/ Forside/ Teknologi / Internet / Sikkerhed / Spørgsmål
Login
Glemt dit kodeord?
Brugernavn 

Kodeord  


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
hjælp til hjt log
Fra : smut1
Vist : 1066 gange
200 point
Dato : 19-11-06 11:27

er der ikke lige en barmhjertig sjæl der kan kigge på denne log og give mig et par gode råd

Logfile of HijackThis v1.99.1
Scan saved at 11:12:46, on 19-11-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\Brother\ControlCenter2\brctrcen.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programmer\RivaTuner v2.0 RC 15.7\RivaTuner.exe
C:\Programmer\RivaTuner v2.0 RC 15.7\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\wkssr.exe
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\installerede spil\hl2\steam.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Metacafe\MetacafeAgent.exe
C:\Programmer\AVerTV\QuickTV.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\lsass.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Documents and Settings\kim jensen\Skrivebord\hjt\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.kandu.dk/dk/last25.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RivaTuner] "C:\Programmer\RivaTuner v2.0 RC 15.7\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStatisticsServer] "C:\Programmer\RivaTuner v2.0 RC 15.7\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft dll Host Service ] wkssr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunServices: [Microsoft dll Host Service ] wkssr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Programmer\Tweak-XP Pro\Tweak-xp.exe" -ex
O4 - HKCU\..\Run: [Steam] "d:\installerede spil\hl2\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Microsoft dll Host Service ] wkssr.exe
O4 - HKCU\..\RunServices: [Microsoft dll Host Service ] wkssr.exe
O4 - Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickTV.lnk = C:\Programmer\AVerTV\QuickTV.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {236F8648-E986-46B2-A3C9-C312CF08B7F8} - http://www.sexdating.dk/messenger/dk/sexdating/oneclick/install.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163928079233
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BF25923-503C-4E5E-B35F-62748FAFCE65}: NameServer = 62.61.131.0,62.61.131.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BF25923-503C-4E5E-B35F-62748FAFCE65}: NameServer = 62.61.131.0,62.61.131.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BF25923-503C-4E5E-B35F-62748FAFCE65}: NameServer = 62.61.131.0,62.61.131.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPxySvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe



 
 
Kommentar
Fra : MacMadsen


Dato : 19-11-06 11:48

Læg din hjt log op på denne side i stedet:
http://www.spywarefri.dk/forum/

De er gode og hurtige til at hjælpe, du skal bare lige oprette dig som bruger i forum i stedet for.

Mvh
MacMadsen

Kommentar
Fra : refi


Dato : 19-11-06 11:52

Unødvændigt

stl_s er også her - så bare vent

Kommentar
Fra : miritdk


Dato : 19-11-06 11:53

hvorfor dog det - her på kandu er vi så heldige at have stl_s til den slags - og bedre hjælp fåes nok ikke lige umiddelbart

Kommentar
Fra : miritdk


Dato : 19-11-06 11:54

hej refi

Kommentar
Fra : MacMadsen


Dato : 19-11-06 11:59

Men stl_s er ikke online lige nu... derfor tænkte jeg det andet muligvis gik hurtigere...

Bare en hjælp til ham :)

Kommentar
Fra : BjarneD


Dato : 19-11-06 12:06

Mens vi venter på "julemanden" kan an jo lægge mærke til denne lilel bandit:
Citat
C:\WINDOWS\lsass.exe

Det er filens placering.

Kommentar
Fra : miritdk


Dato : 19-11-06 12:13

BjarneD - lsass.exe er normalt en systemfil fra microsoft så medmindre du er helt sikker ville jeg nok lige passe på med at sige noget til spørger

Kommentar
Fra : BjarneD


Dato : 19-11-06 12:16

Når I andre lige skal ind og fortælle at I er her så vil jeg også.
Du har lige afsløret, at du ikke ved så meget om tingene endda mirittedanmark

Kommentar
Fra : MacMadsen


Dato : 19-11-06 12:18

BjarneD
Jeg vil nu mene at lsass.exe kører på langt de fleste windowsmaskiner (mon ikke den også kører på din?).
Det er en alm. windows system fil.

Kommentar
Fra : miritdk


Dato : 19-11-06 12:18

hvorfor løser du så ikke loggen så vi andre kan følge med BjarneD ?????????? så kan man vel lære noget af det

Kommentar
Fra : BjarneD


Dato : 19-11-06 12:23

Endnu en der ikke ved meget om Windows.

Nej mirittedanmark jeg laver kun den slags i den virkelige verden hvor jeg selv har kontrol med tingene, men det er såmænd ikke så mystisk som visse får det til at se ud til det er kun et spørgsmål om at kende de funktioner der kører og HVOR de skal køre og så lige at have lidt godt værktøj i baghånden.

