• Forum
      /  
    Software
      /  
    Sikkerhed
  • 15-03-2005 · 14:51 1478 visninger 5 svar
  • Denne tråd er over 6 måneder gammel

    Er du sikker på, at du har noget relevant at tilføje?

  • Endnu en af de HJT-log

    Af tyran Bruger Aspirant
Hejsa.

Ja, så er der endnu en HJT-log, som jeg håber der er en venlig sjæld der vil kigge igennem for mig. På forhånd tak.

Logfile of HijackThis v1.98.2
Scan saved at 14:46:01, on 15-03-2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:PROGRA~1GrisoftAVG6avgserv.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton Personal FirewallNISUM.EXE
C:WINNTSystem32
vsvc32.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:ProgrammerNorton Personal FirewallSymProxySvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:ProgrammerNorton Personal FirewallNISSERV.EXE
C:WINNTExplorer.exe
C:ProgrammerMicrosoft HardwareMousepoint32.exe
C:PROGRA~1GrisoftAVG6avgcc32.exe
C:ProgrammerNorton Personal FirewallIAMAPP.EXE
C:WINNTloadqm.exe
C:WINNTSystem32internat.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerInternet Exploreriexplore.exe
C:WUTempcom_microsoft.WMPlayer_9_non_XP_5909MPSetup.exe
C:DOCUME~1ADMINI~1LOKALE~1TempIXP000.TMPsetup_wm.exe
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorSkrivebordHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.msn.dk
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://wtbzlm.t.muxa.cc/s.php?aid=5... (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://wtbzlm.t.muxa.cc/s.php?aid=5... (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = http://wtbzlm.t.muxa.cc/h.php?aid=5... (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = http://wtbzlm.t.muxa.cc/h.php?aid=5... (obfuscated)
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [POINTER] point32.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP
O4 - HKLM..Run: [iamapp] C:ProgrammerNorton Personal FirewallIAMAPP.EXE
O4 - HKLM..Run: [sys] regedit -s sys.reg
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..Run: [supervideospornodk-htm] RunDll32 UDConn.dll,RunAsIcon supervideospornodk
O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32NeroCheck.exe
O4 - HKLM..RunOnce: [wextract_cleanup0] rundll32.exe C:WINNTSystem32advpack.dll,DelNodeRunDLL32 "C:DOCUME~1ADMINI~1LOKALE~1TempIXP000.TMP"
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINNTSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb elated.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.xxxtoolbar.com/ist/softw.......
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - http://www.thepaymentcentre.com/bui...
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binari.......
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binari......
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader....
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binari......
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} (UDConnect Class) - http://03.sharedsource.org/html/Tri......
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlan...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar......
O17 - HKLMSystemCCSServicesTcpip..{9547E9D7-BEB4-4AD2-A076-FF2FD48B763C}: NameServer = 194.239.134.83,193.162.153.164


Ultra Supporter
15-03-2005 19:09
Hent først den nyeste version af HJT og smid en ny log herind.

- HJT 1.99.1
http://www.softpedia.com/get/Intern......
Bruger Aspirant
26-03-2005 00:32
Sorry ventetiden

