HJT log - HJÆÆLP

Af Gigabruger BikerSaur | 04-08-2005 22:34 | 1063 visninger | 16 svar, hop til seneste

Sidder her med en vens computer som bare ikke vil virke ordentlig! den er for langsom hele tiden, og vi regner med den er "hijacked" Vi lavede lige en log: Logfile of HijackThis v1.99.1 Scan saved at 22:33:51, on 04-08-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe C:WINDOWSsystem32 vsvc32.exe C:WINDOWSsystem32svchost.exe C:WINDOWSExplorer.exe c:windowssystem32yehyril.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSSystem32alg.exe C:WINDOWSsystem32RunDll32.exe C:ProgrammerWinampwinampa.exe C:WINDOWSvsnpstd.exe C:PROGRA~1GrisoftAVGFRE~1avgcc.exe C:PROGRA~1GrisoftAVGFRE~1avgemc.exe C:ProgrammerMSN AppsUpdater1.02.3000.1001damsnappau.exe C:ProgrammerQuickTimeqttask.exe C:WINDOWSsystem32 undll32.exe C:ProgrammerSurfAccuracySAcc.exe C:ProgrammerBearShareBearShare.exe C:WINDOWSsystem32ctfmon.exe C:ProgrammerMessengermsmsgs.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:ProgrammerPinnacleShared FilesInstantCDDVDPCLETray.exe C:ProgrammerPinnacleInstantCDDVDInstantWriteiwctrl.exe C:ProgrammerValveSteamSteam.exe C:ProgrammerSkypePhoneSkype.exe C:PROGRA~1SPYWAR~1swdoctor.exe C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe C:PROGRA~1MOZILL~1FIREFOX.EXE C:WINDOWSsystem32wbemwmiprvse.exe C:Documents and SettingsNikolai jensenSkrivebordhijack thisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks F2 - REG:system.ini: Shell=Explorer.exe C:WINDOWSNail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:PROGRA~1SPYWAR~1 oolsiesdsg.dll O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:WINDOWSsystem32qqpjpxew.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [PinnacleDriverCheck] C:WINDOWSsystem32PSDrvCheck.exe O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [WinampAgent] C:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [snpstd] C:WINDOWSvsnpstd.exe O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe O4 - HKLM..Run: [msnappau] "C:ProgrammerMSN AppsUpdater1.02.3000.1001damsnappau.exe" O4 - HKLM..Run: [AnyDVD] "C:ProgrammerSlySoftAnyDVDAnyDVD.exe" O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [SurfAccuracy] C:ProgrammerSurfAccuracySAcc.exe O4 - HKLM..Run: [lanbrup] C:WINDOWSsystem32lanbrup.exe O4 - HKLM..Run: [BearShare] "C:ProgrammerBearShareBearShare.exe" /pause O4 - HKLM..Run: [ayuoxnq] c:windowssystem32yehyril.exe r O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengermsmsgs.exe" /background O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [InstantTray] C:ProgrammerPinnacleShared FilesInstantCDDVDPCLETray.exe O4 - HKCU..Run: [IW_Drop_Icon] C:ProgrammerPinnacleInstantCDDVDInstantWriteiwctrl.exe /DropDisc O4 - HKCU..Run: [Steam] C:ProgrammerValveSteamSteam.exe -silent O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [Spyware Doctor] C:PROGRA~1SPYWAR~1swdoctor.exe /Q O4 - Startup: Xfire.lnk = C:ProgrammerXfireXfire.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavaj2re1.4.2in pjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavaj2re1.4.2in pjpi142.dll O9 - Extra button: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:AdgangForAlleadgangforalle.exe O9 - Extra 'Tools' menuitem: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:AdgangForAlleadgangforalle.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net[...] O20 - Winlogon Notify: WB - C:ProgrammerStardockObject DesktopThemeManagerfastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32 vsvc32.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:WINDOWSsvcproc.exe -/ På forhånd tak! :)
--

