Søg
Avatar billede brops Nybegynder
10. marts 2006 - 00:04 Der er 15 kommentarer og
1 løsning

Hijack this for en m8

jeg har en m8 som ikke har en profil her inden han er blevet bugged af en masse spyware derfor har jeg givet ham hijackthis til at kigge det igennem men da jeg ikke har brugt det for evigt ville jeg gerne i ville kigge på den. Hans viden om computere ved jeg ikke så meget om men noget ved han da :P

Loggen, jeg kan se der er meget godt i den:

Logfile of HijackThis v1.99.1
Scan saved at 00:01:05, on 10-03-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\MultiRes\MultiRes.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Winamp\winampa.exe
C:\Saga\Super Popup Blocker\popkill.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Winamp\winamp.exe
C:\Programmer\Ventrilo\Ventrilo.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\RACLE~1\winspool.exe
C:\Documents and Settings\Benjamin\Application Data\s?stem\w?auclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Benjamin\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gysxwkksqeq.com/FcsxLMEnLiB/7vHCzAZhYpmuYSYFydpWKf7XmeMLgnRhq3IsyPk8tZx663_jC7x_.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.lunarstorm.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {FF9339A0-A73B-AC94-1CF0-815A64484695} - C:\WINDOWS\System32\jlaauocv.dll (file missing)
R3 - URLSearchHook: (no name) - {E4887949-BF84-B42F-A0A9-91CB2DEB58CC} - C:\WINDOWS\System32\xvtsjc.dll (file missing)
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hpA34B.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MultiRes] C:\Programmer\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [AtiPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [mmtask] C:\Programmer\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AntiPlusPlayMfcd] C:\Documents and Settings\All Users\Application Data\Roambodyantiplus\PeakOoze.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Less this move shim] C:\Documents and Settings\All Users\Application Data\Idle Bows Less This\TitleProgram.exe
O4 - HKLM\..\Run: [Bib Sect Mail Coal] C:\Documents and Settings\All Users\Application Data\antitraybibsect\four audio.exe
O4 - HKLM\..\Run: [Super Popup Blocker] C:\Saga\Super Popup Blocker\popkill.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [BindBolt] C:\DOCUME~1\Benjamin\APPLIC~1\CLOCKP~1\BINBASH.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Lol] E:\Dokumenter\?ecurity\m?config.exe
O4 - HKCU\..\Run: [Octs] "C:\Programmer\rdoa\eepl.exe" -vt yax
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: bw+0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {72C03064-3589-4A1E-BD08-C16A009BEE95} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: winyyq32 - C:\WINDOWS\SYSTEM32\winyyq32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
Avatar billede nva Praktikant
10. marts 2006 - 08:13 #1
Uden SP2 er det alligevel håbløst at holde den fri for snavs ;-)
I kan lege med denne http://www.hijackthis.de/ hvis i ikke vil give den en omgang killdisk og reinstallere incl. SP2 - men tag ikke alt for pålydende.
Avatar billede johnstigers Seniormester
10. marts 2006 - 08:13 #2
1. hent og installer SP1 herfra: http://intern.sdu.dk/enheder/it-service/tjenester/ftphotel/ftpindhold

(IKKE SP2 da en maskine med spyware så kan risikere ikke at ville starte op igen!!!)

2. Ny log til tjek, tak
Avatar billede johnstigers Seniormester
10. marts 2006 - 08:14 #3
(SP2 skal ind når maskinen er renset)
Avatar billede ejvindh Ekspert
10. marts 2006 - 08:49 #4
Et godt råd du kan give din ven er i dette tilfælde, at afinstallere MSG+. Han er kommet til at installere det sammen med sponsor-programmet, og har derfor fået en lop-infektion. Den vil sandsynligvis (dog ikke altid) forsvinde ved en afinstallation af MSG+.