Kommentar
Fra : miritdk


Dato : 19-11-06 12:24

MacMadsen den KAN være skidt - men også ok

og jeg har for i øvrigt ikke påstået nogen form for bedreviden BjarneD

Kommentar
Fra : miritdk


Dato : 19-11-06 12:26

BjarneD

Citat
jeg laver kun den slags i den virkelige verden hvor jeg selv har kontrol med tingene


?????? løser du logs ????? her på kandu ????... eller ?????



Kommentar
Fra : BjarneD


Dato : 19-11-06 12:27

Kandu er ikke den virkelige verden, men ellers ja.

Kommentar
Fra : miritdk


Dato : 19-11-06 12:29

ikke forstået - bortset fra at kandu ikke er den virkelige verden

Kommentar
Fra : MacMadsen


Dato : 19-11-06 12:31

Jeg menes i hvert fald at have kørt både det ene og andet (også hjt) og ikke slettet lsass.exe
og jeg har da ingen problemer...
Har ikke oplevet en pc hvor lsass.exe ikke kørte, men okay jeg er ikke verdensmester

Kommentar
Fra : refi


Dato : 19-11-06 12:33



Nu har I da snart lavet "smalltalk" i det hele

Det er lige før det er bedre at lægge den på spywarefri

Kommentar
Fra : miritdk


Dato : 19-11-06 12:37

du har da så meget ret refi

Kommentar
Fra : stl_s


Dato : 20-11-06 10:02

Hent og installer RemoveIT PRO her http://www.incodesolutions.com/downloads/removeit_pro.exe

Kør en scanning med den i fejlsikret tilstand, og lad programmet fixe hvad det finder. Bagefter klik på "Full report log". Vent på at loggen åbner i notesblok, og kopier den her ind i tråden.


Kommentar
Fra : miritdk


Dato : 20-11-06 10:08

sådan så er der hjælp at få

Kommentar
Fra : smut1


Dato : 21-11-06 18:43

stl_s

jeg kunne desværre ikke køre programmet i fejlsikret tilstand så det blev en log på alm vis

på forhånd tak

RemoveIT Pro XT2c - SE (Buld date: 23.10.2006) full information log file.
Generated at: 21-11-2006 on 18:24:05
Microsoft Windows XP Professional (Build 2600)
Author: Damjan Irgolic
http://www.incodesolutions.com
support@incodesolutions.com


You have some viruses in your computer.
Please Scan your computer with RemoveIT Pro to remove discovered viruses.
Virus list:
Infected with Win32.Tilebot.HW - File lsass.exe
Infected with Win32.Trojan.WowPWS.F - File lsass.exe

Running processes: (29)
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programmer\RivaTuner v2.0 RC 15.7\RivaTuner.exe
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\lsass.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\InCode Solutions\RemoveIT Pro XT2 - SE\removeit.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

Startup files:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
[C:\WINDOWS\System32\ctfmon.exe]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TransTask
[]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Tweak-XP
[]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TransparentIcons
[]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr
["C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Tweak-XP Pro
["C:\Programmer\Tweak-XP Pro\Tweak-xp.exe" -ex]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Steam
["d:\installerede spil\hl2\steam.exe" -silent]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\LogitechSoftwareUpdate
[C:\Programmer\Logitech\Video\ManifestEngine.exe boot]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Skype
["C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\PcSync
[C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccApp
["C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ccRegVfy
["C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\GhostStartTrayApp
[C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
[RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz
[nwiz.exe /install]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Symantec NetDriver Monitor
[C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck
[C:\WINDOWS\system32\NeroCheck.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SSBkgdUpdate
["C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PaperPort PTD
[C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IndexSearch
[C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SetDefPrt
[C:\Programmer\Brother\Brmfl04a\BrStDvPt.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ControlCenter2.0
[C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe
["C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\DAEMON Tools-1033
["C:\Programmer\D-Tools\daemon.exe" -lang 1033]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LVCOMSX
[C:\WINDOWS\system32\LVCOMSX.EXE]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LogitechVideoRepair
[C:\Programmer\Logitech\Video\ISStart.exe ]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LogitechVideoTray
[C:\Programmer\Logitech\Video\LogiTray.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\IAAnotif
[C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RivaTuner
["C:\Programmer\RivaTuner v2.0 RC 15.7\RivaTuner.exe" /T]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RivaTunerStatisticsServer
["C:\Programmer\RivaTuner v2.0 RC 15.7\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PCSuiteTrayApplication
[C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
["C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Cmaudio
[RunDll32 cmicnfg.cpl,CMICtrlWnd]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Arovax Shield
[C:\Programmer\Arovax Shield\ArovaxShield.exe -tray]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PrevxOne
["C:\Programmer\Prevx1\PXConsole.exe"]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SoundMan
[SOUNDMAN.EXE]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter
[RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit]

