Søg
Avatar billede lazor Nybegynder
28. januar 2006 - 18:32 Der er 15 kommentarer og
2 løsninger

Nogle Der kan være så venlig at Tjekke log. Hijackthis

Hejsa alle experter. Nogle der gider og tjekke den er log.
Min comp er blevet lidt sløv på det sidste

Tak på forhånd                                      MVH LaZoR^




Logfile of HijackThis v1.99.1
Scan saved at 18:24:09, on 29-01-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programmer\Logitech\Video\LowLight.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\LimeWire\LimeWire.exe
C:\Programmer\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\DOCUME~1\Plide\LOKALE~1\Temp\Rar$EX00.016\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programmer\Accoona\ASearchAssist.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] Sygate.exe
O4 - HKCU\..\Run: [Intex Service Driver] msserv.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [Intex Service Driver] msserv.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {9C2C1D34-7872-4A8C-B9C0-169873553841} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Avatar billede arlet Juniormester
28. januar 2006 - 18:33 #1
kigger
Avatar billede lazor Nybegynder
28. januar 2006 - 18:35 #2
Takker
Avatar billede arlet Juniormester
28. januar 2006 - 18:37 #3
Afinstaller følgende program via tilføj/fjern programmer – hvis du kan:

Accoona


Hent denne scanner:
Ewido kan du downloade her: http://www.ewido.net/en/download/
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet,
(men lad være med at scanne endnu).

Hent denne scanner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
(men lad være med at scanne endnu).

--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
(Når du er erklæret ren igen, skal du huske at sætte indstillingerne tilbage)

--------------------------------------------------------------------

Du skal nu til at i gang med at fixe:
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400011&utm_content=leftnav&utm_source=wdz1&utm_medium=bund&utm_campaign=wdz0605a

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Programmer\Accoona\ASearchAssist.dll

O4 - HKCU\..\Run: [Sygate Personal Firewall] Sygate.exe
O4 - HKCU\..\Run: [Intex Service Driver] msserv.exe
O4 - HKCU\..\RunServices: [Intex Service Driver] msserv.exe

O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB

O18 - Protocol: bw -> ALLE

find og slet:
C:\Programmer\Accoona <- hele mappen

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.


Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)


Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.


Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og kopier den report herind sammen med en hijackthis log taget efter du har kørt Ewido
Avatar billede hcma Novice
28. januar 2006 - 19:23 #4
arlet >>  hvad med:
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
??
"RUNDLL32 do not normally appear in the Task List in Windows"  (klippet fra: http://www.answersthatwork.com/Tasklist_pages/tasklist_r.htm)
Avatar billede Computer Hjælp (Gratis) Mester
28. januar 2006 - 19:29 #5
Husk også "talen" om M$ ServicePack - eller mangel på samme!!!
Avatar billede hcma Novice
28. januar 2006 - 19:39 #6
dr1 >>  den er så indlysende af frank garanteret ikke "glemmer" det, med mindre han da elsker at tilbringe megen tid herinde for at at rense den samme persons pc gang på gang  :o)
Avatar billede arlet Juniormester
28. januar 2006 - 19:45 #7
hcma -> Og det ønsker jeg ikke*S*

De 2 du nævner er systemfiler, som kan indeholde snavs.. 
derfor kunne de uploades til jotti, men jeg valgte at få ewido og dr.web på banen og rense grundigt, hvis en af dem er væk i næste log, så var der snavs i den*S*
Avatar billede hcma Novice
28. januar 2006 - 20:51 #8
:o)
Avatar billede lazor Nybegynder
29. januar 2006 - 16:46 #9
Her er  Log fra Dr.Web




-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 67726
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 6
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 1
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 1
Objects renamed: 7
Objects moved: 0
Objects ignored: 0
Scan speed: 339 Kb/s
Scan time: 01:06:44
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 67814
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 6
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 1
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 1
Objects renamed: 7
Objects moved: 0
Objects ignored: 0
Scan speed: 348 Kb/s
Scan time: 01:06:53
=============================================================================




Og så fra Ewido:




---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            15:22:05, 30-01-2006
+ Rapport-Checksum:        8852A41

