* Uofficiel Black/White liste V3
|
Denne tråd er over 6 måneder gammel
Er du sikker på, at du har noget relevant at tilføje?
Check my HJT log, please :o)?Af Bruger *Cookie | 28-09-2004 22:52 | 1219 visninger | 5 svar, hop til seneste
Hej.
Har vist været lidt for overmodig at installere alt muligt underligt, så min PC kokser lidt igen. Spørger fx om noget underligt ved opstart af Windows og nægter nogle gange at skrive æ, ø, å osv :o/. Kan være en ”rengøring” er tiltrængt? Håber, nogen (Armageddon, my hero ;o)?) gider at se HJT loggen igennem. PFT :o).
________________________________________________
Logfile of HijackThis v1.98.2
Scan saved at 21:08:01, on 28-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Antivirus programmer\Kerio, Firewall\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\LckFldService.exe
C:\Programmer\Antivirus programmer\Kerio, Firewall\Personal Firewall 4\kpf4gui.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\Antivirus programmer\Kerio, Firewall\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSD.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\powerman.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ANTIVI~1\Avast\ashDisp.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
D:\TBPPRO~1\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe
D:\TBP Programmes\GMail\Gmail Notifier\gnotify.exe
D:\TBP Programmes\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\kdx\KHost.exe
C:\Programmer\Antivirus programmer\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\SurfSecret\SS2-FULL.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
D:\TBP Programmes\Skype\Phone\Skype.exe
C:\WINDOWS\System32\SNDVOL32.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Antivirus programmer\HiJack Spyware\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com[...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com[...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\TBP Programmes\ICQ\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1601.0\da\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\TBP Programmes\ICQ\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LaunchAp] C:\Programmer\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmer\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programmer\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Programmer\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [powerman] "C:\WINDOWS\System32\powerman.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ANTIVI~1\Avast\ashmaisv.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmer\Antivirus programmer\Kaspersky\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [MaxtorOneTouch] D:\TBPPRO~1\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [PopUpInspector.exe] "C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\TBP Programmes\GMail\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\TBP Programmes\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [zSPGuard] c:\programmer\antivirus programmer\spguard\spguard.exe /s
O4 - HKLM\..\Run: [PopUpInspector] C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Antivirus programmer\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "D:\TBP Programmes\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\TBP Programmes\ICQ\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Microsoft Office Programlinje.lnk = ?
O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\TBP Programmes\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Allow popups from this web page - C:\Programmer\Antivirus programmer\PopUpKiller\allowsite.htm
O8 - Extra context menu item: Bloker alle billeder fra den samme server - D:\TBP Programmes\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Marker forekomster af ord på denne side - D:\TBP Programmes\Avant Browser\Highlight.htm
O8 - Extra context menu item: Stop popups from this web page - C:\Programmer\Antivirus programmer\PopUpKiller\denysite.htm
O8 - Extra context menu item: Søg på ord - D:\TBP Programmes\Avant Browser\Search.htm
O8 - Extra context menu item: Tilføj til AD Black List - D:\TBP Programmes\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Åben alle links på denne side... - D:\TBP Programmes\Avant Browser\OpenAllLinks.htm
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\TBP Programmes\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\TBP Programmes\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe (HKCU)
O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe (HKCU)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com[...]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com[...]
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...]
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net[...]
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...]
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com[...]
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk[...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{95492FC1-036E-4DCB-9EEF-8B6B384F37DC}: NameServer = 193.162.159.194,193.162.145.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAC6CE84-D8B8-43DC-A9AA-ED2D70E988C2}: NameServer = 193.162.159.194,193.162.145.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4F08797-0DEE-4E72-B571-189E0FEC30E4}: NameServer = 193.162.159.194,193.162.145.130
--
Make somebody else's day - commit an act of kindness ... TODAY :o)!
Hej søde *Cookie,
Det er slet ikke så slemt, men der er dog et par småting som lige skal fixes. Start med at deaktivere systemgendannelse.
Højreklik på "Denne Computer" på skrivebordet, vælg egenskaber og fanebladet "Systemgendannelse" og sæt flueben i "Deaktiver systemgendannelse". Klik ok og genstart.
Det er uhensigtsmæssigt at køre med 2 antivirusprogrammer, da de kan konflikte. Kaspersky er et rigtig godt program, så det vil jeg anbefale at du beholder, og i stedet fjerner Avast.
Kør herefter en ny scanning med HJT og sæt flueben ved disse:
O4 - HKLM..Run: [QuickTime Task] "C:ProgrammerQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [kdx] C:WINDOWSkdxKHost.exe
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com[...]
Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart i fejlsikret tilstand (tryk F8 efter POST skærmen). Find og slet denne (husk at ændre mappeindstillinger så du kan se skjulte filer samt systemfiler):
C:WINDOWSkdxKHost.exe
Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
1000 knus
Michael -- /Armageddon - [email protected]
http://www.mdegn.dk[...] Armageddon, my hero.
