Notifikationer

Markér alle som læst Log ud

razzt Nybegynder

06. december 2005 - 19:26 Der er 23 kommentarer og
1 løsning

Hijackthis tjekker?

Nogen der gider tager tjekker?

Logfile of HijackThis v1.99.1
Scan saved at 19:21:27, on 06-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\SAFEGUARD\SGEASY\ECVIEW.EXE
C:\Programmer\D-Tools\daemon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\Documents and Settings\Janni\Skrivebord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vammkentsk.biz/PXMHNiBtgQ34yc1oUvpxvlCWu1mw00vRjAWi307gqhivU9Df/jmL5Z_KBBPm9h17.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {48EA4715-1D8B-5F06-4D08-F8B01C93AECB} - (no file)
O2 - BHO: (no name) - {B903F5E1-5154-F5C5-3811-4F003F24591C} - C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1\Peak Wait.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E2C00047-CC8A-F19D-6E28-54E6FBF1C1D0} - C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1\Peak Wait.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EDWizard] C:\SAFEGUARD\SGEASY\EDWIZARD.EXE as
O4 - HKLM\..\Run: [SgeEcView] C:\SAFEGUARD\SGEASY\ECVIEW.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [rectbuildtickcast] C:\Documents and Settings\All Users\Application Data\PhoneSendRectBuild\onemeet.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Free Second Defy Web] C:\Documents and Settings\All Users\Application Data\2 Mail Free Second\LIST FUNK.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Programmer\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [hoq5RgK4i] renssvc.exe
O4 - HKCU\..\Run: [Acid readme] C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1\globalplan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Synes godt om

var Nybegynder

06. december 2005 - 19:33 #1

Ja er igang... ;D

Synes godt om

var Nybegynder

06. december 2005 - 19:44 #2

start --> kontrolpanel --> tilføj eller fjern programmer

Fjern disse
disse programmer indeholder spyware... men det er op til dig hvis du ikke vil af med dem.. jeg vil forslå at du fjerner dem...

MSN messenger plus 3
Bearshare

Kom med en frisk Hijackthis log (der er nemlig noget ;D )

Synes godt om

razzt Nybegynder

06. december 2005 - 20:01 #3

Kan ikke finde de to ting inde i tilføj eller fjern programmer, men vil du tage en tjekker på det andet?

Synes godt om

razzt Nybegynder

06. december 2005 - 20:02 #4

Nu har jeg fjernet MSN plus 3

Synes godt om

razzt Nybegynder

06. december 2005 - 20:06 #5

Logfile of HijackThis v1.99.1
Scan saved at 20:04:19, on 06-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\SAFEGUARD\SGEASY\ECVIEW.EXE
C:\Programmer\D-Tools\daemon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Janni\Skrivebord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.imgcickdnchpkdrsgxrp.net/PXMHNiBtgQ34yc1oUvpxvlCWu1mw00vRjAWi307gqhiFLkonWN4o1p_KBBPm9h17.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {48EA4715-1D8B-5F06-4D08-F8B01C93AECB} - (no file)
O2 - BHO: (no name) - {B903F5E1-5154-F5C5-3811-4F003F24591C} - C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1\Peak Wait.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EDWizard] C:\SAFEGUARD\SGEASY\EDWIZARD.EXE as
O4 - HKLM\..\Run: [SgeEcView] C:\SAFEGUARD\SGEASY\ECVIEW.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [rectbuildtickcast] C:\Documents and Settings\All Users\Application Data\PhoneSendRectBuild\onemeet.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\Janni\LOKALE~1\Temp\MsgPlusUninst.bat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Programmer\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [hoq5RgK4i] renssvc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [remititit16639] C:\WINDOWS\system32\command.com /c del C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1\8842.del
O4 - HKCU\..\RunOnce: [remititit15631] C:\WINDOWS\system32\command.com /c del C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1\8842.del
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Synes godt om

