Forum
kan jeg åbne denne tråd + noget andet
0
Test titel - / * ! " # ¤ % & / ( ) =
0
Test 3 marts
0
Test tråd 2 tæller svar
0
Tråd 2 med billedee
1
kan denne tråd tælle svar
2
Test tråd med views
0
Test tråd ikke skjult
1
S: Test 2345
0
Test tråd context pool
3
med billeder
0
Test Artikel
0
test overskrift
0
Tråd med billede
1
test nyhed
2
Test tråd 2 til emails
10
test
0
Test test
2
Hjemmeserver for 2 personer udaftil
6
Internet problemer
7
MOZA Racing og Automobili Lamborghini Squadra Corse bringer Lamborghini DNA'et til sim racing
4
Kommentarer til dette kort?
56
Thomas tester en nyhed
29
Tester billeder
2
Stop Destroying Videogames (EU underskrift indsaml...
83
Husk at nulstille password for at logge ind
0
Dette er en test artikel
0
HJÆLP oplader til bærbar.
10
Minecraft Java Server problemer
1
prosonic tv 55"
4
Køb & Salg
S: Test billeder
0
S: RTX 5090
4
S: Skrig sælges
0
Hol.dk's Uofficielle White/Black liste V3
2067
K: RTX 6090
2
S: Test tråd
0
S: vman bruger
4
S: Dell Monitor G2524H
0
S: Dell Monitor G2524H
0
V: PowerColor AX7990 6GBD5
11
V: b650m, 7600, 32GB D5, 6650xt, 1TB SSD
4
S: Alienware AW2723DF
4
K: intel 12-14 gen bundle, evt pc uden gpu
2
S: Intel 13700K
6
S: Akko 5087B tastatur
7
S: Kingston FURY Beast DDR5-6000 - 64GB
7
S: Asus RT-AX86U
4
V: macbook pro 2016
1
S: Lian Li PC201B + Hotswap trays
2
V: Bundle; X570 mobo, Ryzen 5900X, 32GB Ram(LED)
9
S: R7 5700G, RTX 3060ti, 16GB DDR4, 1TB NVME
4
S: Bundle AM3+ CPU/Bundkort/RAM
2
K: 32 GB DDR4 RAM, 3600 MHz, CL 16
2
B: RTX4070 Ti til RTX4070 Ti
2
S: EVGA 980ti KingPin
9
V: Komplet system 4690K 1070TI
1
S: DVD/VHS brænder
2
K: 2x8gb ddr3 eller lignende
4
K: Hvidt tastatur, evt hvid mus og headset
3
B: 4080 super til 4090
4
Forum
kan jeg åbne denne tråd + noget andet
0
Test titel - / * ! " # ¤ % & / ( ) =
0
Test 3 marts
0
Test tråd 2 tæller svar
0
Tråd 2 med billedee
1
kan denne tråd tælle svar
2
Test tråd med views
0
Test tråd ikke skjult
1
S: Test 2345
0
Test tråd context pool
3
med billeder
0
Test Artikel
0
test overskrift
0
Tråd med billede
1
test nyhed
2
Test tråd 2 til emails
10
test
0
Test test
2
Hjemmeserver for 2 personer udaftil
6
Internet problemer
7
MOZA Racing og Automobili Lamborghini Squadra Corse bringer Lamborghini DNA'et til sim racing
4
Kommentarer til dette kort?
56
Thomas tester en nyhed
29
Tester billeder
2
Stop Destroying Videogames (EU underskrift indsaml...
83
Husk at nulstille password for at logge ind
0
Dette er en test artikel
0
HJÆLP oplader til bærbar.