Just knew you would come to my recue ;o)!
Vildt, der ikke skulle renses mere ud i loggen. Den så så ustyrlig ud, at jeg næsten var flov over at skulle poste den :o)! Anyway, your wish – my command:
A) Men kunne ikke få lov til at af-installere Avast. Den skrev ”a setiface error has occured... Try to reinstall or contact support...“, så tror ikke, om den er væk.
B) Kunne ikke finde og slette C:WINDOWSkdxKHost.exe – hverken under fejlsikret eller normal tilstand, selv om mappeindstilling var ændret til at se ”alt”.
C) Ved ikke, om pkt A og B betyder noget, men hermed ny log til kontrol
1000 knuz right back at ya’!
DS ;o)
_____________________________________________
Logfile of HijackThis v1.98.2
Scan saved at 00:08:26, on 29-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSD.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\powerman.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ANTIVI~1\Avast\ashDisp.exe
D:\TBPPRO~1\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe
D:\TBP Programmes\GMail\Gmail Notifier\gnotify.exe
D:\TBP Programmes\iTunes\iTunesHelper.exe
C:\Programmer\Antivirus programmer\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
D:\TBP Programmes\Skype\Phone\Skype.exe
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\Programmer\Antivirus programmer\Kerio, Firewall\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\LckFldService.exe
C:\Programmer\Antivirus programmer\Kerio, Firewall\Personal Firewall 4\kpf4gui.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\Antivirus programmer\Kerio, Firewall\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Microsoft Works\WkDStore.exe
C:\Programmer\Antivirus programmer\HiJack Spyware\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com[...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com[...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\TBP Programmes\ICQ\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1601.0\da\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\TBP Programmes\ICQ\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LaunchAp] C:\Programmer\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmer\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programmer\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Programmer\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [powerman] "C:\WINDOWS\System32\powerman.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ANTIVI~1\Avast\ashmaisv.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programmer\Antivirus programmer\Kaspersky\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [MaxtorOneTouch] D:\TBPPRO~1\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [PopUpInspector.exe] "C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\TBP Programmes\GMail\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\TBP Programmes\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [zSPGuard] c:\programmer\antivirus programmer\spguard\spguard.exe /s
O4 - HKLM\..\Run: [PopUpInspector] C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Antivirus programmer\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "D:\TBP Programmes\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Microsoft Office Programlinje.lnk = ?
O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\TBP Programmes\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Allow popups from this web page - C:\Programmer\Antivirus programmer\PopUpKiller\allowsite.htm
O8 - Extra context menu item: Bloker alle billeder fra den samme server - D:\TBP Programmes\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Marker forekomster af ord på denne side - D:\TBP Programmes\Avant Browser\Highlight.htm
O8 - Extra context menu item: Stop popups from this web page - C:\Programmer\Antivirus programmer\PopUpKiller\denysite.htm
O8 - Extra context menu item: Søg på ord - D:\TBP Programmes\Avant Browser\Search.htm
O8 - Extra context menu item: Tilføj til AD Black List - D:\TBP Programmes\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Åben alle links på denne side... - D:\TBP Programmes\Avant Browser\OpenAllLinks.htm
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\TBP Programmes\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\TBP Programmes\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe (HKCU)
O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe (HKCU)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com[...]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com[...]
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...]
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net[...]
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...]
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk[...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{95492FC1-036E-4DCB-9EEF-8B6B384F37DC}: NameServer = 193.162.159.194,193.162.145.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAC6CE84-D8B8-43DC-A9AA-ED2D70E988C2}: NameServer = 193.162.159.194,193.162.145.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4F08797-0DEE-4E72-B571-189E0FEC30E4}: NameServer = 193.162.159.194,193.162.145.130
-- Make somebody else's day - commit an act of kindness ... TODAY :o)!
Hej igen,
Det gør ikke noget at Avast ikke kunne afinstalleres. Jeg kan se at Kaspersky er inaktiv, og så er det nemmest at beholde Avast og fjerne resterne af Kaspersky. Hvis du hellere vil have Kaspersky, skal jeg nok hjælpe dig med det.
Prøv om du kan afinstallere Kaspersky - hvis ikke så gør det ikke noget.
Fix lige denne linie:
O4 - HKLM..Run: [KAVPersonal50] C:\Programmer\Antivirus programmer\Kaspersky\Kaspersky Anti-Virus Personal\kav.exe /minimize
Slet bagefter denne mappe:
C:\Programmer\Antivirus programmer\Kaspersky\
Genstart maskinen og aktiver systemgendannelse igen.
Alt tyder på at C:\WINDOWS\kdx\KHost.exe er blevet slettet da du ikke kan finde filen, så det behøver du ikke spekulere mere på.