var Nybegynder

06. december 2005 - 20:19 #6

start --> kontrolpanel --> tilføj eller fjern programmer

Fjern:
Bearshare

åbn Hijackthis og tjek disse linier:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.imgcickdnchpkdrsgxrp.net/PXMHNiBtgQ34yc1oUvpxvlCWu1mw00vRjAWi307gqhiFLkonWN4o1p_KBBPm9h17.php
O2 - BHO: (no name) - {48EA4715-1D8B-5F06-4D08-F8B01C93AECB} - (no file)
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [hoq5RgK4i] renssvc.exe

ewido:
http://download.ewido.net/ewido-setup.exe

opdater programmet kør en fuld scanning og slet hvad den finder,
programmet laver en log som du skal kopiere herind sammen med en frisk HijackThis log

Synes godt om

ejvindh Ekspert

06. december 2005 - 20:46 #7

Fazli: Der mangler altså en del i den procedure, du har lagt der! Så jeg har tilladt at lave et lidt mere grundigt alternativ

Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og kør Ewido - opdater programmet.

Kør herefter HJT, og fix følgende linier:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.imgcickdnchpkdrsgxrp.net/PXMHNiBtgQ34yc1oUvpxvlCWu1mw00vRjAWi307gqhiFLkonWN4o1p_KBBPm9h17.php
O2 - BHO: (no name) - {48EA4715-1D8B-5F06-4D08-F8B01C93AECB} - (no file)
O2 - BHO: (no name) - {B903F5E1-5154-F5C5-3811-4F003F24591C} - C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1\Peak Wait.exe
O4 - HKLM\..\Run: [rectbuildtickcast] C:\Documents and Settings\All Users\Application Data\PhoneSendRectBuild\onemeet.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [hoq5RgK4i] renssvc.exe
O4 - HKCU\..\RunOnce: [remititit16639] C:\WINDOWS\system32\command.com /c del C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1\8842.del
O4 - HKCU\..\RunOnce: [remititit15631] C:\WINDOWS\system32\command.com /c del C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1\8842.del
O4 - Global Startup: GStartup.lnk = ?
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab

Genstart herefter til fejlsikret tilstand (tryk F8 under opstarten). Sørg for at du kan se alle filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Slet herefter følgende mapper:
C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1\
C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1\
C:\Documents and Settings\All Users\Application Data\PhoneSendRectBuild\
C:\Programmer\BearShare\

Søg efter dette program, og slet det hvis du finder det.
renssvc.exe

Kør en fuld scanning med Ewido. Programmet laver en lille log, som du skal kopiere herind i dit næste svar.

Genstart til normal tilstand. Hent denne lille fil: http://www.fbeej.ctrlaltdel.dk/Programmer/fl.zip
Pak fl.zip ud og dobbeltklik på fl.bat - Notesblok åbner en lille tekstfil du skal kopiere herind.

Lav også en ny log med HJT, som du lægger herind.

Synes godt om

razzt Nybegynder

07. december 2005 - 09:09 #8

---------------------------------------------------------
ewido security suite - Scanningsrapport
---------------------------------------------------------

+ Oprettet den: 23:43:24, 06-12-2005
+ Rapport-Checksum: 798E14CF

+ Scanningsresultat:
C:\Documents and Settings\Janni\Cookies\janni@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
C:\Documents and Settings\Janni\Dokumenter\Modtagne filer\Msn ting\MsgPlus-254.exe/70000011.exe -> Downloader.Swizzor.af : Renset med backup

::Rapport slut

Synes godt om

razzt Nybegynder

07. december 2005 - 09:13 #9

Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\All Users\Application Data

06-12-2005 20:19 <DIR> 2 Mail Free Second
04-12-2003 20:12 <DIR> Adobe
25-12-2003 12:31 <DIR> MSN6
29-10-2004 17:30 <DIR> Ooze Audio List Corn
06-12-2005 19:18 <DIR> Spybot - Search & Destroy
27-11-2003 21:17 <DIR> Symantec
0 fil(er) 0 byte
6 mappe(r) 4.927.369.216 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\Janni\Application Data