Detail report: (116)
Clsid C:\WINDOWS\System32\crypt32.dll[e7e6076b6d8e490577c8422c6a6fe02d][557568]
Clsid C:\WINDOWS\System32\cryptnet.dll[3fa2d95cad421bbd6bd188eea4eabb25][53248]
Clsid C:\WINDOWS\System32\cscdll.dll[f462f3dd1c2fb11d0b5347efcd0ca178][89600]
Clsid C:\WINDOWS\System32\sclgntfy.dll[65093fffb24f104bf8e47d074e2a877e][19968]
Clsid c:\windows\system32\stobject.dll[758b9219b1a8040b9171f46c3fa363a4][117760]
Clsid C:\WINDOWS\System32\wlnotify.dll[01dcbd00e66ab42400d256016a9a0e8f][86528]
Proc C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe[8b63faf88f529a14092a01bfa53d4e2f][471040]
Proc C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe[305365a42f7d38d8d10b233ece1c84c6][172065]
Proc C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE[bc9c77fac763d84bfdf09b55d4b41afa][200704]
Proc C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe[bf1adc427620e14f45bc00447524a1dc][176640]
Proc C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe[77ed13fd3196ebc7311ccd6899c7488c][180269]
Proc C:\Programmer\InCode Solutions\RemoveIT Pro XT2 - SE\removeit.exe[114aeb2c324d207077406a2b06118816][548864]
Proc C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe[6ca4cc14fda11978617057e73d588475][139264]
Proc C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe[d43e91e271c041bb86a6223462a41d28][86140]
Proc C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe[409c45da1cfbc3fc19eec7cbfe9b2786][49263]
Proc C:\Programmer\Logitech\Video\FxSvr2.exe[70b68620c41c40580886b808fd7265da][192512]
Proc C:\Programmer\Logitech\Video\LogiTray.exe[fe6e15cc578c3278755cddff70c2787d][217088]
Proc C:\Programmer\MSN Messenger\MsnMsgr.Exe[6f616289da6c949147661bf88f081136][7094272]
Proc C:\Programmer\RivaTuner v2.0 RC 15.7\RivaTuner.exe[9bb98461106359a61969d2beeb7dffb5][2195456]
Proc C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe[59572c7838043b69562c55dfbba0349d][57393]
Proc C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe[45725ce2a9bd68cf1526728fcffcc24e][94208]
Proc C:\WINDOWS\Explorer.EXE[9c8604e0a3ec6e29a4a2f978e1167315][1001984]
Proc C:\WINDOWS\lsass.exe[5545a0218859dacf7abfa15cd1db3837][53675]
Proc C:\WINDOWS\system32\Brmfrmps.exe[bb192385661daf7f3d48b586f6e1d166][65536]
Proc C:\WINDOWS\System32\brss01a.exe[9e646cd378d4d0c996baf9bcb18237c7][45056]
Proc C:\WINDOWS\System32\brsvc01a.exe[d3facb34fff5db91adb70987838f8ba7][57344]
Proc C:\WINDOWS\System32\ctfmon.exe[aa49ffa6a35931bed7bfe3b3d8e08649][13312]
Proc C:\WINDOWS\system32\lsass.exe[5ac2f1869c1eef4a1b41e245e668328e][11776]
Proc C:\WINDOWS\system32\LVCOMSX.EXE[f0431c490f124a8cc874163e6a38dd28][221184]
Proc C:\WINDOWS\System32\RUNDLL32.EXE[5db152abc7200ddcebe032f988741e70][31744]
Proc C:\WINDOWS\system32\services.exe[f0616b86f44c8fe4fc2db2953f49ab83][101376]
Proc C:\WINDOWS\system32\spoolsv.exe[1c0ab1f20565c71bdd0ab5bf754cf4cc][51200]
Proc C:\WINDOWS\system32\svchost.exe[cc25dca889ff3ab2bd4cf74bbc862e80][12800]
RegRun c:\progra~1\nokia\nokiap~1\launch~1.exe [47fe14fd96648ef07957b8cabf992313][237568]
RegRun c:\progra~1\symnet~1\sndmon.exe [f9418981ee4d7e995d359833adab59d5][100056]
RegRun c:\programmer\arovax shield\arovaxshield.exe [86c7b8fd3e523bc8d0c783c4b781406f][1183744]
RegRun c:\programmer\brother\brmfl04a\brstdvpt.exe[129b277c10339efe2907834e9295d16d][49152]
RegRun c:\programmer\brother\controlcenter2\brctrcen.exe [7c280ebdf43724636289d50cf26f2ab0][851968]
RegRun c:\programmer\d-tools\daemon.exe [d4a75928bcf18a6ed3bf9fc732ae609f][73728]
