C:WINDOWSsystem32lsass.exe C:ProgrammerSkypePhoneSkype.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [Caffe-Client] c:program filesCaffeClient.exe Dem her ser ikke for godt ud, men lad hellere Armageddon kigge på den også!
--
- There is something rotten in the State of Denmark - TDC4Ever (en x-tdc-supporter) :o)

Jeg vil også gerne bede om lidt hjælp.... på forhånd tak... :-) Logfile of HijackThis v1.97.7 Scan saved at 17:00:36, on 19-05-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:ProgrammerFælles filerSymantec SharedccSetMgr.exe C:ProgrammerFælles filerSymantec SharedccEvtMgr.exe C:WINDOWSsystem32spoolsv.exe C:ProgrammerFælles filerSymantec SharedccProxy.exe C:ProgrammerExecutive SoftwareDiskeeperDkService.exe C:ProgrammerFælles filerMicrosoft SharedVS7DEBUGMDM.EXE C:ProgrammerNorton Internet Security ProfessionalNorton AntiVirus avapsvc.exe C:WINDOWSExplorer.EXE C:ProgrammerNorton Internet Security ProfessionalNorton AntiVirusAdvToolsNPROTECT.EXE C:WINDOWSSystem32 vsvc32.exe C:ProgrammerAnalog DevicesSoundMAXSMAgent.exe C:ProgrammerFælles filerSymantec SharedCCPD-LCsymlcsvc.exe C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe C:ProgrammerFælles filerSymantec SharedccApp.exe C:WINDOWSSystem32 undll32.exe C:WINDOWSsvchost.exe C:WINDOWSSystem32ctfmon.exe C:ProgrammerNorton Internet Security ProfessionalNorton AntiVirusSAVScan.exe C:ProgrammerMessengermsmsgs.exe C:ProgrammerInternet Exploreriexplore.exe D:SoftwareHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://69.50.191.52[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://69.50.191.52[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://69.50.191.52[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://69.50.191.52[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://69.50.191.52[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://bestsearch.cc[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgrammerFælles filerSymantec SharedAdBlockingNISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton Internet Security ProfessionalNorton AntiVirusNavShExt.dll (file missing) O4 - HKLM..Run: [SoundMAXPnP] C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe O4 - HKLM..Run: [SoundMAX] "C:ProgrammerAnalog DevicesSoundMAXSmax4.exe" /tray O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [ccApp] "C:ProgrammerFælles filerSymantec SharedccApp.exe" O4 - HKLM..Run: [URLLSTCK.exe] C:ProgrammerNorton Internet Security ProfessionalUrlLstCk.exe O4 - HKLM..Run: [Advanced Tools Check] C:PROGRA~1NORTON~1NORTON~1AdvToolsADVCHK.EXE O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [CloneDVDElbyDelay] "C:ProgrammerElaborate BytesCloneDVDElbyCheck.exe" /L ElbyDelay O4 - HKLM..Run: [APIMon] C:WINDOWSSystem32winapix.exe O4 - HKLM..Run: [svchost] C:WINDOWSsvchost.exe O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [Yahoo! Pager] C:ProgrammerYahoo!Messengerypager.exe -quiet O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Opslag (HKLM) O9 - Extra button: ICQ 4.0 (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com[...] O16 - DPF: {67914C73-6B13-4365-8052-06C1C765CD20} (UAClientControl Control) - http://www.ultimatearena.com[...] O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://arcade.icq.com[...] O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk[...]
--

skype er ok at ha', det er ikke noget farligt, bruger det selv
--
That makes me angry, and when I get angry, Mr. Bigglesworth gets upset. *rrrr* And when Mr. Bigglesworth gets upset.. people DIE!!