05-12-2003 06:57 <DIR> Adobe
05-12-2003 06:57 <DIR> AdobeUM
06-12-2005 22:29 <DIR> amen locks fast
04-12-2003 19:32 <DIR> CyberLink
06-12-2005 20:19 <DIR> flaw deaf
06-12-2003 19:17 <DIR> Help
14-08-2005 18:31 <DIR> Identities
06-12-2005 20:23 <DIR> Lavasoft
04-12-2003 19:34 <DIR> Leadertech
25-01-2004 16:23 <DIR> Macromedia
18-11-2005 20:52 <DIR> Mozilla
28-06-2005 15:58 <DIR> MSN6
14-08-2005 17:00 <DIR> Registry Cleaner
28-02-2004 14:19 <DIR> SmartFTP
04-12-2003 19:34 <DIR> Sonic
27-11-2003 21:07 <DIR> Sun
27-11-2003 21:17 <DIR> Symantec
25-12-2003 13:04 <DIR> Template
0 fil(er) 0 byte
18 mappe(r) 4.927.365.120 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\Default User\Application Data

27-11-2003 21:17 <DIR> .
27-11-2003 21:17 <DIR> ..
26-11-2002 09:23 62 DESKTOP.INI
1 fil(er) 62 byte
2 mappe(r) 4.927.365.120 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\LocalService\Application Data

Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\NetworkService\Application Data

Synes godt om

razzt Nybegynder

07. december 2005 - 09:19 #10

Logfile of HijackThis v1.99.1
Scan saved at 09:19:10, on 07-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Messenger\msmsgs.exe
C:\SAFEGUARD\SGEASY\ECVIEW.EXE
C:\Programmer\D-Tools\daemon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Janni\Skrivebord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wwmuzpcmocok.info/PXMHNiBtgQ34yc1oUvpxvlCWu1mw00vRjAWi307gqhji6En4GxuIyZ_KBBPm9h17.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vrpeyhauhraporiwfidaxbbxf.com/PXMHNiBtgQ1CGEvCFNqIzf8plqKiDHWNvUu_y3YCvDI.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EDWizard] C:\SAFEGUARD\SGEASY\EDWIZARD.EXE as
O4 - HKLM\..\Run: [SgeEcView] C:\SAFEGUARD\SGEASY\ECVIEW.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Free Second Defy Web] C:\Documents and Settings\All Users\Application Data\2 Mail Free Second\Grim Inter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Programmer\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Acid readme] C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1\globalplan.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Synes godt om

ejvindh Ekspert

07. december 2005 - 09:57 #11

Jeg bemærker nu, at du har WinMX på din computer. Det er et P2P-program, der i sig selv ikke er befængt med spyware. Men jeg vil nu alligevel anbefale at du fjerner det, for P2P-netværk er én af de sikreste kilder til spyware, idet de programmer der udveksles her nogle gange er blevet tilføjet lidt "ekstra".

Start med at slå Ad-Watch fra imens du kører den følgende procedure (Ad-Watch er et godt program, men når man skal fjerne noget skidt, har den nogle gange med at forhindre rensningen. Du kan bare slå den til igen bagefter).

Kør HJT, og fix disse linier:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wwmuzpcmocok.info/PXMHNiBtgQ34yc1oUvpxvlCWu1mw00vRjAWi307gqhji6En4GxuIyZ_KBBPm9h17.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vrpeyhauhraporiwfidaxbbxf.com/PXMHNiBtgQ1CGEvCFNqIzf8plqKiDHWNvUu_y3YCvDI.htm
O4 - HKLM\..\Run: [Free Second Defy Web] C:\Documents and Settings\All Users\Application Data\2 Mail Free Second\Grim Inter.exe
O4 - HKCU\..\Run: [Acid readme] C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1\globalplan.exe

Det kan godt være, at du skal gøre det et par gange. De kan godt være lidt genstridige.