RegRun c:\programmer\fælles filer\real\update_ob\realsched.exe [77ed13fd3196ebc7311ccd6899c7488c][180269]
RegRun c:\programmer\fælles filer\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe [1c3ca3e7807f915933bb4e08e599ddab][155648]
RegRun c:\programmer\fælles filer\symantec shared\ccapp.exe[ace91f1db4e08fa62c758adf2390c07e][54296]
RegRun c:\programmer\fælles filer\symantec shared\ccregvfy.exe[8ab27947c7c2b3388f15ce7c3d595050][58392]
RegRun c:\programmer\intel\intel matrix storage manager\iaanotif.exe[6ca4cc14fda11978617057e73d588475][139264]
RegRun c:\programmer\java\jre1.5.0_09\bin\jusched.exe[409c45da1cfbc3fc19eec7cbfe9b2786][49263]
RegRun c:\programmer\logitech\video\isstart.exe [b5652e4b805e404a0d5d8177b401802a][458752]
RegRun c:\programmer\logitech\video\logitray.exe[fe6e15cc578c3278755cddff70c2787d][217088]
RegRun c:\programmer\logitech\video\manifestengine.exe [423c24b558d69ac9b6c53c41f65b0b91][196608]
RegRun c:\programmer\msn messenger\msnmsgr.exe [6f616289da6c949147661bf88f081136][7094272]
RegRun c:\programmer\nokia\nokia pc suite 6\pcsync2.exe [00f235bd50efee4d98ad7da6dbf510c9][1409024]
RegRun c:\programmer\prevx1\pxconsole.exe[42f978da6526fc0d3edbdca8dac22084][1490944]
RegRun c:\programmer\rivatuner v2.0 rc 15.7\rivatuner.exe [9bb98461106359a61969d2beeb7dffb5][2195456]
RegRun c:\programmer\rivatuner v2.0 rc 15.7\tools\rivatunerstatisticsserver\rivatunerstatisticsserver.exe [4acb1de963c42fe2bb3c17b480e4022c][49152]
RegRun c:\programmer\scansoft\paperport\indexsearch.exe[fd6d1d96f3ca1a7c571e5377c86f94f1][40960]
RegRun c:\programmer\scansoft\paperport\pptd40nt.exe[59572c7838043b69562c55dfbba0349d][57393]
RegRun c:\programmer\skype\phone\skype.exe [9bb317f9aad3aefba0c5c70b03c354ff][18577448]
RegRun c:\programmer\symantec\norton ghost 2003\ghoststarttrayapp.exe[45725ce2a9bd68cf1526728fcffcc24e][94208]
RegRun c:\programmer\tweak-xp pro\tweak-xp.exe [a4824228611ad82d861b86200c97c2ad][992256]
RegRun C:\WINDOWS\soundman.exe[ed8da2697f1c720ef26ae4b291a04497][577536]
RegRun c:\windows\system32\ctfmon.exe[aa49ffa6a35931bed7bfe3b3d8e08649][13312]
RegRun c:\windows\system32\lvcomsx.exe[f0431c490f124a8cc874163e6a38dd28][221184]
RegRun c:\windows\system32\nerocheck.exe[3e4c03cefad8de135263236b61a49c90][155648]
RegRun c:\windows\system32\nvcpl.dll[86e8b780980eebd164b6683d4198652f][5562368]
RegRun c:\windows\system32\nvmctray.dll[47d0e84172db0caff3d4d1dcc71a24d3][86016]
RegRun d:\installerede spil\hl2\steam.exe [cde5895db998d361a2d95647d1da4bbf][1249280]
Service c:\progra~1\fllesf~1\symant~1\script~1\sbserv.exe[3db0459e2661531bfe88ae0a182d019a][54408]
Service c:\progra~1\norton~1\speedd~1\nopdb.exe[305365a42f7d38d8d10b233ece1c84c6][172065]
Service c:\progra~1\symantec\norton~1\ghosts~2.exe[bc9c77fac763d84bfdf09b55d4b41afa][200704]
Service c:\programmer\fælles filer\pcsuite\services\servicelayer.exe[bf1adc427620e14f45bc00447524a1dc][176640]
Service c:\programmer\fælles filer\symantec shared\ccevtmgr.exe[edc5c2342e91f7a8870e17ac5a87d6ec][317128]
Service c:\programmer\fælles filer\symantec shared\ccpwdsvc.exe[cf2a5fcde371bbefbd59e9d3fc9f925c][99352]
Service c:\programmer\fælles filer\symantec shared\security center\symwsc.exe[67c5af84809468061121fbcbecb19285][316544]
Service c:\programmer\fælles filer\symantec shared\sndsrvc.exe[443e397643965e08c5ab6a6caa732b97][206552]
Service c:\programmer\intel\intel matrix storage manager\iaantmon.exe[d43e91e271c041bb86a6223462a41d28][86140]
Service c:\programmer\norton internet security\ccpxysvc.exe[8b8241298229de4f7b72046a61940aee][34040]
