen helt, du skal hente schtasks på linket og kopiere filen ind i C:\windows\system32
http://fromsej.dk/download/schtasks.exe

OKI! fandt findlop.txt - så er det lykkedes...

Disken i drev C har ikke noget navn.
Diskens serienummer er E42A-2D34

Indhold af C:\Documents and Settings\Administrator\Application Data

Disken i drev C har ikke noget navn.
Diskens serienummer er E42A-2D34

Indhold af C:\Documents and Settings\All Users\Application Data

16-08-2005  18:37    <DIR>          Adobe
05-08-2005  18:20    <DIR>          Ahead
14-09-2005  11:00    <DIR>          Avg7
20-07-2005  09:27    <DIR>          CyberLink
20-07-2005  09:37    <DIR>          Logitech
10-07-2005  23:41    <DIR>          Messenger Plus!
28-10-2005  16:51    <DIR>          Prevx
08-09-2005  20:29    <DIR>          SBT
09-10-2005  18:27    <DIR>          way bin jugs wait
29-08-2005  09:04    <DIR>          Windows Genuine Advantage
              0 fil(er)                0 byte
              10 mappe(r)  8.090.210.304 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er E42A-2D34

Indhold af C:\Documents and Settings\CJ\Application Data

27-08-2005  09:05    <DIR>          Acid Copy
22-08-2005  19:32    <DIR>          Adobe
16-08-2005  22:48    <DIR>          AdobeAUM
16-08-2005  22:48    <DIR>          AdobeUM
05-08-2005  18:16    <DIR>          Ahead
04-09-2005  16:55    <DIR>          Corel
08-09-2005  19:56    <DIR>          COWON
09-10-2005  18:27    <DIR>          CreativeBend
23-07-2005  12:53    <DIR>          CyberLink
30-08-2005  12:33    <DIR>          DWGEditor
12-07-2005  01:06    <DIR>          Help
14-09-2005  14:24    <DIR>          Lavasoft
10-07-2005  19:47    <DIR>          Macromedia
07-08-2005  06:59    <DIR>          Microsoft Web Folders
12-09-2005  22:13    <DIR>          Morpheus
31-08-2005  20:05    <DIR>          PC Suite
13-07-2005  17:07    <DIR>          Real
11-07-2005  00:28    <DIR>          Sun
21-08-2005  13:57    <DIR>          Systweak
03-09-2005  14:55    <DIR>          Template
11-07-2005  00:58    <DIR>          WebCompiler3
              0 fil(er)                0 byte
              21 mappe(r)  8.090.210.304 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er E42A-2D34

Indhold af C:\Documents and Settings\Default User\Application Data

05-07-2005  21:43    <DIR>          .
05-07-2005  21:43    <DIR>          ..
14-09-2005  12:38                62 desktop.ini
              1 fil(er)              62 byte
              2 mappe(r)  8.090.210.304 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er E42A-2D34

Indhold af C:\Documents and Settings\LocalService\Application Data

Disken i drev C har ikke noget navn.
Diskens serienummer er E42A-2D34

Indhold af C:\Documents and Settings\NetworkService\Application Data


Men kan stadig ikke udføre schtasks /query>C:\tasks.txt  -  Har prøvet både med og uden mellemrum (schtasks /query  OG  schtasks/query  .... )

Hvis jeg søger efter filen: tasks.txt  ,  så findes der et tekst-dokument der hedder sådan - men det er tomt. 

Mvh. Claus

Disse to mapper skal slettes:
C:\Documents and Settings\All Users\Application Data\Messenger Plus!\
C:\Documents and Settings\All Users\Application Data\way bin jugs wait\

Prøv igen i kommandoprompt, denne gang kun således:
schtasks /query
(Der skal være mellemrum)
Kommer der så noget der minder om dette:
A65E6C799109E7B9.job (16 tegn der ikke giver mere mening end dette eksempel), så skriv det op, der kan være flere, men kan du huske hvilken version af Messenger plus der har været installeret?

Jeg har slettet de to mapper

Kan ikke huske hvilken version af messenger plus jeg havde, men det var den seneste, som jeg afinstallerede for nyligt, et råd her fra iøvrigt, som viste sig temmelig nyttigt.
Men jeg kan stadig ikke køre "schtasks" i kommandopromten. Filen er kopieret ind i Windows og ind i system32 som du angav. Skriver stadig :"schtasks" blev ikke genkendt som intern eller ekstern kommando....... m.v. Når jeg prøver at downloade fra det link du ligger til mig, så angiver den også at filen ligger der i forvejen.

Mvh Claus

Hent silentrunner her:
http://www.silentrunners.org/Silent%20Runners.vbs

Kør programmet og læg log-filen herind (den lægger sig i samme mappe som silentrunner programmet ligger i).

Hvis dit antivirus brokker sig, skal du acceptere at filen bliver kørt.
Så får vi de fornødne oplysninger (bl.a.).

Har du fået AVG til at opføre sig ordentligt?

Nej, kontrolcenter angiver stadig at jeg ikke har antivirussoftware installeret. Det er ikke kun ved AVG men også Ewido, avast m.v. 