Skype er da ikke farligt ! Det er sådan man kan kommunikerer via mic. på nettet !
--
-That which is comprehensible to an idiot is not worth my care -If you can have it good on the bad side, then why have it bad on the good side ?!

en der også lige vil tjekke den her.. :D Logfile of HijackThis v1.97.7 Scan saved at 16:52:17, on 19-05-2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINNTSystem32smss.exe C:WINNTsystem32csrss.exe C:WINNTsystem32winlogon.exe C:WINNTsystem32services.exe C:WINNTsystem32lsass.exe C:WINNTsystem32svchost.exe C:WINNTsystem32spoolsv.exe C:WINNTSystem32Ati2evxx.exe C:PROGRA~1GrisoftAVG6avgserv.exe C:WINNTSystem32svchost.exe C:NORMANNvcBINNPFSVICE.EXE C:NormanNVCBINanda.exe C:WINNTsystem32 egsvc.exe C:WINNTsystem32MSTask.exe C:WINNTsystem32stisvc.exe C:WINNTSystem32WBEMWinMgmt.exe C:WINNTsystem32svchost.exe C:WINNTExplorer.exe C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe C:ProgrammerWinampWinampa.exe C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe C:WINNTMixer.exe C:ProgrammerAnalog DevicesSoundMAXsmax4.exe C:NormanNVCBINLH.EXE C:PROGRA~1GrisoftAVG6avgcc32.exe C:ProgrammerQuickTimeqttask.exe C:ProgrammerLogitechMouseWaresystemem_exec.exe C:WINNTSystem32internat.exe C:ProgrammerMSN Messengermsnmsgr.exe C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:NORMANNvcBIN pfmsg2.exe C:ProgrammerWinZipWZQKPICK.EXE C:ProgrammerMicrosoft OfficeOffice1030msoffice.exe C:WINNTSystem32svchost.exe C:NORMANNvcBIN vcoas.exe C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBIN ipsvc.exe C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBINcclaw.exe C:ProgrammerInternet Exploreriexplore.exe C:Documents and SettingsPreben Færch NielsenSkrivebordhjt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tdconline.dk[...] R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:ProgrammerMyWaySearchAt3.binMWSSRCAS.DLL (file missing) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:ProgrammerMyWebSearchar3.binMWSBAR.DLL (file missing) O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:ProgrammerMyWebSearchar3.binMWSBAR.DLL (file missing) O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM..Run: [SoundMAXPnP] C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32NeroCheck.exe O4 - HKLM..Run: [WinampAgent] "C:ProgrammerWinampWinampa.exe" O4 - HKLM..Run: [LoadQM] loadqm.exe O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar3.binmwsoemon.exe O4 - HKLM..Run: [C-Media Echo Control] C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM..Run: [SoundMax] "C:ProgrammerAnalog DevicesSoundMAXsmax4.exe" /tray O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [Norman ZANDA] C:NormanNVCBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [Ass and titties] cmd32.exe O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..RunServices: [Ass and titties] cmd32.exe O4 - HKCU..Run: [internat.exe] internat.exe O4 - HKCU..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar3.binmwsoemon.exe O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [H/PC Connection Agent] "C:ProgrammerMicrosoft ActiveSyncWCESCOMM.EXE" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - Startup: MyWebSearch Email Plugin.lnk = C:ProgrammerMyWebSearchar3.binMWSOEMON.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOfficeOSA9.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:ProgrammerMyWebSearchar3.binMWSOEMON.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:ProgrammerWinZipWZQKPICK.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com[...] O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:ProgrammerTDC Online MenubarTDCOBar.dll/ADDBOOKMARKLINK_HTM O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {0D06CDB2-163D-46FD-94B7-BD3B1D69F846} (WDX.WDX_Main) - https://www.web-direct.dk[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com[...] O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {41A22D90-5502-4C52-9FB7-67901FBBD515} (Util Class) - https://udstedelse.certifikat.tdc.dk[...] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net[...] O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211[...] O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...]
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

#0 Hejsa, Der er et par småting som lige skal fixes. Start med at deaktivere systemgendannelse. Kør en ny scanning med HJT og sæt flueben ved disse: O1 - Hosts: der bruges af Microsoft TCP/IP til Windows. O4 - HKLM..Run: [Open Site] C:Program FilesOpen Siteopnste.exe O4 - HKLM..Run: [curbgpl] C:PROGRA~1FREESE~1Win Type Info.exe O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com[...] Du kan med fordel fixe disse også så de ikke starter op med Windows O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOfficeOSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:ProgrammerWinZipWZQKPICK.EXE Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart i fejlsikret tilstand. Find og slet disse: C:\WINDOWS\System32\P2P Networking\P2P Networking.exe (hele ”P2P Networking” mappen skal væk) C:\PROGRA~1\FREESE~1\Win Type Info.exe (hele ” FREESE~1” mappen skal væk) C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe (hele ”Altnet” mappen skal væk) C:\Program Files\Open Site\opnste.exe (hele ” Open Site” mappen skal væk) Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

