hijack log.

jeg glemte lige loggen den er her.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:49:25, on 15-02-2008
Platform: Windows Vista  (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
I:\Windows\system32\Dwm.exe
I:\Windows\Explorer.EXE
I:\Program Files\Windows Defender\MSASCui.exe
I:\Program Files\Grisoft\AVG7\avgcc.exe
I:\Windows\system32\taskeng.exe
I:\Program Files\Internet Explorer\ieuser.exe
I:\Users\torben\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - I:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - I:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - I:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - I:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

--
End of file - 4670 bytes

Det ser ikke ud til, at der er virus/spyware, men det skader ikke at scanne alligevel.

Hent AVG Anti-Spyware her: http://www.grisoft.com/doc/downloads-products/us/crp/0?prd=triasw
Start AVG Anti-Spyware, opdater det, vælg fanebladet "scanner" og klik på "complete system scan".
Bagefter klik "apply all actions", "save report", "save report as" og gem logfil, f.eks. på skrivebordet.

Det er ikke sikkert at denne viser mere, men du har scannet med en Beta version - prøv lige ver. 2.0.2: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Hej levich og john stigers.
Undskyld at jeg først kommer tilbage nu,men jeg har været på weekend ophold og er først hjemme nu.
Til levich og john stigers,her følger henholdsvis avg scan og en ny hijackthis,jeg håber i kan finde noget der.
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    19:57:00 17-02-2008

+ Scan result:   



I:\Users\torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
I:\Users\torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
I:\Users\torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
I:\Users\torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
I:\Users\torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@hit.gemius[1].txt -> TrackingCookie.Gemius : Cleaned.
I:\Users\torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
I:\Users\torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
I:\Users\torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
I:\Users\torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.


::Report end

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:29, on 17-02-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
I:\Windows\system32\Dwm.exe
I:\Windows\Explorer.EXE
I:\Program Files\Windows Defender\MSASCui.exe
I:\Program Files\Grisoft\AVG7\avgcc.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\Windows\system32\taskeng.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - I:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - I:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - I:\Windows\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - I:\Windows\System32\DreamScene.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - I:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

--
End of file - 4817 bytes

AVG Anti-spyware fandt ikke noget alvorligt, og jeg kan ikke se noget i hijackthis-loggen som giver anledning til bekymring. Men vent lidt og se om john_stigers er enig.

Heller ikke her!
Ser ok ud!

hej levich og john stigers.
Smid et svar begge to og i deler point,mange tak for hjælpen.
hvad gør linie 01 og 013 i min hijackthis log?.

O1 - Hosts: ::1 localhost
Denne fil kan du bruge til at spærre for uønskede sider samt give tilladelse til sider. Læs mere her: http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=12894

O13 - Gopher Prefix:
Kan se den fixes flere steder faktisk, så fix den i Hijackthis, genstart og ny log til final check!

John: Den O13'er er fordi IE7 har fjernet understøttelse for Gopher-protokollen, og Microsoft samtidigt fjerner prefixet. Den er normal når man har IE7, og skal derfor ikke fixes (det er vist i øvrigt begrænset hvor mange der stadig bruger Gopher...).

svar

hej john stigers.
Smid et svar,så du kan få nogle point.
Jeg tror bare at jeg lader 013 blive,da den tilsyneladende ikke gør nogen skade.

ok ;)