Notifikationer

Markér alle som læst Log ud

mrkaizer Nybegynder

24. marts 2008 - 13:38 Der er 23 kommentarer og
2 løsninger

Hijackthis log check den venligst min computer er underlig.

Håber I kan hjælpe mig, fordi jeg har fået alt muligt lort ned på min pc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:58, on 24-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\live.messenger.com
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\msn.com
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\iTunes\iTunes.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Alwil Software\Avast4\ashSimpl.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com
O4 - HKLM\..\Run: [.NET.] C:\WINDOWS\system32\msnmgnr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\documents and settings\frederik wøjdemann\application data\setup_dk[1].exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [d4e2c2be] rundll32.exe "C:\WINDOWS\system32\xppjgrcy.dll",b
O4 - HKLM\..\Run: [BMd7d1f122] Rundll32.exe "C:\WINDOWS\system32\pmdovcey.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 8283 bytes

Synes godt om

johnstigers Seniormester

24. marts 2008 - 15:44 #1

Kigger

Synes godt om

johnstigers Seniormester

24. marts 2008 - 15:51 #2

Genstart i fejlsikker tilstand og slet disse filer:
Husk at slå visningaf skjulte filer til først!

c:\documents and settings\frederik wøjdemann\application data\setup_dk[1].exe - filen setup_dk[1].exe slettes
C:\WINDOWS\system32\xppjgrcy.dll - filen xppjgrcy.dll slettes
C:\WINDOWS\system32\pmdovcey.dll - filen pmdovcey.dll slettes

Genstart til normal, kør en ny scanning med hijackthis, og fix disse:
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Endnu en genstart - scan med hijackthis og smid en ny log til tjek herind.

Synes godt om

mrkaizer Nybegynder

24. marts 2008 - 16:18 #3

Tak det skal jeg gøre

Du får en ny log lige om lidt

Synes godt om

mrkaizer Nybegynder

24. marts 2008 - 16:33 #4

C:\WINDOWS\system32\xppjgrcy.dll - filen xppjgrcy.dll kunne jeg ikke finde. pmdovcey.dll fandt jeg og slettede. Kan jeg godt fixe de der ting selvom jeg ikke fandt xppjgrcy.dll?

Synes godt om

johnstigers Seniormester

24. marts 2008 - 16:46 #5

Så skal du fixe den via hijackthis - fix disse 3:

O4 - HKLM\..\Run: [d4e2c2be] rundll32.exe "C:\WINDOWS\system32\xppjgrcy.dll",b
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Synes godt om

mrkaizer Nybegynder

24. marts 2008 - 17:01 #6

O4 - HKLM\..\Run: [d4e2c2be] rundll32.exe "C:\WINDOWS\system32\xppjgrcy.dll",b hedder på min pc: O4 - HKLM\..\Run: [d4e2c2be] rundll32.exe "C:\WINDOWS\system32\iuqaoqja.dll",b ... Er det den samme? eller?

Synes godt om

mrkaizer Nybegynder

24. marts 2008 - 17:03 #7

Den ser sådan ud nu efter jeg har fjernet

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

___________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:37, on 24-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\WINDOWS\live.messenger.com
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\msn.com
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com
O4 - HKLM\..\Run: [.NET.] C:\WINDOWS\system32\msnmgnr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\documents and settings\frederik wøjdemann\application data\setup_dk[1].exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [d4e2c2be] rundll32.exe "C:\WINDOWS\system32\iuqaoqja.dll",b
O4 - HKLM\..\Run: [BMd7d1f122] Rundll32.exe "C:\WINDOWS\system32\kixnbytn.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 7938 bytes

Synes godt om

johnstigers Seniormester

24. marts 2008 - 17:04 #8

Det ser ud til vi fik det hele :)

Synes godt om

mrkaizer Nybegynder

24. marts 2008 - 17:09 #9

Så den er fin nok nu? Det er bare fordi jeg ikke er sikker på om den er helt fri for virus og snavs.

Synes godt om

mrkaizer Nybegynder

24. marts 2008 - 17:18 #10

Jeg kan foreksempel gå på min hotmail med min webbrowser, gælder både for firefox og internet explorer.

Synes godt om

mrkaizer Nybegynder

24. marts 2008 - 17:22 #11

Jeg kan ikke gå på min hotmail.*

Synes godt om

johnstigers Seniormester

24. marts 2008 - 19:33 #12

Hvilken udbyder har du?