1000 knus -- /Armageddon - [email protected]
http://www.mdegn.dk[...] Hej igen my Hero.
ØV, kunne ikke falde i søvn. Er frisk som en havørn, så har lige gjort som befalet ;o)! Vil du ikke nok checke loggen igen, please? Bare en sidste gang... just in case?
Du kunne åbenbart se, min Kaspersky var inaktiv :o). Kan du så også se, om Avast (eller andet anti-virus) og (Kerio) firewall er aktiv nu? Har nemlig ingen anelse :-s….
PFT IGEN IGEN IGEN & 1000 KNUZ
__
Logfile of HijackThis v1.98.2
Scan saved at 00:54:42, on 30-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Launch Manager\LaunchAp.exe
C:\Programmer\Launch Manager\HotkeyApp.exe
C:\Programmer\Launch Manager\OSD.exe
C:\Programmer\Launch Manager\Wbutton.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\powerman.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ANTIVI~1\Avast\ashDisp.exe
D:\TBPPRO~1\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe
D:\TBP Programmes\GMail\Gmail Notifier\gnotify.exe
D:\TBP Programmes\iTunes\iTunesHelper.exe
C:\Programmer\Antivirus programmer\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\Programmer\Antivirus programmer\Kerio, Firewall\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\LckFldService.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Antivirus programmer\Kerio, Firewall\Personal Firewall 4\kpf4gui.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\Antivirus programmer\Kerio, Firewall\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Microsoft Works\WkDStore.exe
C:\Programmer\Antivirus programmer\HiJack Spyware\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com[...]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com[...]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\TBP Programmes\ICQ\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1601.0\da\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\TBP Programmes\ICQ\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LaunchAp] C:\Programmer\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmer\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Programmer\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmer\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Programmer\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [powerman] "C:\WINDOWS\System32\powerman.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ANTIVI~1\Avast\ashmaisv.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] D:\TBPPRO~1\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [PopUpInspector.exe] "C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\TBP Programmes\GMail\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\TBP Programmes\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [zSPGuard] c:\programmer\antivirus programmer\spguard\spguard.exe /s
O4 - HKLM\..\Run: [PopUpInspector] C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Antivirus programmer\SpyBot\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Office Programlinje.lnk = ?
O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\TBP Programmes\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Allow popups from this web page - C:\Programmer\Antivirus programmer\PopUpKiller\allowsite.htm
O8 - Extra context menu item: Bloker alle billeder fra den samme server - D:\TBP Programmes\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Marker forekomster af ord på denne side - D:\TBP Programmes\Avant Browser\Highlight.htm
O8 - Extra context menu item: Stop popups from this web page - C:\Programmer\Antivirus programmer\PopUpKiller\denysite.htm
O8 - Extra context menu item: Søg på ord - D:\TBP Programmes\Avant Browser\Search.htm
O8 - Extra context menu item: Tilføj til AD Black List - D:\TBP Programmes\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Åben alle links på denne side... - D:\TBP Programmes\Avant Browser\OpenAllLinks.htm
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\TBP Programmes\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\TBP Programmes\ICQ\ICQLite\ICQLite.exe
O9 - Extra button: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe (HKCU)
O9 - Extra 'Tools' menuitem: PopUp Inspector - {D216B74A-9A2F-4025-9690-86780AA75F6E} - C:\Programmer\Antivirus programmer\PopUpKiller\PopUpInspector.exe (HKCU)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com[...]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com[...]
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com[...]
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net[...]
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...]
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) - https://udstedelse.certifikat.tdc.dk[...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{95492FC1-036E-4DCB-9EEF-8B6B384F37DC}: NameServer = 193.162.159.194,193.162.145.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAC6CE84-D8B8-43DC-A9AA-ED2D70E988C2}: NameServer = 193.162.159.194,193.162.145.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4F08797-0DEE-4E72-B571-189E0FEC30E4}: NameServer = 193.162.159.194,193.162.145.130
-- Make somebody else's day - commit an act of kindness ... TODAY :o)!
Hej igen *Cookie,
Selvfølgelig vil jeg da tjekke igen - vi skal jo være sikker på at alt er i orden.
Både Avast og Kerio Personal Firewall er aktive, så alt skulle være i skønneste orden.
Husk at aktivere systemgendannelse hvis ikke du allerede har gjort dette.
1000 knus
Michael -- /Armageddon - [email protected]
http://www.mdegn.dk[...]
Grundet øget spam aktivitet fra gæstebrugere, er det desværre ikke længere muligt, at oprette svar som gæst.
Hvis du ønsker at deltage i debatten, skal du oprette en brugerprofil.
Opret bruger | Login
|
Du skal være logget ind for at tilmelde dig nyhedsbrev.
Hvilken udbyder har du til internet? 239 personer har stemt - Mit energiselskab (Ewii f.eks) 11%
|
|
|