#1
BikerSaur
Gigabruger
04-08-2005 22:36

Rapporter til Admin

Ved ikke hvorfor den ikke tog det hele med :S Logfile of HijackThis v1.99.1 Scan saved at 22:33:51, on 04-08-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe C:WINDOWSsystem32 vsvc32.exe C:WINDOWSsystem32svchost.exe C:WINDOWSExplorer.exe c:windowssystem32yehyril.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSSystem32alg.exe C:WINDOWSsystem32RunDll32.exe C:ProgrammerWinampwinampa.exe C:WINDOWSvsnpstd.exe C:PROGRA~1GrisoftAVGFRE~1avgcc.exe C:PROGRA~1GrisoftAVGFRE~1avgemc.exe C:ProgrammerMSN AppsUpdater1.02.3000.1001damsnappau.exe C:ProgrammerQuickTimeqttask.exe C:WINDOWSsystem32 undll32.exe C:ProgrammerSurfAccuracySAcc.exe C:ProgrammerBearShareBearShare.exe C:WINDOWSsystem32ctfmon.exe C:ProgrammerMessengermsmsgs.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:ProgrammerPinnacleShared FilesInstantCDDVDPCLETray.exe C:ProgrammerPinnacleInstantCDDVDInstantWriteiwctrl.exe C:ProgrammerValveSteamSteam.exe C:ProgrammerSkypePhoneSkype.exe C:PROGRA~1SPYWAR~1swdoctor.exe C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe C:PROGRA~1MOZILL~1FIREFOX.EXE C:WINDOWSsystem32wbemwmiprvse.exe C:Documents and SettingsNikolai jensenSkrivebordhijack thisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks F2 - REG:system.ini: Shell=Explorer.exe C:WINDOWSNail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:PROGRA~1SPYWAR~1 oolsiesdsg.dll O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:WINDOWSsystem32qqpjpxew.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [PinnacleDriverCheck] C:WINDOWSsystem32PSDrvCheck.exe O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [WinampAgent] C:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [snpstd] C:WINDOWSvsnpstd.exe O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe O4 - HKLM..Run: [msnappau] "C:ProgrammerMSN AppsUpdater1.02.3000.1001damsnappau.exe" O4 - HKLM..Run: [AnyDVD] "C:ProgrammerSlySoftAnyDVDAnyDVD.exe" O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [SurfAccuracy] C:ProgrammerSurfAccuracySAcc.exe O4 - HKLM..Run: [lanbrup] C:WINDOWSsystem32lanbrup.exe O4 - HKLM..Run: [BearShare] "C:ProgrammerBearShareBearShare.exe" /pause O4 - HKLM..Run: [ayuoxnq] c:windowssystem32yehyril.exe r O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengermsmsgs.exe" /background O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [InstantTray] C:ProgrammerPinnacleShared FilesInstantCDDVDPCLETray.exe O4 - HKCU..Run: [IW_Drop_Icon] C:ProgrammerPinnacleInstantCDDVDInstantWriteiwctrl.exe /DropDisc O4 - HKCU..Run: [Steam] C:ProgrammerValveSteamSteam.exe -silent O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [Spyware Doctor] C:PROGRA~1SPYWAR~1swdoctor.exe /Q O4 - Startup: Xfire.lnk = C:ProgrammerXfireXfire.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavaj2re1.4.2in pjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavaj2re1.4.2in pjpi142.dll O9 - Extra button: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:AdgangForAlleadgangforalle.exe O9 - Extra 'Tools' menuitem: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:AdgangForAlleadgangforalle.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net[...] O20 - Winlogon Notify: WB - C:ProgrammerStardockObject DesktopThemeManagerfastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32 vsvc32.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:WINDOWSsvcproc.exe
--
Intel Pentium 4 3,2 GHz | 1024MB DDR Ram | 160GB, 7200 RPM | DVD-RW 16W/4RW/16XR | MSI FX5500-TD256 256 Mb DDRRam | Creative Sound Blaster Live! 5.1 | MSI MS-8876 Tv @nywhere Master