#2 Hejsa, Der er et par småting som lige skal fixes. Start med at deaktivere systemgendannelse. Kør en ny scanning med HJT og sæt flueben ved disse: R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://69.50.191.52[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://69.50.191.52[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://69.50.191.52[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://69.50.191.52[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://69.50.191.52[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://bestsearch.cc[...] O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:ProgrammerFælles filerSymantec SharedAdBlockingNISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton Internet Security ProfessionalNorton AntiVirusNavShExt.dll (file missing) O4 - HKLM..Run: [APIMon] C:WINDOWSSystem32winapix.exe O4 - HKLM..Run: [svchost] C:WINDOWSsvchost.exe Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart i fejlsikret tilstand. Find og slet disse: C:\WINDOWS\svchost.exe C:\WINDOWS\System32\winapix.exe Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

#5 Hejsa, Der er et par småting som lige skal fixes. Kør en ny scanning med HJT og sæt flueben ved disse: R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:ProgrammerMyWaySearchAt3.binMWSSRCAS.DLL (file missing) O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:ProgrammerMyWebSearch ar3.binMWSBAR.DLL (file missing) O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:ProgrammerMyWebSearch ar3.binMWSBAR.DLL (file missing) O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1 ar3.binmwsoemon.exe O4 - HKLM..Run: [Ass and titties] cmd32.exe O4 - HKLM..RunServices: [Ass and titties] cmd32.exe O4 - HKCU..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1 ar3.binmwsoemon.exe O4 - Startup: MyWebSearch Email Plugin.lnk = C:ProgrammerMyWebSearch ar3.binMWSOEMON.EXE O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:ProgrammerMyWebSearch ar3.binMWSOEMON.EXE O8 - Extra context menu item: &Search - http://bar.mywebsearch.com[...] O16 - DPF: {0D06CDB2-163D-46FD-94B7-BD3B1D69F846} (WDX.WDX_Main) - https://www.web-direct.dk[...] O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com[...] O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com[...] Du kan med fordel fixe disse også så de ikke starter op med Windows O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" –atboottime O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOfficeOSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:ProgrammerWinZipWZQKPICK.EXE Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart i fejlsikret tilstand. Find og slet disse: C:\Programmer\MyWebSearch (hele mappen skal væk) C:\WINNT\System32\cmd32.exe (hvis ikke filer er der så søg på den) Genstart normalt. Få opdateret systemet med SP4 og kritiske opdateringer. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