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Programmer\Messenger\msmsgs.exe" /background" [MS]
"Windows Registry Repair Pro" = "C:\Programmer\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4" ["3B Software, Inc."]
"BTCLiveUpdate" = ""C:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart" [null data]
"msnmsgr" = ""C:\Programmer\MSN Messenger\msnmsgr.exe" /background" [MS]
"FreeRAM XP" = ""C:\Programmer\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win" ["YourWare Solutions (TM)"]
"Skype" = ""C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"NBJ" = ""C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Smapp" = "C:\Programmer\Analog Devices\SoundMAX\SMTray.exe" ["Analog Devices, Inc."]
"DrvLsnr" = "C:\Programmer\Analog Devices\SoundMAX\DrvLsnr.exe" ["adi"]
"gcasServ" = ""C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"WinampAgent" = "C:\Programmer\Winamp\winampa.exe" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SunJavaUpdateSched" = "C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"TkBellExe" = ""C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]
"iTunesHelper" = ""C:\Programmer\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Programmer\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"PrevxOne" = ""C:\Programmer\Prevx 1\PXConsole.exe"" ["Prevx"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\programmer\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikon"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Context Menu Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 DragDrop Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Context Menu Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Property Sheet Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinAce\arcext.dll" ["e-merge GmbH"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Microsoft AntiSpyware\shellextension.dll" [MS]

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
"load" = (value not set)
"run" = (value not set)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (value not set)

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]


Default executables:
--------------------

.SCR: HKLM\SOFTWARE\Classes\PhEdit.scr\shell\open\command\
INFECTION WARNING! "Default" = "C:\Programmer\VCW VicMan's Photo Editor\vcwphoto.exe %1" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Landskab.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssflwbox.scr" [MS]


Startup items in "cj" & "All Users" startup folders:
----------------------------------------------------

C:\Documents and Settings\cj.CJ-5401E9564B77\Menuen Start\Programmer\Start
"Konfabulator" -> shortcut to: "C:\Programmer\Pixoria\Konfabulator\Konfabulator.exe" ["Yahoo, Inc."]
"Morpheus" -> shortcut to: "C:\Programmer\Morpheus\Morpheus.exe" ["Streamcast Networks, Inc"]

C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start
"Adobe Reader Speed Launch" -> shortcut to: "C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Programmer\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"A972B66991B927A1" -> launches: "c:\docume~1\cj1e1c~1.cj-\applic~1\creati~1\settingsthebrowse.exe" [file not found]
"Auto-scheduled task of Free Registry Fix" -> launches: "C:\Programmer\Free Registry Fix\regfix.exe /run" [file not found]
"Symantec NetDetect" -> launches: "C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 09
%SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\programmer\google\googletoolbar1.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\programmer\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = "&Google" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "c:\programmer\google\googletoolbar1.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programmer\Messenger\msmsgs.exe" [MS]


HOSTS file
----------

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Programmer\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
iPodService, iPodService, "C:\Programmer\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Prevx Agent, PrevxAgent, ""C:\Programmer\Prevx 1\PXAgent.exe" -f" ["Prevx"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMI-ydelseskort, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 45 seconds, including 18 seconds for message boxes)


Det var loggen fra silent runners........ 

Mvh. Claus

Det var det jeg frygtede:
A972B66991B927A1 er Lop.

Enabled Scheduled Tasks:
------------------------

"A972B66991B927A1" -> launches: "c:\docume~1\cj1e1c~1.cj-\applic~1\creati~1\settingsthebrowse.exe" [file not found]

Kopier teksten mellem de stiplede linier ind i et notepad-vindue. Gem filen som sletjob.bat, hvor du sikrer dig, at der under Filtype står "Alle filer"

--------------------------
%systemdrive%
cd %systemdrive%\WINDOWS\Tasks
attrib -r -s -h A972B66991B927A1.job

del A972B66991B927A1.job
--------------------------

Genstart herefter til fejlsikret tilstand

Dobbeltklik på sletjob.bat. Et sort dos-vindue vil kort åbnes og lukkes.
så burde Lop være en saga blot hos dig.

Angående Antivirusproblemet.
Afinstaller både Avast og AVG, kør så Regsupreme to-tre gange, med en genstart imellem, geninstaller AVG, se om det hjælper.

Hej,

det var en drøj omgang, hvilket jeg skal beklage, men det ser ud til at lykkedes nu. Tak for hjælpen. Smid svar og point er på vej....  Mht. virus-programmerne, så har jeg tænkt om det muligvis er min XP - software der ikke er original....  og dermed ikke får de fornødne opdateringer  (bare en tanke) men jeg kan godt leve med "egen overvågning" - computeren er jo beskyttet af  virusprogrammet alligevel - sådan  som jeg forstår det....  fortsat god weekend  Mvh  Claus

Det kan være årsagen, men det undrer mig nu alligevel.
Du kan lige prøve dette:
Klik på Start->Kør skriv SFC /scannow(bemærk mellemrum), klik OK.
Din CD skal sidde i drevet.