10
Minecraft Java Server problemer
1
prosonic tv 55"
4
Køb & Salg
S: Test billeder
0
S: RTX 5090
4
S: Skrig sælges
0
Hol.dk's Uofficielle White/Black liste V3
2067
K: RTX 6090
2
S: Test tråd
0
S: vman bruger
4
S: Dell Monitor G2524H
0
S: Dell Monitor G2524H
0
V: PowerColor AX7990 6GBD5
11
V: b650m, 7600, 32GB D5, 6650xt, 1TB SSD
4
S: Alienware AW2723DF
4
K: intel 12-14 gen bundle, evt pc uden gpu
2
S: Intel 13700K
6
S: Akko 5087B tastatur
7
S: Kingston FURY Beast DDR5-6000 - 64GB
7
S: Asus RT-AX86U
4
V: macbook pro 2016
1
S: Lian Li PC201B + Hotswap trays
2
V: Bundle; X570 mobo, Ryzen 5900X, 32GB Ram(LED)
9
S: R7 5700G, RTX 3060ti, 16GB DDR4, 1TB NVME
4
S: Bundle AM3+ CPU/Bundkort/RAM
2
K: 32 GB DDR4 RAM, 3600 MHz, CL 16
2
B: RTX4070 Ti til RTX4070 Ti
2
S: EVGA 980ti KingPin
9
V: Komplet system 4690K 1070TI
1
S: DVD/VHS brænder
2
K: 2x8gb ddr3 eller lignende
4
K: Hvidt tastatur, evt hvid mus og headset
3
B: 4080 super til 4090
4
- Denne tråd er over 6 måneder gammel
Er du sikker på, at du har noget relevant at tilføje?
Endnu en af de HJT-log
Af tyran Bruger Aspirant
Hejsa.
Ja, så er der endnu en HJT-log, som jeg håber der er en venlig sjæld der vil kigge igennem for mig. På forhånd tak.
Logfile of HijackThis v1.98.2
Scan saved at 14:46:01, on 15-03-2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:PROGRA~1GrisoftAVG6avgserv.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton Personal FirewallNISUM.EXE
C:WINNTSystem32
vsvc32.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:ProgrammerNorton Personal FirewallSymProxySvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:ProgrammerNorton Personal FirewallNISSERV.EXE
C:WINNTExplorer.exe
C:ProgrammerMicrosoft HardwareMousepoint32.exe
C:PROGRA~1GrisoftAVG6avgcc32.exe
C:ProgrammerNorton Personal FirewallIAMAPP.EXE
C:WINNTloadqm.exe
C:WINNTSystem32internat.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerInternet Exploreriexplore.exe
C:WUTempcom_microsoft.WMPlayer_9_non_XP_5909MPSetup.exe
C:DOCUME~1ADMINI~1LOKALE~1TempIXP000.TMPsetup_wm.exe
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorSkrivebordHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.dk
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://wtbzlm.t.muxa.cc/s.php?aid=5... (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://wtbzlm.t.muxa.cc/s.php?aid=5... (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = http://wtbzlm.t.muxa.cc/h.php?aid=5... (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = http://wtbzlm.t.muxa.cc/h.php?aid=5... (obfuscated)
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [POINTER] point32.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP
O4 - HKLM..Run: [iamapp] C:ProgrammerNorton Personal FirewallIAMAPP.EXE
O4 - HKLM..Run: [sys] regedit -s sys.reg
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..Run: [supervideospornodk-htm] RunDll32 UDConn.dll,RunAsIcon supervideospornodk
O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32NeroCheck.exe
O4 - HKLM..RunOnce: [wextract_cleanup0] rundll32.exe C:WINNTSystem32advpack.dll,DelNodeRunDLL32 "C:DOCUME~1ADMINI~1LOKALE~1TempIXP000.TMP"
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINNTSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb elated.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softw.......
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - http://www.thepaymentcentre.com/bui...
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binari.......
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binari......
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader....
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binari......
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/Tri......
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlan...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar......
O17 - HKLMSystemCCSServicesTcpip..{9547E9D7-BEB4-4AD2-A076-FF2FD48B763C}: NameServer = 194.239.134.83,193.162.153.164
Ja, så er der endnu en HJT-log, som jeg håber der er en venlig sjæld der vil kigge igennem for mig. På forhånd tak.