#2
BikerSaur
Gigabruger
04-08-2005 22:38

Rapporter til Admin

1.02.3000.1001damsnappau.exe C:ProgrammerQuickTimeqttask.exe C:WINDOWSsystem32 undll32.exe C:ProgrammerSurfAccuracySAcc.exe C:ProgrammerBearShareBearShare.exe C:WINDOWSsystem32ctfmon.exe C:ProgrammerMessengermsmsgs.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:ProgrammerPinnacleShared FilesInstantCDDVDPCLETray.exe C:ProgrammerPinnacleInstantCDDVDInstantWriteiwctrl.exe C:ProgrammerValveSteamSteam.exe C:ProgrammerSkypePhoneSkype.exe C:PROGRA~1SPYWAR~1swdoctor.exe C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe C:PROGRA~1MOZILL~1FIREFOX.EXE C:WINDOWSsystem32wbemwmiprvse.exe C:Documents and SettingsNikolai jensenSkrivebordhijack thisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks F2 - REG:system.ini: Shell=Explorer.exe C:WINDOWSNail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:PROGRA~1SPYWAR~1 oolsiesdsg.dll O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:WINDOWSsystem32qqpjpxew.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [PinnacleDriverCheck] C:WINDOWSsystem32PSDrvCheck.exe O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [WinampAgent] C:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [snpstd] C:WINDOWSvsnpstd.exe O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe O4 - HKLM..Run: [msnappau] "C:ProgrammerMSN AppsUpdater1.02.3000.1001damsnappau.exe" O4 - HKLM..Run: [AnyDVD] "C:ProgrammerSlySoftAnyDVDAnyDVD.exe" O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [SurfAccuracy] C:ProgrammerSurfAccuracySAcc.exe O4 - HKLM..Run: [lanbrup] C:WINDOWSsystem32lanbrup.exe O4 - HKLM..Run: [BearShare] "C:ProgrammerBearShareBearShare.exe" /pause O4 - HKLM..Run: [ayuoxnq] c:windowssystem32yehyril.exe r O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengermsmsgs.exe" /background O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [InstantTray] C:ProgrammerPinnacleShared FilesInstantCDDVDPCLETray.exe O4 - HKCU..Run: [IW_Drop_Icon] C:ProgrammerPinnacleInstantCDDVDInstantWriteiwctrl.exe /DropDisc O4 - HKCU..Run: [Steam] C:ProgrammerValveSteamSteam.exe -silent O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [Spyware Doctor] C:PROGRA~1SPYWAR~1swdoctor.exe /Q O4 - Startup: Xfire.lnk = C:ProgrammerXfireXfire.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavaj2re1.4.2in pjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavaj2re1.4.2in pjpi142.dll O9 - Extra button: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:AdgangForAlleadgangforalle.exe O9 - Extra 'Tools' menuitem: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:AdgangForAlleadgangforalle.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net[...] O20 - Winlogon Notify: WB - C:ProgrammerStardockObject DesktopThemeManagerfastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32 vsvc32.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:WINDOWSsvcproc.exe
--
Intel Pentium 4 3,2 GHz | 1024MB DDR Ram | 160GB, 7200 RPM | DVD-RW 16W/4RW/16XR | MSI FX5500-TD256 256 Mb DDRRam | Creative Sound Blaster Live! 5.1 | MSI MS-8876 Tv @nywhere Master

#3
BikerSaur
Gigabruger
04-08-2005 22:39

Rapporter til Admin

#4
BikerSaur
Gigabruger
04-08-2005 22:40

Rapporter til Admin

Nå - nyt emne... kan i hjælpe mig med at få loggen sat ind? den gider ikke vise det hele, og når jeg prøvet, at sætte den ind i flere stykker viser den ikke noget :S:S:S:S
--
Intel Pentium 4 3,2 GHz | 1024MB DDR Ram | 160GB, 7200 RPM | DVD-RW 16W/4RW/16XR | MSI FX5500-TD256 256 Mb DDRRam | Creative Sound Blaster Live! 5.1 | MSI MS-8876 Tv @nywhere Master