det er den nye.. er den ok eller hvad?? Logfile of HijackThis v1.97.7 Scan saved at 18:41:20, on 19-05-2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINNTSystem32smss.exe C:WINNTsystem32csrss.exe C:WINNTsystem32winlogon.exe C:WINNTsystem32services.exe C:WINNTsystem32lsass.exe C:WINNTsystem32svchost.exe C:WINNTsystem32spoolsv.exe C:WINNTSystem32Ati2evxx.exe C:PROGRA~1GrisoftAVG6avgserv.exe C:WINNTSystem32svchost.exe C:NORMANNvcBINNPFSVICE.EXE C:NormanNVCBINanda.exe C:WINNTsystem32 egsvc.exe C:WINNTsystem32MSTask.exe C:WINNTsystem32stisvc.exe C:WINNTSystem32WBEMWinMgmt.exe C:WINNTsystem32svchost.exe C:WINNTExplorer.exe C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe C:ProgrammerWinampWinampa.exe C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe C:WINNTMixer.exe C:ProgrammerAnalog DevicesSoundMAXsmax4.exe C:NormanNVCBINLH.EXE C:ProgrammerLogitechMouseWaresystemem_exec.exe C:PROGRA~1GrisoftAVG6avgcc32.exe C:WINNTSystem32internat.exe C:ProgrammerMSN Messengermsnmsgr.exe C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:WINNTSystem32svchost.exe C:NORMANNvcBIN pfmsg2.exe C:NORMANNvcBIN vcoas.exe C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBIN ipsvc.exe C:NORMANNvcBINcclaw.exe C:Documents and SettingsPreben Færch NielsenSkrivebordhjt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tdconline.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM..Run: [SoundMAXPnP] C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32\NeroCheck.exe O4 - HKLM..Run: [WinampAgent] "C:ProgrammerWinampWinampa.exe" O4 - HKLM..Run: [LoadQM] loadqm.exe O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar3.binmwsoemon.exe O4 - HKLM..Run: [C-Media Echo Control] C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM..Run: [SoundMax] "C:ProgrammerAnalog DevicesSoundMAXsmax4.exe" /tray O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [Norman ZANDA] C:NormanNVCBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP O4 - HKCU..Run: [internat.exe] internat.exe O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [H/PC Connection Agent] "C:ProgrammerMicrosoft ActiveSyncWCESCOMM.EXE" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:ProgrammerTDC Online MenubarTDCOBar.dll/ADDBOOKMARKLINK_HTM O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {0D06CDB2-163D-46FD-94B7-BD3B1D69F846} (WDX.WDX_Main) - https://www.web-direct.dk[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {41A22D90-5502-4C52-9FB7-67901FBBD515} (Util Class) - https://udstedelse.certifikat.tdc.dk[...] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net[...] O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211[...] O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...]
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

Fix lige disse igen: O4 - HKLM..Run: [MyWebSearch Email Plugin] C:PROGRA~1MYWEBS~1ar3.binmwsoemon.exe O16 - DPF: {0D06CDB2-163D-46FD-94B7-BD3B1D69F846} (WDX.WDX_Main) - https://www.web-direct.dk[...] så skulle den være der. Og stadig vil jeg anbefale dig at få opdateret systemet med SP4 og kritiske opdateringer via Windows update hurtigst muligt.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

hvordan opdatere jeg alt det der, og hvad er sp4?
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

her er den nyte log: Logfile of HijackThis v1.97.7 Scan saved at 18:55:37, on 19-05-2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINNTSystem32smss.exe C:WINNTsystem32csrss.exe C:WINNTsystem32winlogon.exe C:WINNTsystem32services.exe C:WINNTsystem32svchost.exe C:WINNTsystem32spoolsv.exe C:WINNTSystem32Ati2evxx.exe C:PROGRA~1GrisoftAVG6avgserv.exe C:WINNTSystem32svchost.exe C:NORMANNvcBINNPFSVICE.EXE C:NormanNVCBINanda.exe C:WINNTsystem32 egsvc.exe C:WINNTsystem32MSTask.exe C:WINNTsystem32stisvc.exe C:WINNTSystem32WBEMWinMgmt.exe C:WINNTExplorer.exe C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe C:ProgrammerWinampWinampa.exe C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe C:WINNTMixer.exe C:ProgrammerAnalog DevicesSoundMAXsmax4.exe C:NormanNVCBINLH.EXE C:ProgrammerLogitechMouseWaresystemem_exec.exe C:PROGRA~1GrisoftAVG6avgcc32.exe C:WINNTSystem32internat.exe C:ProgrammerMSN Messengermsnmsgr.exe C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:NORMANNvcBIN pfmsg2.exe C:WINNTSystem32svchost.exe C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBIN vcoas.exe C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBIN ipsvc.exe C:Documents and SettingsPreben Færch NielsenSkrivebordhjt.exe C:NORMANNvcBINcclaw.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tdconline.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM..Run: [SoundMAXPnP] C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32\NeroCheck.exe O4 - HKLM..Run: [WinampAgent] "C:ProgrammerWinampWinampa.exe" O4 - HKLM..Run: [LoadQM] loadqm.exe O4 - HKLM..Run: [C-Media Echo Control] C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM..Run: [SoundMax] "C:ProgrammerAnalog DevicesSoundMAXsmax4.exe" /tray O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [Norman ZANDA] C:NormanNVCBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP O4 - HKCU..Run: [internat.exe] internat.exe O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [H/PC Connection Agent] "C:ProgrammerMicrosoft ActiveSyncWCESCOMM.EXE" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:ProgrammerTDC Online MenubarTDCOBar.dll/ADDBOOKMARKLINK_HTM O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {0D06CDB2-163D-46FD-94B7-BD3B1D69F846} (WDX.WDX_Main) - https://www.web-direct.dk[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {41A22D90-5502-4C52-9FB7-67901FBBD515} (Util Class) - https://udstedelse.certifikat.tdc.dk[...] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net[...] O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211[...] O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...]
--
Gæstebruger, opret dit eget login og få din egen signatur.