Logfile of HijackThis v1.98.2
Scan saved at 14:46:01, on 15-03-2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:PROGRA~1GrisoftAVG6avgserv.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton Personal FirewallNISUM.EXE
C:WINNTSystem32
vsvc32.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:ProgrammerNorton Personal FirewallSymProxySvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:ProgrammerNorton Personal FirewallNISSERV.EXE
C:WINNTExplorer.exe
C:ProgrammerMicrosoft HardwareMousepoint32.exe
C:PROGRA~1GrisoftAVG6avgcc32.exe
C:ProgrammerNorton Personal FirewallIAMAPP.EXE
C:WINNTloadqm.exe
C:WINNTSystem32internat.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerInternet Exploreriexplore.exe
C:WUTempcom_microsoft.WMPlayer_9_non_XP_5909MPSetup.exe
C:DOCUME~1ADMINI~1LOKALE~1TempIXP000.TMPsetup_wm.exe
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorSkrivebordHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.dk
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://wtbzlm.t.muxa.cc/s.php?aid=5... (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://wtbzlm.t.muxa.cc/s.php?aid=5... (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = http://wtbzlm.t.muxa.cc/h.php?aid=5... (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = http://wtbzlm.t.muxa.cc/h.php?aid=5... (obfuscated)
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [POINTER] point32.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP
O4 - HKLM..Run: [iamapp] C:ProgrammerNorton Personal FirewallIAMAPP.EXE
O4 - HKLM..Run: [sys] regedit -s sys.reg
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..Run: [supervideospornodk-htm] RunDll32 UDConn.dll,RunAsIcon supervideospornodk
O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32NeroCheck.exe
O4 - HKLM..RunOnce: [wextract_cleanup0] rundll32.exe C:WINNTSystem32advpack.dll,DelNodeRunDLL32 "C:DOCUME~1ADMINI~1LOKALE~1TempIXP000.TMP"
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINNTSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb elated.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softw.......
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - http://www.thepaymentcentre.com/bui...
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binari.......
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binari......
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader....
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binari......
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/Tri......
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlan...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar......
O17 - HKLMSystemCCSServicesTcpip..{9547E9D7-BEB4-4AD2-A076-FF2FD48B763C}: NameServer = 194.239.134.83,193.162.153.164
Hent først den nyeste version af HJT og smid en ny log herind.
- HJT 1.99.1
http://www.softpedia.com/get/Intern......
- HJT 1.99.1
http://www.softpedia.com/get/Intern......
Sorry ventetiden
Logfile of HijackThis v1.99.1
Scan saved at 00:29:42, on 26-03-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINNTsystem32CTsvcCDA.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton AntiVirus
avapsvc.exe
C:ProgrammerNorton Personal FirewallNISUM.EXE
C:WINNTSystem32
vsvc32.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTsystem32stisvc.exe
C:ProgrammerNorton Personal FirewallSymProxySvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32MsPMSPSv.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton Personal FirewallNISSERV.EXE
C:WINNTExplorer.EXE
C:PROGRA~1NORTON~1
avapw32.exe
C:ProgrammerNorton Personal FirewallIAMAPP.EXE
C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
C:ProgrammerCreativeSBAudigy2DVDAudioCTDVDDet.EXE
C:ProgrammerMicrosoft HardwareMousepoint32.exe
C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
E:WarezAppz - cracksRefreshLock.exe
C:ProgrammerNetropaMultimedia KeyboardTrayMon.exe
C:ProgrammerNetropaOnscreen DisplayOSD.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:ProgrammerDU MeterDUMeter.exe
C:WINNTsystem32internat.exe
C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerTEXTwareHotKeyTwalink.exe
E:Privatircmirc.exe
C:ProgrammerInternet Exploreriexplore.exe
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorSkrivebordHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTsystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1
avapw32.exe
O4 - HKLM..Run: [iamapp] C:ProgrammerNorton Personal FirewallIAMAPP.EXE
O4 - HKLM..Run: [CTSysVol] C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
O4 - HKLM..Run: [CTDVDDet] C:ProgrammerCreativeSBAudigy2DVDAudioCTDVDDet.EXE
O4 - HKLM..Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM..Run: [SBDrvDet] C:ProgrammerCreativeSB Drive DetSBDrvDet.exe /r
O4 - HKLM..Run: [POINTER] point32.exe
O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
O4 - HKLM..Run: [RefreshLock] E:WarezAppz - cracksRefreshLock.exe
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 - HKLM..Run: [SSC_UserPrompt] C:ProgrammerFælles filerSymantec SharedSecurity CenterUsrPrmpt.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [DU Meter] C:ProgrammerDU MeterDUMeter.exe
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [RemoteCenter] C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Steam] C:ProgrammerSteamSteam.exe -silent
O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized
O4 - Global Startup: HotKey.lnk = C:ProgrammerTEXTwareHotKeyTwalink.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netrad...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com......