Kopier herefter teksten mellem de stiplede linier ind i et notepad-vindue. Gem filen som sletjob.bat på skrivebordet, hvor du sikrer dig, at der under Filtype står "Alle filer"
--------------------------
attrib -r -s -h /s /d "C:\Documents and Settings\All Users\Application Data\2 Mail Free Second"
rd "C:\Documents and Settings\All Users\Application Data\2 Mail Free Second" /s /q
attrib -r -s -h /s /d "C:\Documents and Settings\All Users\Application Data\Ooze Audio List Corn"
rd "C:\Documents and Settings\All Users\Application Data\Ooze Audio List Corn" /s /q
attrib -r -s -h /s /d "C:\Documents and Settings\Janni\Application Data\amen locks fast"
rd "C:\Documents and Settings\Janni\Application Data\amen locks fast" /s /q

dir %Windir%\tasks /a h >> findlop.txt
rem c:\WINDOWS\notepad.exe findlop.txt
--------------------------
Genstart herefter til fejlsikret tilstand

Dobbeltklik på sletjob.bat. Et sort dos-vindue vil kort åbnes og lukkes.

Genstart herefter til normal tilstand. På skrivebordet skulle nu ligge en fil, der hedder findlop.txt. Jeg vil gerne se indholdet af denne fil. Kør også fl.bat igen, og send den nye log herind. Lav også en ny HJT-log, som du lægger herind.

Synes godt om

razzt Nybegynder

07. december 2005 - 10:01 #12

Hvad mener du med under Filtype står "Alle filer"?

Synes godt om

ejvindh Ekspert

07. december 2005 - 10:33 #13

Når du inde i Notepad klikker på Filer-Gem, så kommer der en dialogbox op, hvor du skal indtaste navnet på filen. Lige under det felt, hvor du indtaster filnavnet, er der et felt hvor der står "Filtyper" ud for. Her skal du sørge for, at der står "Alle Filer"

Synes godt om

razzt Nybegynder

07. december 2005 - 11:02 #14

Synes godt om

razzt Nybegynder

07. december 2005 - 11:03 #15

Logfile of HijackThis v1.99.1
Scan saved at 11:03:10, on 07-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\SAFEGUARD\SGEASY\ECVIEW.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Janni\Skrivebord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oelepfgrjbgjgx.com/PXMHNiBtgQ34yc1oUvpxvlCWu1mw00vRjAWi307gqhiP4EhpO/suMJ_KBBPm9h17.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vrpeyhauhraporiwfidaxbbxf.com/PXMHNiBtgQ1CGEvCFNqIzf8plqKiDHWNvUu_y3YCvDI.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E2C00047-CC8A-F19D-6E28-54E6FBF1C1D0} - C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1\Peak Wait.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EDWizard] C:\SAFEGUARD\SGEASY\EDWIZARD.EXE as
O4 - HKLM\..\Run: [SgeEcView] C:\SAFEGUARD\SGEASY\ECVIEW.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Free Second Defy Web] C:\Documents and Settings\All Users\Application Data\2 Mail Free Second\Grim Inter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Programmer\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Acid readme] C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1\globalplan.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Synes godt om

razzt Nybegynder

07. december 2005 - 11:05 #16

Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\All Users\Application Data

07-12-2005 11:01 <DIR> 2 Mail Free Second
04-12-2003 20:12 <DIR> Adobe
25-12-2003 12:31 <DIR> MSN6
06-12-2005 19:18 <DIR> Spybot - Search & Destroy
27-11-2003 21:17 <DIR> Symantec
0 fil(er) 0 byte
5 mappe(r) 4.939.636.736 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\Janni\Application Data

05-12-2003 06:57 <DIR> Adobe
05-12-2003 06:57 <DIR> AdobeUM
07-12-2005 11:01 <DIR> amen locks fast
04-12-2003 19:32 <DIR> CyberLink
07-12-2005 11:01 <DIR> flaw deaf
06-12-2003 19:17 <DIR> Help
14-08-2005 18:31 <DIR> Identities
06-12-2005 20:23 <DIR> Lavasoft
04-12-2003 19:34 <DIR> Leadertech
25-01-2004 16:23 <DIR> Macromedia
18-11-2005 20:52 <DIR> Mozilla
28-06-2005 15:58 <DIR> MSN6
14-08-2005 17:00 <DIR> Registry Cleaner
28-02-2004 14:19 <DIR> SmartFTP
04-12-2003 19:34 <DIR> Sonic
27-11-2003 21:07 <DIR> Sun
27-11-2003 21:17 <DIR> Symantec
25-12-2003 13:04 <DIR> Template
0 fil(er) 0 byte
18 mappe(r) 4.939.632.640 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\Default User\Application Data