Service c:\programmer\norton internet security\nisum.exe[cb8a83cde6575d834b571466677437d4][140536]
Service c:\programmer\norton systemworks\norton antivirus\navapsvc.exe[00ff9f38a83706e7605f83852171197a][116336]
Service c:\programmer\norton systemworks\norton utilities\nprotect.exe[4914a155f9b73317b14f94bba4a79639][135168]
Service c:\programmer\prevx1\pxagent.exe [51500d5cdc4b38fffdcdbc7f474d0f35][139264]
Service c:\windows\lsass.exe[5545a0218859dacf7abfa15cd1db3837][53675]
Service c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe[a986fcfdac587e68478db51547b90800][32768]
Service c:\windows\system32\alg.exe[bdcb49a99c21fa9bf9491fbac1398b16][40960]
Service c:\windows\system32\brmfrmps.exe [bb192385661daf7f3d48b586f6e1d166][65536]
Service c:\windows\system32\brsvc01a.exe[d3facb34fff5db91adb70987838f8ba7][57344]
Service c:\windows\system32\cisvc.exe[dc639244a9640654766f6dcb8c524576][5120]
Service c:\windows\system32\clipsrv.exe[ff8a1ec5e253be4d2358bcf02098f46d][30720]
Service c:\windows\system32\dllhost.exe [d1fa32685a96d2cdbf202cecdd4073e9][4608]
Service c:\windows\system32\dmadmin.exe [c4d881dd53ca070415bc52e0d04f45dc][205312]
Service c:\windows\system32\imapi.exe[02c7d75925e2dd56f25ccaac9d830272][118784]
Service c:\windows\system32\locator.exe[9572f9e453849faaaeebba28564a8ad1][68096]
Service c:\windows\system32\lsass.exe[5ac2f1869c1eef4a1b41e245e668328e][11776]
Service c:\windows\system32\mnmsrvc.exe[922c9ddb47b14cf77e8ab09b2f84c295][32768]
Service c:\windows\system32\msdtc.exe[1b4bb5f84ead0037f8e141601deebecb][6144]
Service c:\windows\system32\msiexec.exe [2b2ba4cd380774930dd5bbd4b569a429][63488]
Service c:\windows\system32\netdde.exe[f185303b63b9fc7297d2e1d1011b1322][107520]
Service c:\windows\system32\nvsvc32.exe[f5ca5a3e07fe3fefa48b620a25be5863][127043]
Service c:\windows\system32\rsvp.exe[72309905945d7eaab911b376f86b95e6][132608]
Service c:\windows\system32\scardsvr.exe[6e4e124706e457e128c0ff1ed4da20f6][94720]
Service c:\windows\system32\services.exe[f0616b86f44c8fe4fc2db2953f49ab83][101376]
Service c:\windows\system32\sessmgr.exe[2af1c87bed19360631c85b1a447bd080][130560]
Service c:\windows\system32\smlogsvc.exe[268c4f5353547a8133077dcf05dcbe5c][87040]
Service c:\windows\system32\spoolsv.exe[1c0ab1f20565c71bdd0ab5bf754cf4cc][51200]
Service c:\windows\system32\svchost.exe [cc25dca889ff3ab2bd4cf74bbc862e80][12800]
Service c:\windows\system32\tlntsvr.exe[ef1b4b4f1de6bfc37efa8c93171c2e32][61952]
Service c:\windows\system32\ups.exe[6bbae5df1d10909f67c4ff2205418573][16384]
Service c:\windows\system32\vssvc.exe[67ae877232afeec75ad98e227f34028c][276480]
Service c:\windows\system32\wbem\wmiapsrv.exe[c219288ee752038477a5dffeee19227a][117248]
Service c:\windows\system32\wdfmgr.exe[c81b8635dee0d3ef5f64b3dd643023a5][38912]
Startup c:\documents and settings\all users\menuen start\programmer\start\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\documents and settings\kim jensen\menuen start\programmer\start\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\programmer\avertv\quicktv.exe[fc22b26ecdaac0114a8594c284dda006][253952]
Startup c:\programmer\brother\brmfcmon\brmfcwnd.exe[01b036128cd786b8b2644b624cc9e7cd][819200]
Startup c:\programmer\metacafe\metacafeagent.exe[afae754e4146a58d08e4a180597db3ed][112760]
Startup c:\programmer\microsoft office\office10\osa.exe[5bc65464354a9fd3beaa28e18839734a][83360]
Startup c:\programmer\xfire\xfire.exe[1bbae0a98bbaeb1c4708dede45db5b78][2303056]
System.ini c:\windows\system32\vssvc.exe[67ae877232afeec75ad98e227f34028c][276480]