Logfile of HijackThis v1.99.1
Scan saved at 00:29:42, on 26-03-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINNTsystem32CTsvcCDA.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton AntiVirus
avapsvc.exe
C:ProgrammerNorton Personal FirewallNISUM.EXE
C:WINNTSystem32
vsvc32.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTsystem32stisvc.exe
C:ProgrammerNorton Personal FirewallSymProxySvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32MsPMSPSv.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton Personal FirewallNISSERV.EXE
C:WINNTExplorer.EXE
C:PROGRA~1NORTON~1
avapw32.exe
C:ProgrammerNorton Personal FirewallIAMAPP.EXE
C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
C:ProgrammerCreativeSBAudigy2DVDAudioCTDVDDet.EXE
C:ProgrammerMicrosoft HardwareMousepoint32.exe
C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
E:WarezAppz - cracksRefreshLock.exe
C:ProgrammerNetropaMultimedia KeyboardTrayMon.exe
C:ProgrammerNetropaOnscreen DisplayOSD.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:ProgrammerDU MeterDUMeter.exe
C:WINNTsystem32internat.exe
C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerTEXTwareHotKeyTwalink.exe
E:Privatircmirc.exe
C:ProgrammerInternet Exploreriexplore.exe
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorSkrivebordHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTsystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1
avapw32.exe
O4 - HKLM..Run: [iamapp] C:ProgrammerNorton Personal FirewallIAMAPP.EXE
O4 - HKLM..Run: [CTSysVol] C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
O4 - HKLM..Run: [CTDVDDet] C:ProgrammerCreativeSBAudigy2DVDAudioCTDVDDet.EXE
O4 - HKLM..Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM..Run: [SBDrvDet] C:ProgrammerCreativeSB Drive DetSBDrvDet.exe /r
O4 - HKLM..Run: [POINTER] point32.exe
O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
O4 - HKLM..Run: [RefreshLock] E:WarezAppz - cracksRefreshLock.exe
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 - HKLM..Run: [SSC_UserPrompt] C:ProgrammerFælles filerSymantec SharedSecurity CenterUsrPrmpt.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [DU Meter] C:ProgrammerDU MeterDUMeter.exe
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [RemoteCenter] C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Steam] C:ProgrammerSteamSteam.exe -silent
O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized
O4 - Global Startup: HotKey.lnk = C:ProgrammerTEXTwareHotKeyTwalink.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netrad...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com......
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/......
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/Spee...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINNTsystem32CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:WINNTSystem32dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:ProgrammerNorton AntiVirus
avapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINNTSystem32
vsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1FLLESF~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:ProgrammerNorton Personal FirewallSymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: ZESOFT - Unknown owner - C:WINNTzeta.exe

Ultra Supporter
26-03-2005 02:54
#2
Helt ok jeg kigger på den

ent disse programmer som skal bruges i fejlsikret tilstand

- Kaspersky Scanner
http://www.spywareinfo.dk/download/...

- Ad-aware SE Personal Edition 1.05
http://www.download.com/3001-8022_4...

- Spybot - Search & Destroy 1.3
http://users.skynet.be/fa964703/spy......

Installer og opdater Ad-aware og Spybot

Genstart i fejlsikret tilstand.
(Tryk F8 gentagne gange ved opstart)

Kør så en ny scanning med HJT og sæt flueben ved disse:

O23 - Service: ZESOFT - Unknown owner - C:WINNTzeta.exe

Du kan med fordel også fixe dem her de ligger bare og sluger pc'ens kræfter og programmerne kan sagtens startes normalt.

O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [CTDVDDet] C:ProgrammerCreativeSBAudigy2DVDAudioCTDVDDet.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [Steam] C:ProgrammerSteamSteam.exe -silent
O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized

Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”.

Søg og slet nedenstående filer/mapper, hvis de stadig er der. Husk at ændre mappeindstillinger så du kan se skjulte filer samt systemfiler.
(Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".)

C:\WINNT\zeta.exe >> Slet Filen

Jeg vil bede dig kigge på nedenstående fil også.

C:\WINNT\system32\internat.exe

Hvis der er et "?" ikon ud for den skal den ikke slettes, hvis der er et "zip-fil" ikon ud for den skal den slettes.
Du må meget gerne give mig besked om hvilket ikon der var og om du slettede den.

Ændre derefter mappeindstillinger tilbage til ikke at vise skjulte filer og skjulte systemfiler.

-----------------------
Installer og scan så med Kaspersky scanneren.
Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
- og prik i følgende: All local drives og Scan all files. Klik på scan.

Du skal ikke klikke på Add to Startup folders, for så scannes din PC, hver gang du starter Windows op
-----------------------
Ad-aware SE
Tag en "Full System Scan" med Ad-aware og ikke "Smart System Scan" og fix alt det den finder med rød tekst
-----------------------
Spybot S&D
Der er vist bare en knap som hedder Scan og fix alt det den finder og selv sætter flueben i.
-----------------------
Kør så en diskoprydning.
(Start=> Programmer=> Tilbehør=> Systemværktøjer=> Diskoprydning. Sæt flueben ved temp-filer, temporary internet files og papirkurv).
-----------------------

Genstart i normal tilstand. Kør en ny scanning med HJT og smid loggen herind til kontrol. Læg evt. også et par ord, om du har problemer med din PC, eller om det bare var et tjek
Bruger Aspirant
27-03-2005 10:38
Hey hey.. Her er den nye log