27-11-2003 21:17 <DIR> .
27-11-2003 21:17 <DIR> ..
26-11-2002 09:23 62 DESKTOP.INI
1 fil(er) 62 byte
2 mappe(r) 4.939.632.640 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\LocalService\Application Data

Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A74F847791903E7F.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\janni\applic~1\flawde~1\Glue32Thunk.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Janni'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 12/07/2005 11:00:01
NextRun: 12/07/2005 12:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/24/2000
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'A95F222B9180A07B.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\janni\applic~1\flawde~1\Glue32Thunk.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Janni'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 12/07/2005 12:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/14/2001
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'AE9BC3B091847ADC.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\progra~1\flawde~1\Glue32Thunk.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Janni'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 10/17/2004 16:00:00
NextRun: 12/07/2005 12:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/01/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Programmer\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Ejer'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 12/07/2005 11:08:00
StartError: 0x80070534
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

2 Triggers

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 11/27/2003
EndDate: 00/00/0000
StartTime: 20:23
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: AtLogon
StartDate: 11/27/2003
EndDate: 00/00/0000
StartTime: 20:23
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Synes godt om

ejvindh Ekspert

07. december 2005 - 11:35 #17

Det var (mildt sagt) ikke et imponerende fremskridt. Huskede du at deaktivere Ad-Watch? Og kørte du HJT-fixet flere gange for at fixe de nævnte linier (hvor mange gange forsøgte du)?

Prøv dette:
Deaktiver Ad-Watch

Kør HJT, og fix disse linier:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oelepfgrjbgjgx.com/PXMHNiBtgQ34yc1oUvpxvlCWu1mw00vRjAWi307gqhiP4EhpO/suMJ_KBBPm9h17.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vrpeyhauhraporiwfidaxbbxf.com/PXMHNiBtgQ1CGEvCFNqIzf8plqKiDHWNvUu_y3YCvDI.htm
O2 - BHO: (no name) - {E2C00047-CC8A-F19D-6E28-54E6FBF1C1D0} - C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1\Peak Wait.exe
O4 - HKLM\..\Run: [Free Second Defy Web] C:\Documents and Settings\All Users\Application Data\2 Mail Free Second\Grim Inter.exe
O4 - HKCU\..\Run: [Acid readme] C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1\globalplan.exe

Det kan godt være, at du skal gøre det et par gange. De kan godt være lidt genstridige (prøv mindst 5 gange).

Kopier teksten mellem de stiplede linier ind i et notepad-vindue. Gem filen som sletjob2.bat, hvor du sikrer dig, at der under Filtype står "Alle filer"

--------------------------
%systemdrive%
cd %systemdrive%\WINDOWS\Tasks
attrib -r -s -h A4BFC78E918078BE.job
attrib -r -s -h A74F847791903E7F.job
attrib -r -s -h AE9BC3B091847ADC.job
attrib -r -s -h A95F222B9180A07B.job

del A4BFC78E918078BE.job
del A74F847791903E7F.job
del AE9BC3B091847ADC.job
del A95F222B9180A07B.job

cd\
attrib -r -s -h /s /d "C:\Documents and Settings\All Users\Application Data\2 Mail Free Second"
attrib -r -s -h /s /d "C:\Documents and Settings\All Users\Application Data\Ooze Audio List Corn"
attrib -r -s -h /s /d "C:\Documents and Settings\Janni\Application Data\amen locks fast"
attrib -r -s -h /s /d C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1
attrib -r -s -h /s /d C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1
attrib -r -s -h /s /d c:\progra~1\flawde~1
rd /s /q "C:\Documents and Settings\All Users\Application Data\2 Mail Free Second"
rd /s /q "C:\Documents and Settings\All Users\Application Data\Ooze Audio List Corn"
rd /s /q "C:\Documents and Settings\Janni\Application Data\amen locks fast"
rd /s /q C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1
rd /s /q C:\DOCUME~1\Janni\APPLIC~1\FLAWDE~1
rd /s /q c:\progra~1\flawde~1
--------------------------