#5
Theking2
Junior Nørd
04-08-2005 22:41

Rapporter til Admin

#2 Upload loggen her http://www.peecee.dk[...] (husk linket) Hvis den melder fejl så omdøb den til .txt til sidst
--
Ses vi i BF2? Det tror jeg nok vi gør! Theking_DK Hol.dk HJT Supporter

#6
BikerSaur
Ultrabruger
04-08-2005 22:42

Rapporter til Admin

#7
BikerSaur
Ultrabruger
04-08-2005 22:46

Rapporter til Admin

#8
Theking2
Junior Nørd
04-08-2005 23:12

Rapporter til Admin

#7 Ja jeg måtte jo selv finde loggen ;-) Jeg skal lige gøre opmærksom på at Spyware Doctor ikke er et anbefalet program da det kan slette nogle forkerte filer. Hent disse programmer som skal bruges i fejlsikret tilstand - Ewido Security Suite http://www.ewido.net[...] - Ad-aware SE Personal Edition 1.06 http://www.download.com[...] - Spybot - Search & Destroy 1.4 http://www.softpedia.com[...] - LSPFix http://danborg.org[...] Installer og OPDATER Ad-aware og Spybot Deaktiver systemgendannelse. (Højreklik på "Denne Computer" på skrivebordet, vælg egenskaber og fanebladet "Systemgendannelse" og sæt flueben i "Deaktiver systemgendannelse". Klik OK.) Genstart i fejlsikret tilstand. (Tryk F8 gentagne gange ved opstart) Inden du starter HJT skal følgende processer lukkes i Joblisten/Task Manager den åbner du ved at trykke "Ctrl + Alt + Delete" samtidig vsnpstd.exe SAcc.exe yehyril.exe Gå i Start > Kontrolpanel > Tilføj/Fjern Programmer og afinstaller nedenstående navne (med fed skrift) SurfAccuracy Newdotnet Kør så en ny scanning med HJT og sæt flueben ved disse: F2 - REG:system.ini: Shell=Explorer.exe C:WINDOWSNail.exe O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:WINDOWSsystem32qqpjpxew.dll O4 - HKLM..Run: [snpstd] C:WINDOWSvsnpstd.exe O4 - HKLM..Run: [lanbrup] C:WINDOWSsystem32lanbrup.exe O4 - HKLM..Run: [ayuoxnq] c:windowssystem32yehyril.exe r O4 - HKLM..Run: [SurfAccuracy] C:ProgrammerSurfAccuracySAcc.exe O4 - HKLM..Run: [New.net Startup] rundll32 C:PROGRA~1NEWDOT~1NEWDOT~2.DLL,NewDotNetStartup -s O10 - Hijacked Internet access by New.Net O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:WINDOWSsvcproc.exe Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Søg og slet nedenstående filer/mapper, hvis de stadig er der. Husk at ændre mappeindstillinger så du kan se skjulte filer samt systemfiler. (Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis. Fjern flueben ved "Skjul beskyttede operativsystemfiler". Fjern flueben ved "Skjul filtypenavne for kendte filtyper". Sæt prik i "Vis skjulte filer og mapper".) C:\WINDOWS\vsnpstd.exe >> Slet Filen C:\WINDOWS\system32\qqpjpxew.dll >> Slet Filen C:\WINDOWS\system32\lanbrup.exe >> Slet Filen c:\windows\system32\yehyril.exe >> Slet Filen C:\PROGRA~1\NEWDOTNET\ >> Slet Mappen C:\WINDOWS\svcproc.exe >> Slet Filen C:\Programmer\SurfAccuracy\ >> Slet Mappen Ændre derefter mappeindstillinger tilbage til ikke at vise skjulte filer og skjulte systemfiler. ----------------------- Ewido Scan pc'en med programmet, husk at vælge ALLE pc'ens drev og lad den fixe det den finder ----------------------- Ad-aware SE (Husk at update) Tag et "Full System Scan" med Ad-aware og ikke "Smart System Scan" og fix alt det den finder med rød tekst ----------------------- Spybot S&D (Husk at update) Åben programmet og tryk på "Check For Problems" efter scanningen trykker du på "Fix Selected Problems" ----------------------- Kør så en diskoprydning. (Start=> Programmer=> Tilbehør=> Systemværktøjer=> Diskoprydning. Sæt flueben ved temp-filer, temporary internet files og papirkurv). ----------------------- Du må først aktivere systemgendannelse igen, når jeg siger til. Genstart i normal tilstand. Kør en ny scanning med HJT og smid loggen herind til kontrol. Læg evt. også et par ord, om du har problemer med din PC, eller om det bare var et tjek Nu skal du se om Internet forbindelsen virker, hvis ikke så gør dette LSPFix Åben programmet og marker "I know what I'm Doing" og klik på "Finish"
--
Ses vi i BF2? Det tror jeg nok vi gør! Theking_DK Hol.dk HJT Supporter