#11 Du vælger Start-> Windows update (ikonet er øverst oppe) så kommer du direkte ind på Microsoft´s side. Så scanner du efter opdateringer og installerer først SP4 (Service pack 4) og siden kritiske opdateringer, så du kan få lukket alle sikkerhedshullerne.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

Logfile of HijackThis v1.97.7 Scan saved at 18:59:16, on 19-05-2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINNTSystem32smss.exe C:WINNTsystem32csrss.exe C:WINNTsystem32winlogon.exe C:WINNTsystem32services.exe C:WINNTsystem32lsass.exe C:WINNTsystem32svchost.exe C:WINNTsystem32spoolsv.exe C:WINNTSystem32Ati2evxx.exe C:PROGRA~1GrisoftAVG6avgserv.exe C:WINNTSystem32svchost.exe C:NORMANNvcBINNPFSVICE.EXE C:NormanNVCBINanda.exe C:WINNTsystem32 egsvc.exe C:WINNTsystem32MSTask.exe C:WINNTsystem32stisvc.exe C:WINNTSystem32WBEMWinMgmt.exe C:WINNTsystem32svchost.exe C:WINNTExplorer.exe C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe C:ProgrammerWinampWinampa.exe C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe C:WINNTMixer.exe C:ProgrammerAnalog DevicesSoundMAXsmax4.exe C:NormanNVCBINLH.EXE C:ProgrammerLogitechMouseWaresystemem_exec.exe C:PROGRA~1GrisoftAVG6avgcc32.exe C:WINNTSystem32internat.exe C:ProgrammerMSN Messengermsnmsgr.exe C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:NORMANNvcBIN pfmsg2.exe C:WINNTSystem32svchost.exe C:NORMANNvcBIN vcoas.exe C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBIN ipsvc.exe C:ProgrammerInternet Exploreriexplore.exe C:NORMANNvcBINcclaw.exe C:Documents and SettingsPreben Færch NielsenSkrivebordhjt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tdconline.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM..Run: [SoundMAXPnP] C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32\NeroCheck.exe O4 - HKLM..Run: [WinampAgent] "C:ProgrammerWinampWinampa.exe" O4 - HKLM..Run: [LoadQM] loadqm.exe O4 - HKLM..Run: [C-Media Echo Control] C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM..Run: [SoundMax] "C:ProgrammerAnalog DevicesSoundMAXsmax4.exe" /tray O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [Norman ZANDA] C:NormanNVCBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP O4 - HKCU..Run: [internat.exe] internat.exe O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [H/PC Connection Agent] "C:ProgrammerMicrosoft ActiveSyncWCESCOMM.EXE" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:ProgrammerTDC Online MenubarTDCOBar.dll/ADDBOOKMARKLINK_HTM O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {0D06CDB2-163D-46FD-94B7-BD3B1D69F846} (WDX.WDX_Main) - https://www.web-direct.dk[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {41A22D90-5502-4C52-9FB7-67901FBBD515} (Util Class) - https://udstedelse.certifikat.tdc.dk[...] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net[...] O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211[...] O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...] det er den nye log.. er der ikke mere jeg skal gøre end aty opdatere det der?
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

#12 Nu ser det meget bedre ud. Der er kun lige denne som åbenbart driller lidt: O16 - DPF: {0D06CDB2-163D-46FD-94B7-BD3B1D69F846} (WDX.WDX_Main) - https://www.web-direct.dk[...] prøv at fixe den igen.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