Genstart herefter til fejlsikret tilstand

Dobbeltklik på sletjob2.bat. Et sort dos-vindue vil kort åbnes og lukkes.

Genstart herefter til normal tilstand. Kør fl.bat igen, og send den nye log herind.
Lav også en ny HJT-log, som du lægger herind.

Synes godt om

razzt Nybegynder

07. december 2005 - 11:40 #18

De forsvinder når jeg bare køre det en gang men kommer igen når jeg har genstartet. Og ja har deaktiveret ad.aware

Logfile of HijackThis v1.99.1
Scan saved at 11:38:44, on 07-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\SAFEGUARD\SGEASY\ECVIEW.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Janni\Skrivebord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E2C00047-CC8A-F19D-6E28-54E6FBF1C1D0} - C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1\Peak Wait.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EDWizard] C:\SAFEGUARD\SGEASY\EDWIZARD.EXE as
O4 - HKLM\..\Run: [SgeEcView] C:\SAFEGUARD\SGEASY\ECVIEW.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Programmer\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Synes godt om

razzt Nybegynder

07. december 2005 - 11:50 #19

Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\All Users\Application Data

04-12-2003 20:12 <DIR> Adobe
25-12-2003 12:31 <DIR> MSN6
06-12-2005 19:18 <DIR> Spybot - Search & Destroy
27-11-2003 21:17 <DIR> Symantec
0 fil(er) 0 byte
4 mappe(r) 4.922.146.816 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\Janni\Application Data

05-12-2003 06:57 <DIR> Adobe
05-12-2003 06:57 <DIR> AdobeUM
04-12-2003 19:32 <DIR> CyberLink
06-12-2003 19:17 <DIR> Help
14-08-2005 18:31 <DIR> Identities
06-12-2005 20:23 <DIR> Lavasoft
04-12-2003 19:34 <DIR> Leadertech
25-01-2004 16:23 <DIR> Macromedia
18-11-2005 20:52 <DIR> Mozilla
28-06-2005 15:58 <DIR> MSN6
14-08-2005 17:00 <DIR> Registry Cleaner
28-02-2004 14:19 <DIR> SmartFTP
04-12-2003 19:34 <DIR> Sonic
27-11-2003 21:07 <DIR> Sun
27-11-2003 21:17 <DIR> Symantec
25-12-2003 13:04 <DIR> Template
0 fil(er) 0 byte
16 mappe(r) 4.922.142.720 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\Default User\Application Data

27-11-2003 21:17 <DIR> .
27-11-2003 21:17 <DIR> ..
26-11-2002 09:23 62 DESKTOP.INI
1 fil(er) 62 byte
2 mappe(r) 4.922.142.720 byte ledig
Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\LocalService\Application Data

Disken i drev C har ikke noget navn.
Diskens serienummer er 9836-EF7B

Indhold af C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Programmer\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Ejer'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 12/07/2005 11:53:00
StartError: 0x80070534
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

2 Triggers

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 11/27/2003
EndDate: 00/00/0000
StartTime: 20:23
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Trigger 1:
Type: AtLogon
StartDate: 11/27/2003
EndDate: 00/00/0000
StartTime: 20:23
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Synes godt om