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/......
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/Spee...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINNTsystem32CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:WINNTSystem32dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:ProgrammerNorton AntiVirus
avapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINNTSystem32
vsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1FLLESF~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:ProgrammerNorton Personal FirewallSymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: ZESOFT - Unknown owner - C:WINNTzeta.exe
Logfile of HijackThis v1.99.1
Scan saved at 00:29:42, on 26-03-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINNTsystem32CTsvcCDA.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton AntiVirus
avapsvc.exe
C:ProgrammerNorton Personal FirewallNISUM.EXE
C:WINNTSystem32
vsvc32.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTsystem32stisvc.exe
C:ProgrammerNorton Personal FirewallSymProxySvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32MsPMSPSv.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton Personal FirewallNISSERV.EXE
C:WINNTExplorer.EXE
C:PROGRA~1NORTON~1
avapw32.exe
C:ProgrammerNorton Personal FirewallIAMAPP.EXE
C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
C:ProgrammerCreativeSBAudigy2DVDAudioCTDVDDet.EXE
C:ProgrammerMicrosoft HardwareMousepoint32.exe
C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
E:WarezAppz - cracksRefreshLock.exe
C:ProgrammerNetropaMultimedia KeyboardTrayMon.exe
C:ProgrammerNetropaOnscreen DisplayOSD.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:ProgrammerDU MeterDUMeter.exe
C:WINNTsystem32internat.exe
C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerTEXTwareHotKeyTwalink.exe
E:Privatircmirc.exe
C:ProgrammerInternet Exploreriexplore.exe
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorSkrivebordHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTsystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1
avapw32.exe
O4 - HKLM..Run: [iamapp] C:ProgrammerNorton Personal FirewallIAMAPP.EXE
O4 - HKLM..Run: [CTSysVol] C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
O4 - HKLM..Run: [CTDVDDet] C:ProgrammerCreativeSBAudigy2DVDAudioCTDVDDet.EXE
O4 - HKLM..Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM..Run: [SBDrvDet] C:ProgrammerCreativeSB Drive DetSBDrvDet.exe /r
O4 - HKLM..Run: [POINTER] point32.exe
O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
O4 - HKLM..Run: [RefreshLock] E:WarezAppz - cracksRefreshLock.exe
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 - HKLM..Run: [SSC_UserPrompt] C:ProgrammerFælles filerSymantec SharedSecurity CenterUsrPrmpt.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [DU Meter] C:ProgrammerDU MeterDUMeter.exe
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [RemoteCenter] C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Steam] C:ProgrammerSteamSteam.exe -silent
O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized
O4 - Global Startup: HotKey.lnk = C:ProgrammerTEXTwareHotKeyTwalink.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netrad...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com......
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/......