Startup folder: (8)
Startup name: desktop.ini
Command: C:\Documents and Settings\kim jensen\Menuen Start\Programmer\Start\desktop.ini
Startup name: MetaCafe.lnk
Command: C:\Programmer\Metacafe\MetacafeAgent.exe
Startup name: Xfire.lnk
Command: C:\Programmer\Xfire\Xfire.exe
Startup name: desktop.ini
Command: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
Startup name: MetaCafe.lnk
Command: C:\Programmer\Metacafe\MetacafeAgent.exe
Startup name: Microsoft Office.lnk
Command: C:\Programmer\Microsoft Office\Office10\OSA.EXE
Startup name: QuickTV.lnk
Command: C:\Programmer\AVerTV\QuickTV.exe
Startup name: Status Monitor.lnk
Command: C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe

Win.ini Startup: (1)
Path: No additional driver found!

Win.ini Startup: (1)
Path: No additional driver found!

Keyboard drivers: (1)
Name: No Keyboard Filter driver found!

Services: (100)
Service Name: Adgang til brugerstyrede inputenheder (HID) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Alerter [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Alternativt logon [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Arbejdsstation [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: ASP.NET State Service [Stopped],
Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Service Name: Automatisk konfiguration af trådløse enheder [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Automatiske opdateringer [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Beskyttet lager [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Brother Popup Suspend service for Resource manager [Running],
Path: "C:\WINDOWS\system32\Brmfrmps.exe" -service
Service Name: BrSplService [Running],
Path: C:\WINDOWS\System32\brsvc01a.exe
Service Name: Chipkort [Stopped],
Path: C:\WINDOWS\System32\SCardSvr.exe
Service Name: Chipkort Hjælp [Stopped],
Path: C:\WINDOWS\System32\SCardSvr.exe
Service Name: COM+-hændelsessystem [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: COM+-systemprogram [Stopped],
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Service Name: Computerbrowser [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: COM-tjenesten IMAPI cd-skrivning [Stopped],
Path: C:\WINDOWS\System32\imapi.exe
Service Name: DHCP-klientprogram [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Distributed Link Tracking Client [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: DNS-klient [Running],
Path: C:\WINDOWS\System32\svchost.exe -k NetworkService
Service Name: DTC (Distributed Transaction Coordinator) [Stopped],
Path: C:\WINDOWS\System32\msdtc.exe
Service Name: Firewall til Internetforbindelse / Deling af Internetforbindelse [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Flytbare lagermedier [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Gatewaytjeneste til programlaget [Stopped],
Path: C:\WINDOWS\System32\alg.exe
Service Name: GhostStartService [Running],
Path: C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
Service Name: Hardwaregenkendelse på brugergrænsefladen [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Hjælp og support [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Hjælp til Sessionsstyring til Fjernskrivebord [Stopped],
Path: C:\WINDOWS\system32\sessmgr.exe
Service Name: HTTP SSL [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Service Name: Hurtigt brugerskift-kompatibilitet [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Hændelseslog [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Indekseringstjeneste [Stopped],
Path: C:\WINDOWS\system32\cisvc.exe
Service Name: Infrarød overvågning [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Intel(R) Matrix Storage Event Monitor [Running],
Path: C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
Service Name: IPSEC Policy Agent [Running],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: Kryptografiske tjenester [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Logical Disk Manager [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Logical Disk Manager Administrative Service [Stopped],
Path: C:\WINDOWS\System32\dmadmin.exe /com
Service Name: LSA Shel (Export Version) [Running],
Path: "C:\WINDOWS\lsass.exe"
Service Name: Messenger [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: MS Software Shadow Copy Provider [Stopped],
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{7B7DCCB7-8D20-4B90-87C3-EE1B771C1A9D}
Service Name: Netlogon [Stopped],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: NetMeeting - Deling af fjernskrivebord [Stopped],
Path: C:\WINDOWS\System32\mnmsrvc.exe
Service Name: Netværksforbindelser [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Network DDE [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: Network DDE DSDM [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: NLA (Network Location Awareness) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Norton AntiVirus Auto Protect Service [Stopped],
Path: "C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe"
Service Name: Norton Internet Security Accounts Manager [Stopped],
Path: C:\Programmer\Norton Internet Security\NISUM.EXE
Service Name: Norton Unerase Protection [Stopped],
Path: "C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE"