razzt Nybegynder

07. december 2005 - 11:51 #20

Logfile of HijackThis v1.99.1
Scan saved at 11:51:29, on 07-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\SAFEGUARD\SGEASY\SGECTL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\SAFEGUARD\SGEASY\ECVIEW.EXE
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\D-Tools\daemon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Janni\Skrivebord\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E2C00047-CC8A-F19D-6E28-54E6FBF1C1D0} - C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1\Peak Wait.exe (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EDWizard] C:\SAFEGUARD\SGEASY\EDWIZARD.EXE as
O4 - HKLM\..\Run: [SgeEcView] C:\SAFEGUARD\SGEASY\ECVIEW.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinMX] C:\Programmer\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programmer\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SgeCtl - Utimaco Safeware AG - C:\SAFEGUARD\SGEASY\SGECTL.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Synes godt om

razzt Nybegynder

07. december 2005 - 11:52 #21

Men den der bar og start side kommer igen når jeg genstarter computeren

Synes godt om

ejvindh Ekspert

07. december 2005 - 12:45 #22

Nu hjælper det ellers på HJT-loggen. Prøv igen at deaktivere AD-Watch, og fix den følgende linie i HJT:
O2 - BHO: (no name) - {E2C00047-CC8A-F19D-6E28-54E6FBF1C1D0} - C:\DOCUME~1\Janni\APPLIC~1\AMENLO~1\Peak Wait.exe (file missing)

Så skriver du noget om en Bar og en start-side. Det må du uddybe lidt. Hvilken bar, og hvilken start-side taler du om. Så vidt jeg kan se i loggen har du følgende startside:
http://www.euro.dell.com/

... og der er ingen af de bars som findes i HJT-loggen, som ser mistænkelige ud...

Kunne du evt. skrive hvilken start-side du mødes med når du starter. Og hvilken bar du taler om?

Synes godt om

var Nybegynder

07. december 2005 - 13:13 #23

Ejvind -->

Det er ok :D
Har jo ikke så meget erfaring som dig :D

Synes godt om

razzt Nybegynder

19. december 2005 - 10:44 #24

hmm

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

24/04

Test: Fra sofaen til haven - Sonos Play er en multikunstner der kan det meste

24/04

Nørgaard: Et fælt dilemma: Skal vi betale en milliard kroner eller 100.000 kroner for et system?

24/04

Kommunal it-formand: Derfor er det afgørende at vi kan beholde alle vores it-folk, når vi lægger kommuners it-drift sammen

24/04

Her er Danmarks fem bedste CIO’er lige nu: De er nomineret til prisen som Årets CIO 2026

24/04

AI-selskaber er på jagt efter ny træningsdata: Opkøber nu mailarkiver fra konkursramte selskaber

24/04

Ny sæson af kæmpesuccessen Silo på trapperne: Nu nærmer afslutningen sig

24/04

Nykredit overtager BEC med mere end 1.000 ansatte

24/04

Nu kårer vi de største leder-talenter i den danske it-verden: Giv os et praj, hvis du kender et talent

24/04

Antonio løfter sløret for de benhårde vilkår i Silicon Valley: Her er moralen altid til forhandling

24/04

Læs Computerworlds tema-nummer om fremtidens AI: Sådan kommer det til at påvirke os

24/04

Tre bestemte fejl får virksomheder til at snuble i AI

Vis flere artikler

IT-JOB

IT-Universitetet i København

Medarbejder til dataanalyse og BI søges til IT-Universitetet i København

Politiets Efterretningstjeneste

Vi søger en AD-specialist, der vil arbejde i kernen af PET's IT-infrastruktur

Netcompany A/S

Operations Engineer til drift af Infrastruktur

Danoffice IT

Netværksarkitekt med kundeflair

TV2

Identity & Access Management Automation Engineer til IAM-teamet

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

24/0417:35	Kan ikke resette PC med Windows 8.1 Af TTA i Office & Kontorpakker
24/0413:33	Lukning af Microsoftkonto Af ErikHg i Windows
23/0416:10	Bat file. Af johnnylassen i Andet programmering
23/0410:28	“Signe” Svindel omtalt i medier Af nu_igen i Mobiltelefoner
22/0420:59	RAID controller virker ikke ved tilslutning af alle 4 harddiske Af Strawberry i Andet hardware

White papers

Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf
Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta
Find den SOC-model, der virker i praksis
SecureDevice
Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf

Flere white papers »