Theking2, du får et stort 5 tal herfra, for din tålmodighed og evne til at guide.
Jeg fandt en winlogon.exe, som jeg lod være, da der ikke var nogen data txt som sagde inet20004.
Der var ikke nogen inet20004 mappe, og svwhost.exe filen fandt jeg, og slettede.
Jeg fandt en svwhost.dll fil i c:windowssystem mappen. Den har jeg ikke slettet. Skal jeg det?
Efter genstart, har jeg stadig ikke kontrol over min baggrund på skrivebordet :(
Her er vedhæftet nyeste hjt log
Logfile of HijackThis v1.99.1
Scan saved at 22:49:16, on 19-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:ProgrammerJavajre1.5.0_04injusched.exe
C:ProgrammerUSB Flash Disk UtilityUFD UtilityUFDMon.exe
C:ProgrammerUSB Flash Disk UtilityUFD UtilityUSBTD.exe
C:PROGRA~1NORTON~1
avapw32.exe
C:ProgrammerQuickTimeqttask.exe
C:ProgrammerMSN MessengerMsnMsgr.Exe
C:ProgrammerNorton AntiVirus
avapsvc.exe
C:WINDOWSsystem32svchost.exe
C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe
C:ProgrammerAdobeAcrobat 6.0Distillracrotray.exe
C:ProgrammerWinZipWZQKPICK.EXE
D:BHO DemonBHODemon.exe
C:ProgrammerFælles filerSymantec SharedSecurity CenterSymWSC.exe
C:WINDOWSsystem32wuauclt.exe
C:Documents and SettingsLindaSkrivebordNy mappeHi Jack thishijackthis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.dr.dk[...]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:ProgrammerSpybot - Search & DestroySDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:ProgrammerAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammerNorton AntiVirusNavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:ProgrammerAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavajre1.5.0_04injusched.exe
O4 - HKLM..Run: [UFD Monitor] C:ProgrammerUSB Flash Disk UtilityUFD UtilityUFDMon.exe
O4 - HKLM..Run: [UFD Utility] C:ProgrammerUSB Flash Disk UtilityUFD UtilityUSBTD.exe
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1
avapw32.exe
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [MsnMsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background
O4 - Startup: BHODemon 2.0.lnk = D:BHO DemonBHODemon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:ProgrammerInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:ProgrammerAdobeAcrobat 6.0Distillracrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:ProgrammerWinZipWZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavajre1.5.0_04in
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavajre1.5.0_04in
pjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
http://downol.dr.dk[...]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com[...]
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com[...]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com[...]
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
http://dm.screensavers.com[...]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com[...]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com[...]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com[...]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: ewido security suite control - Unknown owner - D:Ny mappe (2)security suiteewidoctrl.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:ProgrammerNorton AntiVirus
avapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1FÆLLES~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:ProgrammerFælles filerSymantec SharedSecurity CenterSymWSC.exe
--