Logfile of HijackThis v1.97.7 Scan saved at 19:01:43, on 19-05-2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINNTSystem32smss.exe C:WINNTsystem32csrss.exe C:WINNTsystem32winlogon.exe C:WINNTsystem32services.exe C:WINNTsystem32lsass.exe C:WINNTsystem32svchost.exe C:WINNTsystem32spoolsv.exe C:WINNTSystem32Ati2evxx.exe C:PROGRA~1GrisoftAVG6avgserv.exe C:WINNTSystem32svchost.exe C:NORMANNvcBINNPFSVICE.EXE C:NormanNVCBINanda.exe C:WINNTsystem32 egsvc.exe C:WINNTsystem32MSTask.exe C:WINNTsystem32stisvc.exe C:WINNTSystem32WBEMWinMgmt.exe C:WINNTsystem32svchost.exe C:WINNTExplorer.exe C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe C:ProgrammerWinampWinampa.exe C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe C:WINNTMixer.exe C:ProgrammerAnalog DevicesSoundMAXsmax4.exe C:NormanNVCBINLH.EXE C:ProgrammerLogitechMouseWaresystemem_exec.exe C:PROGRA~1GrisoftAVG6avgcc32.exe C:WINNTSystem32internat.exe C:ProgrammerMSN Messengermsnmsgr.exe C:NORMANNvcBINNYMSE.EXE C:NORMANNvcBINNIP.EXE C:NORMANNvcBIN pfmsg2.exe C:WINNTSystem32svchost.exe C:NORMANNvcBIN vcoas.exe C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBIN ipsvc.exe C:ProgrammerInternet Exploreriexplore.exe C:NORMANNvcBINcclaw.exe C:Documents and SettingsPreben Færch NielsenSkrivebordhjt.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tdconline.dk[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM..Run: [SoundMAXPnP] C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32\NeroCheck.exe O4 - HKLM..Run: [WinampAgent] "C:ProgrammerWinampWinampa.exe" O4 - HKLM..Run: [LoadQM] loadqm.exe O4 - HKLM..Run: [C-Media Echo Control] C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM..Run: [SoundMax] "C:ProgrammerAnalog DevicesSoundMAXsmax4.exe" /tray O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [Norman ZANDA] C:NormanNVCBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP O4 - HKCU..Run: [internat.exe] internat.exe O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [H/PC Connection Agent] "C:ProgrammerMicrosoft ActiveSyncWCESCOMM.EXE" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:ProgrammerTDC Online MenubarTDCOBar.dll/ADDBOOKMARKLINK_HTM O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {41A22D90-5502-4C52-9FB7-67901FBBD515} (Util Class) - https://udstedelse.certifikat.tdc.dk[...] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net[...] O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211[...] O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...] sådan.. skaæl jeg bare opdatere nu?
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

#16 Ja, så skal der bare opdateres på fuld drøn. Kører systemet ikke bedre nu?
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

joo det gør det faktisk.. :D mange tak håber sku det kommer til at forsvinde, så den ikke bare rebooter hvert sek.. har du evt msn:? så kan vi lige nskke der??
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

hmm den lukker stadigvæk ned?? vil du have en ny log??
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