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/Spee...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINNTsystem32CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:WINNTSystem32dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:ProgrammerNorton AntiVirus
avapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINNTSystem32
vsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1FLLESF~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:ProgrammerNorton Personal FirewallSymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: ZESOFT - Unknown owner - C:WINNTzeta.exe
#2
Helt ok jeg kigger på den
ent disse programmer som skal bruges i fejlsikret tilstand
- Kaspersky Scanner
http://www.spywareinfo.dk/download/...
- Ad-aware SE Personal Edition 1.05
http://www.download.com/3001-8022_4...
- Spybot - Search & Destroy 1.3
http://users.skynet.be/fa964703/spy......
Installer og opdater Ad-aware og Spybot
Genstart i fejlsikret tilstand.
(Tryk F8 gentagne gange ved opstart)
Kør så en ny scanning med HJT og sæt flueben ved disse:
O23 - Service: ZESOFT - Unknown owner - C:WINNTzeta.exe
Du kan med fordel også fixe dem her de ligger bare og sluger pc'ens kræfter og programmerne kan sagtens startes normalt.
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [CTDVDDet] C:ProgrammerCreativeSBAudigy2DVDAudioCTDVDDet.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [Steam] C:ProgrammerSteamSteam.exe -silent
O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized
Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”.
Søg og slet nedenstående filer/mapper, hvis de stadig er der. Husk at ændre mappeindstillinger så du kan se skjulte filer samt systemfiler.
(Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".)
C:\WINNT\zeta.exe >> Slet Filen
Jeg vil bede dig kigge på nedenstående fil også.
C:\WINNT\system32\internat.exe
Hvis der er et "?" ikon ud for den skal den ikke slettes, hvis der er et "zip-fil" ikon ud for den skal den slettes.
Du må meget gerne give mig besked om hvilket ikon der var og om du slettede den.
Ændre derefter mappeindstillinger tilbage til ikke at vise skjulte filer og skjulte systemfiler.
-----------------------
Installer og scan så med Kaspersky scanneren.
Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
- og prik i følgende: All local drives og Scan all files. Klik på scan.
Du skal ikke klikke på Add to Startup folders, for så scannes din PC, hver gang du starter Windows op
-----------------------
Ad-aware SE
Tag en "Full System Scan" med Ad-aware og ikke "Smart System Scan" og fix alt det den finder med rød tekst
-----------------------
Spybot S&D
Der er vist bare en knap som hedder Scan og fix alt det den finder og selv sætter flueben i.
-----------------------
Kør så en diskoprydning.
(Start=> Programmer=> Tilbehør=> Systemværktøjer=> Diskoprydning. Sæt flueben ved temp-filer, temporary internet files og papirkurv).
-----------------------
Genstart i normal tilstand. Kør en ny scanning med HJT og smid loggen herind til kontrol. Læg evt. også et par ord, om du har problemer med din PC, eller om det bare var et tjek
Helt ok jeg kigger på den
ent disse programmer som skal bruges i fejlsikret tilstand
- Kaspersky Scanner
http://www.spywareinfo.dk/download/...
- Ad-aware SE Personal Edition 1.05
http://www.download.com/3001-8022_4...
- Spybot - Search & Destroy 1.3
http://users.skynet.be/fa964703/spy......
Installer og opdater Ad-aware og Spybot
Genstart i fejlsikret tilstand.
(Tryk F8 gentagne gange ved opstart)
Kør så en ny scanning med HJT og sæt flueben ved disse:
O23 - Service: ZESOFT - Unknown owner - C:WINNTzeta.exe
Du kan med fordel også fixe dem her de ligger bare og sluger pc'ens kræfter og programmerne kan sagtens startes normalt.
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [CTDVDDet] C:ProgrammerCreativeSBAudigy2DVDAudioCTDVDDet.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [Steam] C:ProgrammerSteamSteam.exe -silent
O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized
Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”.