#9
M-Lo
Monsterbruger
04-08-2005 23:15

Rapporter til Admin

#10
hna
Semibruger
04-08-2005 23:21

Rapporter til Admin

--
a.m.t.d.o

#11
hna
Semibruger
04-08-2005 23:23

Rapporter til Admin

#9 Jeg troede det var space/enter. Det var det ikke. hhhmm. VH
--
a.m.t.d.o

#12
BikerSaur
Ultrabruger
04-08-2005 23:29

Rapporter til Admin

#13
BikerSaur
Ultrabruger
04-08-2005 23:30

Rapporter til Admin

#14
BikerSaur
Ultrabruger
05-08-2005 02:01

Rapporter til Admin

har gjort som #8 sagde... den nye hjt log: Logfile of HijackThis v1.99.1 Scan saved at 02:00:25, on 05-08-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe C:Programmerewidosecurity suiteewidoctrl.exe C:Programmerewidosecurity suiteewidoguard.exe C:WINDOWSsystem32 vsvc32.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32alg.exe C:WINDOWSsystem32wscntfy.exe C:WINDOWSExplorer.exe C:WINDOWSsystem32RunDll32.exe C:ProgrammerWinampwinampa.exe C:PROGRA~1GrisoftAVGFRE~1avgcc.exe C:PROGRA~1GrisoftAVGFRE~1avgemc.exe C:ProgrammerQuickTimeqttask.exe C:ProgrammerBearShareBearShare.exe C:WINDOWSsystem32ctfmon.exe C:ProgrammerMessengermsmsgs.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:ProgrammerPinnacleShared FilesInstantCDDVDPCLETray.exe C:ProgrammerPinnacleInstantCDDVDInstantWriteiwctrl.exe C:ProgrammerValveSteamSteam.exe C:ProgrammerSkypePhoneSkype.exe C:PROGRA~1SPYWAR~1swdoctor.exe C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe C:WINDOWSsystem32wuauclt.exe C:Documents and SettingsNikolai jensenSkrivebordhijack thisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:PROGRA~1SPYWAR~1 oolsiesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [PinnacleDriverCheck] C:WINDOWSsystem32PSDrvCheck.exe O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM..Run: [WinampAgent] C:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GrisoftAVGFRE~1avgemc.exe O4 - HKLM..Run: [AnyDVD] "C:ProgrammerSlySoftAnyDVDAnyDVD.exe" O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [BearShare] "C:ProgrammerBearShareBearShare.exe" /pause O4 - HKLM..Run: [zkbtnd] c:windowssystem32ubbqam.exe r O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengermsmsgs.exe" /background O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - HKCU..Run: [InstantTray] C:ProgrammerPinnacleShared FilesInstantCDDVDPCLETray.exe O4 - HKCU..Run: [IW_Drop_Icon] C:ProgrammerPinnacleInstantCDDVDInstantWriteiwctrl.exe /DropDisc O4 - HKCU..Run: [Steam] C:ProgrammerValveSteamSteam.exe -silent O4 - HKCU..Run: [Skype] "C:ProgrammerSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [Spyware Doctor] C:PROGRA~1SPYWAR~1swdoctor.exe /Q O4 - Startup: Xfire.lnk = C:ProgrammerXfireXfire.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavaj2re1.4.2in pjpi142.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavaj2re1.4.2in pjpi142.dll O9 - Extra button: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:AdgangForAlleadgangforalle.exe O9 - Extra 'Tools' menuitem: Adgangforalle.dk fjernbetjening - {0AD5A451-967F-46BD-9F5E-39247D7FC77F} - c:AdgangForAlleadgangforalle.exe O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O10 - Broken Internet access because of LSP provider 'c:programmer ewdotnet ewdotnet6_38.dll' missing O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com[...] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com[...] O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net[...] O20 - Winlogon Notify: WB - C:ProgrammerStardockObject DesktopThemeManagerfastload.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:Programmerewidosecurity suiteewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:Programmerewidosecurity suiteewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32 vsvc32.exe
--
Intel Pentium 4 3,2 GHz | 1024MB DDR Ram | 160GB, 7200 RPM | DVD-RW 16W/4RW/16XR | MSI FX5500-TD256 256 Mb DDRRam | Creative Sound Blaster Live! 5.1 | MSI MS-8876 Tv @nywhere Master