Service Name: NT LM Security Support Provider [Stopped],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: NVIDIA Display Driver Service [Stopped],
Path: C:\WINDOWS\system32\nvsvc32.exe
Service Name: Opgavestyring [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Performance Logs and Alerts [Stopped],
Path: C:\WINDOWS\system32\smlogsvc.exe
Service Name: Plug and Play [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Portable Media Serial Number Service [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Prevx Agent [Stopped],
Path: "C:\Programmer\Prevx1\PXAgent.exe" -f
Service Name: Print Spooler [Running],
Path: C:\WINDOWS\system32\spoolsv.exe
Service Name: Programadministration [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: QoS RSVP [Stopped],
Path: C:\WINDOWS\System32\rsvp.exe
Service Name: Remote Access Auto Connection Manager [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Remote Access Connection Manager [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Remote Procedure Call (RPC) [Running],
Path: C:\WINDOWS\system32\svchost -k rpcss
Service Name: Remote Procedure Call (RPC) Locator [Stopped],
Path: C:\WINDOWS\System32\locator.exe
Service Name: Remote Registry [Running],
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Routing og Remote Access [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: SAM (Security Accounts Manager) [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: ScriptBlocking Service [Stopped],
Path: C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
Service Name: Serienummer for bærbart medie [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Server [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: ServiceLayer [Running],
Path: "C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe"
Service Name: Speed Disk service [Running],
Path: C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
Service Name: SSDP-genkendelsestjeneste [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Symantec Event Manager [Stopped],
Path: "C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe"
Service Name: Symantec Network Drivers Service [Stopped],
Path: "C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe"
Service Name: Symantec Password Validation Service [Stopped],
Path: "C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe"
Service Name: Symantec Proxy Service [Stopped],
Path: C:\Programmer\Norton Internet Security\ccPxySvc.exe
Service Name: SymWMI Service [Stopped],
Path: C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Service Name: System Event Notification [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Telekommunikation [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Telnet [Stopped],
Path: C:\WINDOWS\System32\tlntsvr.exe
Service Name: Temaer [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Terminal Services [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Tjenesten Background Intelligent Transfer [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Tjenesten Fejlrapportering [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Tjenesten Systemgendannelse [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Tjenesten TCP/IP NetBIOS Helper [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Udklipsbog [Stopped],
Path: C:\WINDOWS\system32\clipsrv.exe
Service Name: Upload Manager [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: UPS (Uninterruptible Power Supply) [Stopped],
Path: C:\WINDOWS\System32\ups.exe
Service Name: Vært for Universal Plug and Play-enhed [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Webklient [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Windows Audio [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Windows Installer [Stopped],
Path: C:\WINDOWS\System32\msiexec.exe /V
Service Name: Windows Management Instrumentation [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Windows Management Instrumentation-driverudvidelser [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Windows Time [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Windows User Mode Driver Framework [Stopped],
Path: C:\WINDOWS\System32\wdfmgr.exe
Service Name: Windows-billedscanning [Running],
Path: C:\WINDOWS\System32\svchost.exe -k imgsvc
Service Name: WMI-ydelseskort [Stopped],
Path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Service Name: Øjebliksbillede af diskenhed [Stopped],
Path: C:\WINDOWS\System32\vssvc.exe
Finished...


Kommentar
Fra : stl_s


Dato : 21-11-06 19:33

Det ser ud til at du i mellemtiden har hentet Prevx og fjernet noget med den. Udmærket. Lad os lige fjerne det sidste:

Gå i Start/Kør, skriv services.msc og klik ok. Find så denne service:

LSA Shel (Export Version) [Running], (Læg mærke til stavemåden "shel", ikke Shell")

Dobbeltklik på den og stop den. Under starttype vælg deaktiveret.

Hvis du ikke kan gøre det, så fortsæt bare proceduren.

Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

1. Pak Avenger-programmet ud og dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------

Files to delete:
C:\WINDOWS\lsass.exe

-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.


Efter genstart så kom med en frisk HijackThis log, og loggen fra Avenger.