Søg og slet nedenstående filer/mapper, hvis de stadig er der. Husk at ændre mappeindstillinger så du kan se skjulte filer samt systemfiler.
(Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".)
C:\WINNT\zeta.exe >> Slet Filen
Jeg vil bede dig kigge på nedenstående fil også.
C:\WINNT\system32\internat.exe
Hvis der er et "?" ikon ud for den skal den ikke slettes, hvis der er et "zip-fil" ikon ud for den skal den slettes.
Du må meget gerne give mig besked om hvilket ikon der var og om du slettede den.
Ændre derefter mappeindstillinger tilbage til ikke at vise skjulte filer og skjulte systemfiler.
-----------------------
Installer og scan så med Kaspersky scanneren.
Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
- og prik i følgende: All local drives og Scan all files. Klik på scan.
Du skal ikke klikke på Add to Startup folders, for så scannes din PC, hver gang du starter Windows op
-----------------------
Ad-aware SE
Tag en "Full System Scan" med Ad-aware og ikke "Smart System Scan" og fix alt det den finder med rød tekst
-----------------------
Spybot S&D
Der er vist bare en knap som hedder Scan og fix alt det den finder og selv sætter flueben i.
-----------------------
Kør så en diskoprydning.
(Start=> Programmer=> Tilbehør=> Systemværktøjer=> Diskoprydning. Sæt flueben ved temp-filer, temporary internet files og papirkurv).
-----------------------
Genstart i normal tilstand. Kør en ny scanning med HJT og smid loggen herind til kontrol. Læg evt. også et par ord, om du har problemer med din PC, eller om det bare var et tjek
Hey hey.. Her er den nye log
Logfile of HijackThis v1.99.1
Scan saved at 10:36:44, on 27-03-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINNTsystem32CTsvcCDA.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton AntiVirus
avapsvc.exe
C:ProgrammerNorton Personal FirewallNISUM.EXE
C:WINNTSystem32
vsvc32.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTsystem32stisvc.exe
C:ProgrammerNorton Personal FirewallSymProxySvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32MsPMSPSv.exe
C:WINNTsystem32svchost.exe
C:ProgrammerNorton Personal FirewallNISSERV.EXE
C:WINNTSystem32svchost.exe
C:WINNTExplorer.EXE
C:PROGRA~1NORTON~1
avapw32.exe
C:ProgrammerNorton Personal FirewallIAMAPP.EXE
C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
E:WarezAppz - cracksRefreshLock.exe
C:ProgrammerNetropaMultimedia KeyboardTrayMon.exe
C:ProgrammerNetropaOnscreen DisplayOSD.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:ProgrammerDU MeterDUMeter.exe
C:WINNTsystem32internat.exe
C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerTEXTwareHotKeyTwalink.exe
E:Privatircmirc.exe
C:ProgrammerInternet Exploreriexplore.exe
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorSkrivebordHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgrammerSpybot - Search & DestroySDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTsystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1
avapw32.exe
O4 - HKLM..Run: [iamapp] C:ProgrammerNorton Personal FirewallIAMAPP.EXE
O4 - HKLM..Run: [CTSysVol] C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
O4 - HKLM..Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM..Run: [SBDrvDet] C:ProgrammerCreativeSB Drive DetSBDrvDet.exe /r
O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
O4 - HKLM..Run: [RefreshLock] E:WarezAppz - cracksRefreshLock.exe
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 - HKLM..Run: [SSC_UserPrompt] C:ProgrammerFælles filerSymantec SharedSecurity CenterUsrPrmpt.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [DU Meter] C:ProgrammerDU MeterDUMeter.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [RemoteCenter] C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - Global Startup: HotKey.lnk = C:ProgrammerTEXTwareHotKeyTwalink.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netrad...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com......
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/......