#15
Theking2
Junior Nørd
05-08-2005 17:45

Rapporter til Admin

#14 Din log er blevet en hel del pænere, men der mangler stadig lidt. Hent dette program - Kaspersky Scanner http://www.spywareinfo.dk[...] Genstart i fejlsikret tilstand. (Tryk F8 gentagne gange ved opstart) Kør så en ny scanning med HJT og sæt flueben ved disse: F2 - REG:system.ini: Shell=Explorer.exe O4 - HKLM..Run: [zkbtnd] c:windowssystem32ubbqam.exe Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Søg og slet nedenstående filer/mapper, hvis de stadig er der. Husk at ændre mappeindstillinger så du kan se skjulte filer samt systemfiler. (Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis. Fjern flueben ved "Skjul beskyttede operativsystemfiler". Fjern flueben ved "Skjul filtypenavne for kendte filtyper". Sæt prik i "Vis skjulte filer og mapper".) c:\windows\system32\ubbqam.exe >> Slet Filen Ændre derefter mappeindstillinger tilbage til ikke at vise skjulte filer og skjulte systemfiler. ----------------------- Installer og scan så med Kaspersky scanneren. Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services. - og prik i følgende: All local drives og Scan all files. Klik på scan. Du skal ikke klikke på Add to Startup folders, for så scannes din PC, hver gang du starter Windows op ----------------------- Genstart pc'en og smid en ny log ind, og fortæl hvordan det står til med pc'en?
--
Ses vi i BF2? Det tror jeg nok vi gør! Theking_DK Hol.dk HJT Supporter

#16
BikerSaur
Ultrabruger
08-08-2005 19:03

Rapporter til Admin

Pc'en er bleven en hel del hurtigere.. men den er stadig langsom... jeg prøver at gøre som du siger næste gang jeg har besøg af ham.. og endnu engang tak for din hjælp :)
--
Intel Pentium 4 3,2 GHz | 1024MB DDR Ram | 160GB, 7200 RPM | DVD-RW 16W/4RW/16XR | MSI FX5500-TD256 256 Mb DDRRam | Creative Sound Blaster Live! 5.1 | MSI MS-8876 Tv @nywhere Master