Men der er flere andre infektioner, så du bør derefter også følge john_stigers råd.
Avatar billede brops Nybegynder
10. marts 2006 - 12:49 #5
Smid et par svar, han kan af "ukendte" årsager ikke installer SP2 så lukker bare her igen havde jeg set det havde jeg slet ikke postet :D
Avatar billede ejvindh Ekspert
10. marts 2006 - 12:52 #6
Jeg springer over :-)
Avatar billede johnstigers Seniormester
10. marts 2006 - 13:06 #7
Nup dem selv

(ingen hjælp = ingen point ;))
Avatar billede johnstigers Seniormester
10. marts 2006 - 13:07 #8
P.s. det var heller ikke SP2 han skulle installere...
Avatar billede fremik Nybegynder
10. marts 2006 - 14:47 #9
Hej "m8en her =)" jeg er igang med at hente SP1, men regner ikke med at kunne køre SP2 af "uransagelige" årsager, men vil lige køre den SP... men kan man ikke lige så godt bare formatere? Jeg selv tror det er den bedste løsning, men er så kommet til det problem at jeg for nyligt har måttet slette alle mine drivere da jeg skulle have nyt bundkort

det har så medført at min windows installer ikke kan finde min harddisk (skal have en driver på floppy, men er løbet tør for brugbare floppy disks)

men har jeg andre muligheder end en partitions formatering? og er det kun min ene partiotion der er "corrupted?"
Avatar billede ejvindh Ekspert
10. marts 2006 - 14:54 #10
Det er sandsynligvis kun din partition, der er inficeret. Det er helt sikkert, at en formatering, vil afhjælpe dit problem, og hvis det ikke er et stort problem for dig, kan du da bare gøre det.

Det er dog ikke NØDVENDIGT. Der er ikke nogle af de infektioner, der er i din log, der er uoverkommelige (i hvert fald ikke ved et første kig). Vi plejer bare at anbefale at man lægger SP1 ind først, idet det ellers er næsten umuligt at holde computeren ren (man risikerer at computeren inficeres ligeså frit, som den renses) -- fordi der er for mange sikkerhedsbrister i XP uden servicepacks.

I øvrigt, hvis de "uransagelige" årsager er, at du ikke har en lovlig version af XP, kræver det også ret store krumspring at få SP1 ind på din computer *S*
Avatar billede fremik Nybegynder
10. marts 2006 - 15:14 #11
ja så er løbet vist kørt =) tror jeg får den formateret, har heller ikke gjort det i et stykke tid efterhånden, og det antivirus program jeg fik med computeren kan ikke updateres, så jeg gætter på det er ret forældet... men ud over Norton hva er så en god antivirus? McAfee?
Avatar billede ejvindh Ekspert
10. marts 2006 - 21:17 #12
Jeg er meget glad for Kaspersky's antivirus, der nok er det AV, der opdaterer oftest
Avatar billede brops Nybegynder
08. maj 2006 - 13:43 #13
Lukker nu her så smid et svar hvis ikke jeg skal tage point selv
Avatar billede nva Praktikant
08. maj 2006 - 15:19 #14
Hehe så nåede i jo til sidst frem til min første kommentar alligevel ;-)
Avatar billede ejvindh Ekspert
08. maj 2006 - 15:55 #15
Jeg tror bare du skal tage de manglende svar som et tegn på, at det er OK at tage pointene selv. Flere af os har jo også allerede indikeret, at vi ikke ønsker point på denne tråd. :-)
Avatar billede brops Nybegynder
09. maj 2006 - 10:39 #16
ok lukker så
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er det sandsynligt, at jeg har været udsat for phishing Af Slettet bruger i Andet sikkerhed 4 13/11/202515:09 14/11/202510:45
Google fake Af johp i Andet sikkerhed 3 27/10/202516:31 28/10/202506:52
Generator til strømafbrydelse Af arnepedersen i Andet sikkerhed 11 06/10/202510:26 07/10/202516:37
Sophus Scan og Clean på USB- samler den "snavs" op? Af Uvanga i Andet sikkerhed 7 24/09/202522:06 25/09/202518:27
synology surveillance Af johnnylassen i Andet sikkerhed 2 09/06/202514:49 09/06/202518:18
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 22:10 Data vises ikke i stifinder på ekstern HDD i Dockingstation (USB)... (som virker med andre HDD'ere) Af nUUK i Andet hardware
I går 12:00 Ekstern harddisk frsvundet Af barth i NAS & storage
10/0115:51 Slet album i Google foto Af gerhardpet i Andet software
09/0108:19 Gendan W10 efter nulstillet computer Af barth i Andet software
08/0112:38 Kopiere fra stifinder Af hkprofil i Office & Kontorpakker
White papers
Flere white papers »