Synes godt om

johnstigers Seniormester

24. marts 2008 - 19:34 #13

HOV!!

O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
Den skal også fixes via hijackthis

Synes godt om

johnstigers Seniormester

24. marts 2008 - 19:39 #14

Tror faktisk vi skal gøre dette:
Hent VirtumundoBeGone, gem det på skrivebordet.
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start.
Når den spørger om du vil fortsætte, klik på Yes for at køre fixet.
Klik så på Save log.

Det sker sommetider at fixet afslutter med "BSOD"(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen.

Der kommer en tekstfil på dit skrivebord der hedder VBG.TXT åbn den og kopier teksten herind, sammen med en frisk Hijackthislog.

Synes godt om

mrkaizer Nybegynder

24. marts 2008 - 21:13 #15

Hvad er det der virtumundobegone ?

Synes godt om

mrkaizer Nybegynder

24. marts 2008 - 21:24 #16

VBG Log

___________________________________________

a
[03/24/2008, 21:16:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Frederik Wøjdemann\Skrivebord\VirtumundoBeGone.exe" )
[03/24/2008, 21:16:58] - Detected System Information:
[03/24/2008, 21:16:58] - Windows Version: 5.1.2600, Service Pack 2
[03/24/2008, 21:16:58] - Current Username: Frederik Wøjdemann (Admin)
[03/24/2008, 21:16:58] - Windows is in NORMAL mode.
[03/24/2008, 21:16:58] - Searching for Browser Helper Objects:
[03/24/2008, 21:16:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/24/2008, 21:16:58] - BHO 2: {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} ()
[03/24/2008, 21:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:16:58] - Checking for HKLM\...\Winlogon\Notify\jkkhghf
[03/24/2008, 21:16:58] - Found: HKLM\...\Winlogon\Notify\jkkhghf - This is probably Virtumundo.
[03/24/2008, 21:16:58] - Assigning {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} MSEvents Object
[03/24/2008, 21:16:58] - BHO list has been changed! Starting over...
[03/24/2008, 21:16:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/24/2008, 21:16:58] - BHO 2: {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} (MSEvents Object)
[03/24/2008, 21:16:58] - ALERT: Found MSEvents Object!
[03/24/2008, 21:16:58] - BHO 3: {5FD50963-434D-44CE-A174-27099F823557} ()
[03/24/2008, 21:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:16:58] - Checking for HKLM\...\Winlogon\Notify\ddaby
[03/24/2008, 21:16:58] - Key not found: HKLM\...\Winlogon\Notify\ddaby, continuing.
[03/24/2008, 21:16:58] - BHO 4: {75A469FF-0681-4EC3-8CEC-95DB40C9A285} ()
[03/24/2008, 21:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:16:58] - Checking for HKLM\...\Winlogon\Notify\xxyabcy
[03/24/2008, 21:16:58] - Found: HKLM\...\Winlogon\Notify\xxyabcy - This is probably Virtumundo.
[03/24/2008, 21:16:58] - Assigning {75A469FF-0681-4EC3-8CEC-95DB40C9A285} MSEvents Object
[03/24/2008, 21:16:58] - BHO list has been changed! Starting over...
[03/24/2008, 21:16:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/24/2008, 21:16:58] - BHO 2: {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} (MSEvents Object)
[03/24/2008, 21:16:58] - ALERT: Found MSEvents Object!