Logfile of HijackThis v1.99.1
Scan saved at 10:36:44, on 27-03-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTsystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINNTsystem32CTsvcCDA.exe
C:WINNTSystem32svchost.exe
C:ProgrammerNorton AntiVirus
avapsvc.exe
C:ProgrammerNorton Personal FirewallNISUM.EXE
C:WINNTSystem32
vsvc32.exe
C:WINNTsystem32 egsvc.exe
C:WINNTsystem32MSTask.exe
C:WINNTsystem32stisvc.exe
C:ProgrammerNorton Personal FirewallSymProxySvc.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTsystem32MsPMSPSv.exe
C:WINNTsystem32svchost.exe
C:ProgrammerNorton Personal FirewallNISSERV.EXE
C:WINNTSystem32svchost.exe
C:WINNTExplorer.EXE
C:PROGRA~1NORTON~1
avapw32.exe
C:ProgrammerNorton Personal FirewallIAMAPP.EXE
C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
E:WarezAppz - cracksRefreshLock.exe
C:ProgrammerNetropaMultimedia KeyboardTrayMon.exe
C:ProgrammerNetropaOnscreen DisplayOSD.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:ProgrammerDU MeterDUMeter.exe
C:WINNTsystem32internat.exe
C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerTEXTwareHotKeyTwalink.exe
E:Privatircmirc.exe
C:ProgrammerInternet Exploreriexplore.exe
C:ProgrammerInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsAdministratorSkrivebordHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgrammerSpybot - Search & DestroySDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTsystem32msdxm.ocx
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1
avapw32.exe
O4 - HKLM..Run: [iamapp] C:ProgrammerNorton Personal FirewallIAMAPP.EXE
O4 - HKLM..Run: [CTSysVol] C:ProgrammerCreativeSBAudigy2Surround MixerCTSysVol.exe
O4 - HKLM..Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM..Run: [SBDrvDet] C:ProgrammerCreativeSB Drive DetSBDrvDet.exe /r
O4 - HKLM..Run: [MULTIMEDIA KEYBOARD] C:ProgrammerNetropaMultimedia KeyboardMMKeybd.exe
O4 - HKLM..Run: [RefreshLock] E:WarezAppz - cracksRefreshLock.exe
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 - HKLM..Run: [SSC_UserPrompt] C:ProgrammerFælles filerSymantec SharedSecurity CenterUsrPrmpt.exe
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [DU Meter] C:ProgrammerDU MeterDUMeter.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [internat.exe] internat.exe
O4 - HKCU..Run: [RemoteCenter] C:ProgrammerCreativeMediaSourceRemoteControlRcMan.exe
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - Global Startup: HotKey.lnk = C:ProgrammerTEXTwareHotKeyTwalink.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000
O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netrad...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com......
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/......
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar......
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211/speedtest/Spee...
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINNTsystem32CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:WINNTSystem32dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:ProgrammerNorton AntiVirus
avapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:ProgrammerNetropaMultimedia Keyboard
hksrv.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISSERV.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:ProgrammerNorton Personal FirewallNISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINNTSystem32
vsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1FLLESF~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSNDSrvc.exe
O23 - Service: Norton Personal Firewall Proxy Service (SymProxySvc) - Symantec Corporation - C:ProgrammerNorton Personal FirewallSymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSecurity CenterSymWSC.exe



Jeg vil bede dig kigge på nedenstående fil også.

C:WINNTsystem32internat.exe

Hvis der er et "?" ikon ud for den skal den ikke slettes, hvis der er et "zip-fil" ikon ud for den skal den slettes.
Du må meget gerne give mig besked om hvilket ikon der var og om du slettede den.

Der var et "?" ikon og jeg slettede IKKE filen.

Jeg har ellers gjort hvad du sagde, og der var efterfølgende ingen problemer med at boote.
Monster Supporter
27-03-2005 15:08
#4
Din log er også ren nu så det passer meget godt.

Husk at scanne nogle gange fremover med Spybot og Ad-aware bare engang om ugen eller hver 14. dag, og det behøves ikke at være i fejlsikret tilstand man gør det.
Bruger påkrævet
En bruger er påkrævet for at oprette svar på Hardwareonline.dk
Du kan oprette en bruger her eller logge ind her

Log ind for at få flere funktioner