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/Spee...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINNTsystem32CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:WINNTSystem32dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:ProgrammerNorton AntiVirus
avapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINNTSystem32
vsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1FLLESF~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:ProgrammerNorton Personal FirewallSymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSecurity CenterSymWSC.exe
Jeg vil bede dig kigge på nedenstående fil også.
C:WINNTsystem32internat.exe
Hvis der er et "?" ikon ud for den skal den ikke slettes, hvis der er et "zip-fil" ikon ud for den skal den slettes.
Du må meget gerne give mig besked om hvilket ikon der var og om du slettede den.
Der var et "?" ikon og jeg slettede IKKE filen.
Jeg har ellers gjort hvad du sagde, og der var efterfølgende ingen problemer med at boote.
Logfile of HijackThis v1.99.1
Scan saved at 10:36:44, on 27-03-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINNTsystem32CTsvcCDA.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton AntiVirus
avapsvc.exe
C:ProgrammerNorton Personal FirewallNISUM.EXE
C:WINNTSystem32
vsvc32.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTsystem32stisvc.exe
C:ProgrammerNorton Personal FirewallSymProxySvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32MsPMSPSv.exe
C:WINNTsystem32svchost.exe
C:ProgrammerNorton Personal FirewallNISSERV.EXE
C:WINNTSystem32svchost.exe
C:WINNTExplorer.EXE
C:PROGRA~1NORTON~1
avapw32.exe
C:ProgrammerNorton Personal FirewallIAMAPP.EXE
C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
E:WarezAppz - cracksRefreshLock.exe
C:ProgrammerNetropaMultimedia KeyboardTrayMon.exe
C:ProgrammerNetropaOnscreen DisplayOSD.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:ProgrammerDU MeterDUMeter.exe
C:WINNTsystem32internat.exe
C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerTEXTwareHotKeyTwalink.exe
E:Privatircmirc.exe
C:ProgrammerInternet Exploreriexplore.exe
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorSkrivebordHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgrammerSpybot - Search & DestroySDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTsystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1
avapw32.exe
O4 - HKLM..Run: [iamapp] C:ProgrammerNorton Personal FirewallIAMAPP.EXE
O4 - HKLM..Run: [CTSysVol] C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
O4 - HKLM..Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM..Run: [SBDrvDet] C:ProgrammerCreativeSB Drive DetSBDrvDet.exe /r
O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
O4 - HKLM..Run: [RefreshLock] E:WarezAppz - cracksRefreshLock.exe
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 - HKLM..Run: [SSC_UserPrompt] C:ProgrammerFælles filerSymantec SharedSecurity CenterUsrPrmpt.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [DU Meter] C:ProgrammerDU MeterDUMeter.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [RemoteCenter] C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - Global Startup: HotKey.lnk = C:ProgrammerTEXTwareHotKeyTwalink.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netrad...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com......
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/......
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/Spee...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINNTsystem32CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:WINNTSystem32dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:ProgrammerNorton AntiVirus
avapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINNTSystem32
vsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1FLLESF~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:ProgrammerNorton Personal FirewallSymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSecurity CenterSymWSC.exe
Jeg vil bede dig kigge på nedenstående fil også.
C:WINNTsystem32internat.exe
Hvis der er et "?" ikon ud for den skal den ikke slettes, hvis der er et "zip-fil" ikon ud for den skal den slettes.
Du må meget gerne give mig besked om hvilket ikon der var og om du slettede den.
Der var et "?" ikon og jeg slettede IKKE filen.
Jeg har ellers gjort hvad du sagde, og der var efterfølgende ingen problemer med at boote.
#4
Din log er også ren nu så det passer meget godt.
Husk at scanne nogle gange fremover med Spybot og Ad-aware bare engang om ugen eller hver 14. dag, og det behøves ikke at være i fejlsikret tilstand man gør det.
Din log er også ren nu så det passer meget godt.
Husk at scanne nogle gange fremover med Spybot og Ad-aware bare engang om ugen eller hver 14. dag, og det behøves ikke at være i fejlsikret tilstand man gør det.