[03/24/2008, 21:16:58] - BHO 3: {5FD50963-434D-44CE-A174-27099F823557} ()
[03/24/2008, 21:16:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:16:58] - Checking for HKLM\...\Winlogon\Notify\ddaby
[03/24/2008, 21:16:58] - Key not found: HKLM\...\Winlogon\Notify\ddaby, continuing.
[03/24/2008, 21:16:58] - BHO 4: {75A469FF-0681-4EC3-8CEC-95DB40C9A285} (MSEvents Object)
[03/24/2008, 21:16:58] - ALERT: Found MSEvents Object!
[03/24/2008, 21:16:58] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 21:16:58] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 21:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:16:59] - No filename found. Continuing.
[03/24/2008, 21:16:59] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 21:16:59] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/24/2008, 21:16:59] - BHO 9: {C08DF07A-3E49-4E25-9AB0-D3882835F153} (QUICKfind BHO Object)
[03/24/2008, 21:16:59] - BHO 10: {fc6644e4-fd63-42f6-96f5-d94a06f7100a} ()
[03/24/2008, 21:16:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:16:59] - Checking for HKLM\...\Winlogon\Notify\rnngkhnt
[03/24/2008, 21:16:59] - Key not found: HKLM\...\Winlogon\Notify\rnngkhnt, continuing.
[03/24/2008, 21:16:59] - Finished Searching Browser Helper Objects
[03/24/2008, 21:16:59] - *** Detected MSEvents Object
[03/24/2008, 21:16:59] - Trying to remove MSEvents Object...
[03/24/2008, 21:17:00] - Terminating Process: IEXPLORE.EXE
[03/24/2008, 21:17:00] - Terminating Process: RUNDLL32.EXE
[03/24/2008, 21:17:00] - Disabling Automatic Shell Restart
[03/24/2008, 21:17:00] - Terminating Process: EXPLORER.EXE
[03/24/2008, 21:17:01] - Suspending the NT Session Manager System Service
[03/24/2008, 21:17:01] - Terminating Windows NT Logon/Logoff Manager
[03/24/2008, 21:17:01] - Re-enabling Automatic Shell Restart
[03/24/2008, 21:17:01] - File to disable: C:\WINDOWS\system32\jkkhghf.dll
[03/24/2008, 21:17:01] - Removing HKLM\...\Browser Helper Objects\{3615EE58-6F38-47BA-9DD9-C99BD611C6A6}
[03/24/2008, 21:17:01] - Removing HKCR\CLSID\{3615EE58-6F38-47BA-9DD9-C99BD611C6A6}
[03/24/2008, 21:17:01] - Adding Kill Bit for ActiveX for GUID: {3615EE58-6F38-47BA-9DD9-C99BD611C6A6}
[03/24/2008, 21:17:01] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2008, 21:17:01] - Removing HKLM\...\Winlogon\Notify\jkkhghf
[03/24/2008, 21:17:02] - Searching for Browser Helper Objects:
[03/24/2008, 21:17:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/24/2008, 21:17:02] - BHO 2: {5FD50963-434D-44CE-A174-27099F823557} ()
[03/24/2008, 21:17:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:17:02] - Checking for HKLM\...\Winlogon\Notify\ddaby
[03/24/2008, 21:17:02] - Key not found: HKLM\...\Winlogon\Notify\ddaby, continuing.
[03/24/2008, 21:17:02] - BHO 3: {75A469FF-0681-4EC3-8CEC-95DB40C9A285} (MSEvents Object)
[03/24/2008, 21:17:02] - ALERT: Found MSEvents Object!
[03/24/2008, 21:17:02] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 21:17:02] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 21:17:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:17:02] - No filename found. Continuing.