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@112.2o7[2].txt -> Spyware.Cookie.2o7 : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@2o7[2].txt -> Spyware.Cookie.2o7 : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@adtech[2].txt -> Spyware.Cookie.Adtech : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@advertising[1].txt -> Spyware.Cookie.Advertising : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@atdmt[2].txt -> Spyware.Cookie.Atdmt : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@burstnet[2].txt -> Spyware.Cookie.Burstnet : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@com[2].txt -> Spyware.Cookie.Com : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@fastclick[1].txt -> Spyware.Cookie.Fastclick : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@statcounter[1].txt -> Spyware.Cookie.Statcounter : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Renset med backup
    C:\Documents and Settings\Plide\Cookies\plide@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Plide\Lokale indstillinger\Temp\Rar$EX00.016\backups\backup-20060129-184601-489.#ll -> Dialer.VB.j : Renset med backup
    C:\Documents and Settings\Plide\Lokale indstillinger\Temp\Rar$EX00.016\backups\backup-20060129-184601-659.dll -> Adware.Agent : Renset med backup
    C:\Documents and Settings\Plide\Skrivebord\Setup`S\Crimsonland_Setup-dm.#xe -> Spyware.Trymedia : Renset med backup
    C:\Documents and Settings\Plide\Skrivebord\Setup`S\FroggyCastleSetup-dm.#xe -> Spyware.Trymedia : Renset med backup
    C:\Documents and Settings\Plide\Skrivebord\Setup`S\MobEnfSetup-dm.#xe -> Spyware.Trymedia : Renset med backup
    C:\Programmer\Accoona\ASearchAssist.dll -> Adware.Agent : Fejl under renselse
    C:\WINDOWS\system32\dial32.exe -> Trojan.Dialer.ay : Renset med backup


::Rapport slut






Og fra Hijackthis:




Logfile of HijackThis v1.99.1
Scan saved at 16:44:41, on 30-01-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Logitech\Video\LowLight.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\DOCUME~1\Plide\LOKALE~1\Temp\Rar$EX00.437\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Slut herfra :)
Avatar billede arlet Juniormester
29. januar 2006 - 17:08 #10
Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan se her : www.arlet.dk/pakke.htm

Meget vigtigt:
Hent og installer Sp2 til Windows og IE her:
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/
Gå derefter ind på windows update http://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=da
og hent alt hvad der ligger af opdateringer der.
Avatar billede lazor Nybegynder
29. januar 2006 - 17:29 #11
Hvordan Downloader jeg på http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/    Kan jeg ikke få direkte link?
Avatar billede lazor Nybegynder
29. januar 2006 - 17:32 #12
Har Fundet ud af :)
Avatar billede lazor Nybegynder
29. januar 2006 - 17:37 #13
Jeg har tideliger haft problemer med instalering af Sp2.
Men lad os se hvad den siger nu. :)
Avatar billede lazor Nybegynder
29. januar 2006 - 17:54 #14
Jeg har også et problem med mit PHILIPS CD-DVD/RW Drev.. Det kan slet ikke læse både CD og DVD.. Og inde i "Denne Computer" Kan man gå ind i drevet som om der sad noget i ? Ville godt have det til af virke, da det er meget godt :)
Avatar billede hcma Novice
29. januar 2006 - 18:20 #15
ang. installering af sp2:
Jeg gjorde følgende:
1: scannede for spyware med Ad-Aware.
2: lavede en diskoprydning (Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning)
3: Downloadede en patch fra MS som kunne genskabe min LAN-forbindelse til internettet, hvis den røg.
  http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=17d997d2-5034-4bbb-b74d-ad8430a1f7c8
4: Gik ind på Windows Update og så gik det ellers derudaf uden problemer (bortset fra at jeg sommetider troede at processen var gået i stå - uden grund )
Avatar billede hcma Novice
29. januar 2006 - 18:23 #16
lazor >>  ang. problemet med cd/dvd-drevet bør du oprette et nyt spørgsmål i den rette kategori  ( http://www.eksperten.dk/spm/Hardware/ )
Avatar billede lazor Nybegynder
29. januar 2006 - 18:52 #17
Ej.. Der er et eller andet der blocker mit steam :(
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 16:10 Bat file. Af johnnylassen i Andet programmering
I går 10:28 “Signe” Svindel omtalt i medier Af nu_igen i Mobiltelefoner
22/0420:59 RAID controller virker ikke ved tilslutning af alle 4 harddiske Af Strawberry i Andet hardware
22/0413:38 Opret Logo via bogmærke og placer en knap på et Dotx dokument Af per2edb i Word
20/0419:38 Netkort finder 5 forbindelser,bare ikke min, Af valby i Internetforbindelser
White papers
Flere white papers »