Logfile of HijackThis v1.97.7 Scan saved at 19:41:42, on 19-05-2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINNTSystem32smss.exe C:WINNTsystem32csrss.exe C:WINNTsystem32winlogon.exe C:WINNTsystem32services.exe C:WINNTsystem32lsass.exe C:WINNTsystem32svchost.exe C:WINNTsystem32spoolsv.exe C:WINNTSystem32Ati2evxx.exe C:PROGRA~1GrisoftAVG6avgserv.exe C:WINNTSystem32svchost.exe C:NORMANNvcBINNPFSVICE.EXE C:NormanNVCBINanda.exe C:WINNTsystem32 egsvc.exe C:WINNTsystem32MSTask.exe C:WINNTsystem32stisvc.exe C:WINNTSystem32WBEMWinMgmt.exe C:WINNTsystem32svchost.exe C:WINNTExplorer.exe C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe C:ProgrammerWinampWinampa.exe C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe C:WINNTMixer.exe C:ProgrammerAnalog DevicesSoundMAXsmax4.exe C:NormanNVCBINLH.EXE C:PROGRA~1GrisoftAVG6avgcc32.exe C:ProgrammerLogitechMouseWaresystemem_exec.exe C:WINNTSystem32svdhost.exe C:WINNTSystem32internat.exe C:NORMANNvcBINNYMSE.EXE C:ProgrammerMSN Messengermsnmsgr.exe C:NORMANNvcBINNIP.EXE C:WINNTSystem32svchost.exe C:NORMANNvcBIN pfmsg2.exe C:NORMANNvcBIN vcoas.exe C:NORMANNvcBIN ipsvc.exe C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBINcclaw.exe C:ProgrammerInternet Exploreriexplore.exe C:Documents and SettingsPreben Færch NielsenSkrivebordhjt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tdconline.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM..Run: [SoundMAXPnP] C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32\NeroCheck.exe O4 - HKLM..Run: [WinampAgent] "C:ProgrammerWinampWinampa.exe" O4 - HKLM..Run: [LoadQM] loadqm.exe O4 - HKLM..Run: [C-Media Echo Control] C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM..Run: [SoundMax] "C:ProgrammerAnalog DevicesSoundMAXsmax4.exe" /tray O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [Norman ZANDA] C:NormanNVCBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP O4 - HKLM..Run: [Microsoft Com Port Manager] svdhost.exe O4 - HKLM..RunServices: [Microsoft Com Port Manager] svdhost.exe O4 - HKCU..Run: [internat.exe] internat.exe O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [H/PC Connection Agent] "C:ProgrammerMicrosoft ActiveSyncWCESCOMM.EXE" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:ProgrammerTDC Online MenubarTDCOBar.dll/ADDBOOKMARKLINK_HTM O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {41A22D90-5502-4C52-9FB7-67901FBBD515} (Util Class) - https://udstedelse.certifikat.tdc.dk[...] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net[...] O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211[...] O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...] det er den nyeste log.
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

#19 Hvor lang tid gik der inden den lukkede ned igen - altså fra du begyndte at opdateret fra Windows update og til den lukkede ned?. Det kan måske være tale om en ny inficering. Prøv bare at lave en ny log.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

#20 Du har fået en ny gæst. De render lige ind. Fix disse i HJT: O4 - HKLM..Run: [Microsoft Com Port Manager] svdhost.exe O4 - HKLM..RunServices: [Microsoft Com Port Manager] svdhost.exe Slet denne i fejlsikret tilstand. C:\WINNT\System32\svdhost.exe
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