[03/24/2008, 21:17:02] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 21:17:02] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/24/2008, 21:17:02] - BHO 8: {C08DF07A-3E49-4E25-9AB0-D3882835F153} (QUICKfind BHO Object)
[03/24/2008, 21:17:02] - BHO 9: {fc6644e4-fd63-42f6-96f5-d94a06f7100a} ()
[03/24/2008, 21:17:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:17:02] - Checking for HKLM\...\Winlogon\Notify\rnngkhnt
[03/24/2008, 21:17:02] - Key not found: HKLM\...\Winlogon\Notify\rnngkhnt, continuing.
[03/24/2008, 21:17:02] - Finished Searching Browser Helper Objects
[03/24/2008, 21:17:02] - *** Detected MSEvents Object
[03/24/2008, 21:17:02] - Trying to remove MSEvents Object...
[03/24/2008, 21:17:03] - Terminating Process: IEXPLORE.EXE
[03/24/2008, 21:17:03] - Terminating Process: RUNDLL32.EXE
[03/24/2008, 21:17:03] - Disabling Automatic Shell Restart
[03/24/2008, 21:17:03] - Terminating Process: EXPLORER.EXE
[03/24/2008, 21:17:03] - Suspending the NT Session Manager System Service
[03/24/2008, 21:17:03] - Terminating Windows NT Logon/Logoff Manager
[03/24/2008, 21:17:04] - Re-enabling Automatic Shell Restart
[03/24/2008, 21:17:04] - File to disable: C:\WINDOWS\system32\xxyabcy.dll
[03/24/2008, 21:17:04] - Renaming C:\WINDOWS\system32\xxyabcy.dll -> C:\WINDOWS\system32\xxyabcy.dll.vir
[03/24/2008, 21:17:04] - File successfully renamed!
[03/24/2008, 21:17:04] - Removing HKLM\...\Browser Helper Objects\{75A469FF-0681-4EC3-8CEC-95DB40C9A285}
[03/24/2008, 21:17:04] - Removing HKCR\CLSID\{75A469FF-0681-4EC3-8CEC-95DB40C9A285}
[03/24/2008, 21:17:04] - Adding Kill Bit for ActiveX for GUID: {75A469FF-0681-4EC3-8CEC-95DB40C9A285}
[03/24/2008, 21:17:04] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2008, 21:17:04] - Removing HKLM\...\Winlogon\Notify\xxyabcy
[03/24/2008, 21:17:04] - Searching for Browser Helper Objects:
[03/24/2008, 21:17:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/24/2008, 21:17:04] - BHO 2: {5FD50963-434D-44CE-A174-27099F823557} ()
[03/24/2008, 21:17:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:17:04] - Checking for HKLM\...\Winlogon\Notify\ddaby
[03/24/2008, 21:17:04] - Key not found: HKLM\...\Winlogon\Notify\ddaby, continuing.
[03/24/2008, 21:17:04] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 21:17:04] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 21:17:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:17:04] - No filename found. Continuing.
[03/24/2008, 21:17:04] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 21:17:04] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/24/2008, 21:17:04] - BHO 7: {C08DF07A-3E49-4E25-9AB0-D3882835F153} (QUICKfind BHO Object)
[03/24/2008, 21:17:04] - BHO 8: {fc6644e4-fd63-42f6-96f5-d94a06f7100a} ()
[03/24/2008, 21:17:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 21:17:04] - Checking for HKLM\...\Winlogon\Notify\rnngkhnt
[03/24/2008, 21:17:04] - Key not found: HKLM\...\Winlogon\Notify\rnngkhnt, continuing.
[03/24/2008, 21:17:04] - Finished Searching Browser Helper Objects
[03/24/2008, 21:17:04] - Finishing up...
[03/24/2008, 21:17:04] - A restart is needed.
[03/24/2008, 21:17:19] - Attempting to Restart via STOP error (Blue Screen!)