Logfile of HijackThis v1.97.7 Scan saved at 19:51:22, on 19-05-2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINNTSystem32smss.exe C:WINNTsystem32csrss.exe C:WINNTsystem32winlogon.exe C:WINNTsystem32services.exe C:WINNTsystem32lsass.exe C:WINNTsystem32svchost.exe C:WINNTsystem32spoolsv.exe C:WINNTSystem32Ati2evxx.exe C:PROGRA~1GrisoftAVG6avgserv.exe C:WINNTSystem32svchost.exe C:NORMANNvcBINNPFSVICE.EXE C:NormanNVCBINanda.exe C:WINNTsystem32 egsvc.exe C:WINNTsystem32MSTask.exe C:WINNTsystem32stisvc.exe C:WINNTSystem32WBEMWinMgmt.exe C:WINNTsystem32svchost.exe C:WINNTExplorer.exe C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe C:ProgrammerWinampWinampa.exe C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe C:WINNTMixer.exe C:ProgrammerAnalog DevicesSoundMAXsmax4.exe C:NormanNVCBINLH.EXE C:PROGRA~1GrisoftAVG6avgcc32.exe C:ProgrammerLogitechMouseWaresystemem_exec.exe C:WINNTSystem32svdhost.exe C:WINNTSystem32internat.exe C:NORMANNvcBINNYMSE.EXE C:ProgrammerMSN Messengermsnmsgr.exe C:NORMANNvcBINNIP.EXE C:WINNTSystem32svchost.exe C:NORMANNvcBIN pfmsg2.exe C:NORMANNvcBIN vcoas.exe C:NORMANNvcBIN ipsvc.exe C:NORMANNvcBINNJEEVES.EXE C:NORMANNvcBINNVCSCHED.EXE C:NORMANNvcBINcclaw.exe C:ProgrammerInternet Exploreriexplore.exe C:Documents and SettingsPreben Færch NielsenSkrivebordhjt.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tdconline.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM..Run: [SoundMAXPnP] C:ProgrammerAnalog DevicesSoundMAXSMax4PNP.exe O4 - HKLM..Run: [NeroCheck] C:WINNTSystem32\NeroCheck.exe O4 - HKLM..Run: [WinampAgent] "C:ProgrammerWinampWinampa.exe" O4 - HKLM..Run: [LoadQM] loadqm.exe O4 - HKLM..Run: [C-Media Echo Control] C:ProgrammerPCI Audio ApplicationsBinEchoCtrl.exe O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM..Run: [SoundMax] "C:ProgrammerAnalog DevicesSoundMAXsmax4.exe" /tray O4 - HKLM..Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM..Run: [Norman ZANDA] C:NormanNVCBINLH.EXE /LOAD /SPLASH O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP O4 - HKLM..Run: [Microsoft Com Port Manager] svdhost.exe O4 - HKLM..RunServices: [Microsoft Com Port Manager] svdhost.exe O4 - HKCU..Run: [internat.exe] internat.exe O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [H/PC Connection Agent] "C:ProgrammerMicrosoft ActiveSyncWCESCOMM.EXE" O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN Messengermsnmsgr.exe" /background O4 - Global Startup: Logitech Desktop Messenger.lnk = C:ProgrammerLogitechDesktop Messenger8876480ProgramLDMConf.exe O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:ProgrammerTDC Online MenubarTDCOBar.dll/ADDBOOKMARKLINK_HTM O9 - Extra button: Create Mobile Favorite (HKLM) O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com[...] O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com[...] O16 - DPF: {41A22D90-5502-4C52-9FB7-67901FBBD515} (Util Class) - https://udstedelse.certifikat.tdc.dk[...] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net[...] O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.microsoft.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211[...] O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...] den gad ikke at opdatere.. :-O
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

#20 Har du firewall i det Norman du bruger? - ellers kan du hente en gratis firewall hos ZoneLabs http://www.zonelabs.com[...]
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

ja der er firewall i.. men jeg har 2 antivirus programmer.. og der er ingen der kan finde den.. :( men henter lige den anden firewall også..
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

Problemet er jo at utøjet render lige igennem til dig. Få også lige ordnet det jeg påpeger i #22.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

kan ikke hente ZA?? men hvad kan jeg gøre for at de ikke bare render ind? skkrue firewall helt i top?
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

#27 Jeg kender ikke den Norman firewall nærmere, men sæt den til maksimum beskyttelse eller sådan noget. Har du også fået fjernet det sidste utøj som er blevet påpeget?
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

ja det har jeg.. er der merer der skal gøres?
--
Gæstebruger, opret dit eget login og få din egen signatur.

#29 Så er det bare at opdatere via Windows update.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

det vil den ikke.. :S kan du ikke add mig på msn: [email protected]
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

#31 Har ikke MSN.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

#32 oki, hvad kan man gøre for at tvinge den til at hente de opdateringer???
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

Hent SP4 som en selvstændig fil, du kan gemme på harddisken ftp://ftp.sdu.dk[...] få den installeret og opdater så resten via Windows update.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

oki, det prøver jeg så.. ved det ca. om ½ time.. altså om den kan opdatere..
--
vildere klovn, vildere..! Jada.. :D nyt vildt site.. : http://www.mmoforum.tk[...] Så kigger vi lige ind i mit eget lille pæne drivhus: http://www.growyourownshit.com[...]

#35 Du kan også med fordel hente DCOMbob.exe på http://grc.com[...] og få lukket af for DCOM protokollen. Det holder også en del ude. -- /Armageddon - [email protected] http://www.mdegn.dk[...]
--

Sidst redigeret