________________________________________

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:04, on 24-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\live.messenger.com
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\WINDOWS\msn.com
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Java\jre1.6.0_03\bin\jucheck.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com
O4 - HKLM\..\Run: [.NET.] C:\WINDOWS\system32\msnmgnr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\documents and settings\frederik wøjdemann\application data\setup_dk[1].exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [d4e2c2be] rundll32.exe "C:\WINDOWS\system32\iuqaoqja.dll",b
O4 - HKLM\..\Run: [BMd7d1f122] Rundll32.exe "C:\WINDOWS\system32\kixnbytn.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 7830 bytes

Det var det!

Synes godt om

Computer Hjælp (Gratis) Mester

24. marts 2008 - 22:54 #17

Pssst <john_stigers>: Avenger ka' æde de dumme filer...

Synes godt om

johnstigers Seniormester

25. marts 2008 - 09:57 #18

Nup den lige herfra... Får ikke tid til at tjekke logs....

Synes godt om

Computer Hjælp (Gratis) Mester

25. marts 2008 - 14:36 #19

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
c:\documents and settings\frederik wøjdemann\application data\setup_dk[1].exe
C:\WINDOWS\system32\iuqaoqja.dll
C:\WINDOWS\system32\kixnbytn.dll
C:\WINDOWS\system32\xxyabcy.dll.vir
C:\WINDOWS\system32\jkkhghf.dll
~~~~~~~~~~~~~~~~~~

--- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

F1 - win.ini: run= C:\WESTWOOD\REDALERT\INSTICON.EXE
F2 - REG:system.ini: Shell=Explorer.exe msnmgnr.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSN Messenger] live.messenger.com
O4 - HKLM\..\Run: [.NET.] C:\WINDOWS\system32\msnmgnr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\documents and settings\frederik wøjdemann\application data\setup_dk[1].exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [d4e2c2be] rundll32.exe "C:\WINDOWS\system32\iuqaoqja.dll",b
O4 - HKLM\..\Run: [BMd7d1f122] Rundll32.exe "C:\WINDOWS\system32\kixnbytn.dll",s

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

Synes godt om

mrkaizer Nybegynder

26. marts 2008 - 17:44 #20

Kørte avenger, men havde problemer med at få filerne ind i avenger, og slettede derfor filerne med mit virus program (avast!)
Jeg har derfor ingen avenger log.
Her er hijackthis log, efter reboot:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:03, on 26-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3055295A-CCDD-44B2-9F73-D8E8E626E5C1} - C:\WINDOWS\system32\opnopnk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8910226-B2E8-4CB3-972F-F4AAE0782971} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BMd7d1f122] Rundll32.exe "C:\WINDOWS\system32\sicfwiwm.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe

Synes godt om

Computer Hjælp (Gratis) Mester

26. marts 2008 - 20:08 #21

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: (no name) - {3055295A-CCDD-44B2-9F73-D8E8E626E5C1} - C:\WINDOWS\system32\opnopnk.dll (file missing)
O2 - BHO: (no name) - {A8910226-B2E8-4CB3-972F-F4AAE0782971} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [BMd7d1f122] Rundll32.exe "C:\WINDOWS\system32\sicfwiwm.dll",s

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Synes godt om

mrkaizer Nybegynder

26. marts 2008 - 23:58 #22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:44, on 26-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: opnopnk - opnopnk.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 7310 bytes

Skulle jeg prøve det der ccleaner?

Hvis jeg ikke har sagt det endnu ( undskyld også til john stigers) så mange tak!

Synes godt om

Computer Hjælp (Gratis) Mester

27. marts 2008 - 08:54 #23

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

-------------

Denne CCleaner rydder op bland diverse TEMP filer samt oprydning i RegBasen - som beskrevet ved http://www.spywarefri.dk/manualer/ccleaner-manual.htm

Synes godt om

Computer Hjælp (Gratis) Mester

27. marts 2008 - 08:54 #24

Synes nu også at <john_stigers> skal lægge [svar]...

Synes godt om

johnstigers Seniormester

27. marts 2008 - 20:04 #25

Giv dem til karise - har fulgt med fra sidelinien og er enig i at loggen er ren, og maskinen burde være ok nu :)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

23/01

Den amerikanske TikTok-aftale er endelig på plads: Michael Dell og Oracles cloud spiller nøgleroller

23/01

Volvo har sat sig for at blæse bilbranchen bagover med EX60: Derfor er Volvo nu Europas førende bilproducent

23/01

It-rigmænd bag Trump har en vild vision med Grønland: En technoby ude i den kolde ødemark

23/01

Dansk fond med trecifret millionomsætning ramt af ransomware: Hackere har tilgået ansattes løn-oplysninger

23/01

Nørgaard: Jeg har en rigtig god ide, som universiteterne bør sætte deres studerende til at løse - de bør kunne finde på noget

23/01

Nye toner fra Microsofts topchef: Satya Nadella advarer om et AI-kollaps

23/01

Hvad ønsker de modne it-specialister af deres arbejdsplads? Sådan gør man virksomheden attraktiv for det grå guld

23/01

Amazon i sin største fyringsrunde nogensinde: Op mod 30.000 stillinger nedlægges

23/01

Fire ud af fem frygter, at AI tager deres job – sådan undgår du, at det sker

23/01

Microsoft hæver priserne på egne partneres interne licens-pakker

23/01

Læs hele Computerworlds store magasin om it-sikkerhed - og om hvordan +50-årige danske it-folk fryses ud af arbejdsmarkedet

Vis flere artikler

IT-JOB

Formpipe Software A/S

Senior Product Manager

Politiets Efterretningstjeneste

SOC-analytikere i PET

KMD A/S

Business and Support Consultant

Sparekassen Danmark

Systemudvikler til vores Applikations- og Integrationsteam

Forsvarsministeriets Materiel- og Indkøbsstyrelse

Chef til stor applikationstransformation i Forsvaret

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 17:08	Problemer med borger.dk Af valby i Windows
I dag 14:19	Fejl Af buls i Windows
I dag 13:44	Adgang til Google konto via Ipad Af cyperbent i E-mail programmer
I går 09:50	Mobilpay svindel Af nu_igen i Andre onlineløsninger
22/0120:51	Knap til ipad Af FinnLauridsen i Excel

White papers

Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Styrk medarbejderglæde og produktivitet med DEX
Conscia
Revolutionér kundeoplevelsen med AI og automatisering
Sabio

Flere white papers »