Kommentar
Fra : smut1


Dato : 21-11-06 20:55

jeg fik ikke lov at slette Isass med avenger

her er en hjt log
Logfile of HijackThis v1.99.0
Scan saved at 20:40:56, on 21-11-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programmer\RivaTuner v2.0 RC 15.7\RivaTuner.exe
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\lsass.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\kim jensen\Skrivebord\hijackthis\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.kandu.dk/dk/last25.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RivaTuner] "C:\Programmer\RivaTuner v2.0 RC 15.7\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStatisticsServer] "C:\Programmer\RivaTuner v2.0 RC 15.7\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Arovax Shield] C:\Programmer\Arovax Shield\ArovaxShield.exe -tray
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmer\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Programmer\Tweak-XP Pro\Tweak-xp.exe" -ex
O4 - HKCU\..\Run: [Steam] "d:\installerede spil\hl2\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickTV.lnk = C:\Programmer\AVerTV\QuickTV.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {236F8648-E986-46B2-A3C9-C312CF08B7F8} - http://www.sexdating.dk/messenger/dk/sexdating/oneclick/install.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163928079233
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BF25923-503C-4E5E-B35F-62748FAFCE65}: NameServer = 62.61.131.0,62.61.131.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BF25923-503C-4E5E-B35F-62748FAFCE65}: NameServer = 62.61.131.0,62.61.131.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BF25923-503C-4E5E-B35F-62748FAFCE65}: NameServer = 62.61.131.0,62.61.131.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPxySvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent - Prevx - C:\Programmer\Prevx1\PXAgent.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe


her er så loggen fra avenger

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: selected file does not appear to be a valid script.
Error code: 0



Kommentar
Fra : smut1


Dato : 21-11-06 21:07

så lykkedes det at køre avenger her er en logfil

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\slpfgmqu

*******************

Script file located at: \??\C:\Documents and Settings\djbuknlw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\lsass.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Kommentar
Fra : stl_s


Dato : 21-11-06 21:22

Okay, så prøv med Killbox http://www.bleepingcomputer.com/files/killbox.php

Udpak og kør Killbox. Kopier dette ind i Full path of file to delete

C:\WINDOWS\lsass.exe

Sæt prik i "Delete on reboot".

Klik på det rød/hvide kryds ovre til højre, og lad maskinen genstarte.

Ny HijackThis log.


Kommentar
Fra : stl_s


Dato : 21-11-06 21:25

Nå okay, jamen så lykkedes det jo .

Kom lige med en frisk HijackThis.

Kommentar
Fra : smut1


Dato : 21-11-06 21:51

så er der en ny hjt log

Logfile of HijackThis v1.99.0
Scan saved at 21:36:50, on 21-11-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\Brother\ControlCenter2\brctrcen.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programmer\RivaTuner v2.0 RC 15.7\RivaTuner.exe
C:\Programmer\RivaTuner v2.0 RC 15.7\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Arovax Shield\ArovaxShield.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Norton Internet Security\NISUM.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\installerede spil\hl2\steam.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Metacafe\MetacafeAgent.exe
C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\AVerTV\QuickTV.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Norton Internet Security\ccPxySvc.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Symantec\LiveUpdate\AUpdate.exe
C:\Documents and Settings\kim jensen\Skrivebord\hijackthis\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.kandu.dk/dk/last25.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RivaTuner] "C:\Programmer\RivaTuner v2.0 RC 15.7\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStatisticsServer] "C:\Programmer\RivaTuner v2.0 RC 15.7\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Arovax Shield] C:\Programmer\Arovax Shield\ArovaxShield.exe -tray
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmer\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tweak-XP Pro] "C:\Programmer\Tweak-XP Pro\Tweak-xp.exe" -ex
O4 - HKCU\..\Run: [Steam] "d:\installerede spil\hl2\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: MetaCafe.lnk = C:\Programmer\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickTV.lnk = C:\Programmer\AVerTV\QuickTV.exe
O4 - Global Startup: Status Monitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {236F8648-E986-46B2-A3C9-C312CF08B7F8} - http://www.sexdating.dk/messenger/dk/sexdating/oneclick/install.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163928079233
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BF25923-503C-4E5E-B35F-62748FAFCE65}: NameServer = 62.61.131.0,62.61.131.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BF25923-503C-4E5E-B35F-62748FAFCE65}: NameServer = 62.61.131.0,62.61.131.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0BF25923-503C-4E5E-B35F-62748FAFCE65}: NameServer = 62.61.131.0,62.61.131.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programmer\Norton Internet Security\ccPxySvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programmer\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Prevx Agent - Prevx - C:\Programmer\Prevx1\PXAgent.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe



Kommentar
Fra : stl_s


Dato : 21-11-06 22:14

Lige et par småtterier:

Kør en scanning med HijackThis, så du kan se alle filer. Luk alle vinduer, sæt flueben ved disse linier, og klik fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.kandu.dk/dk/last25.asp
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm <- Slet filen
O16 - DPF: {236F8648-E986-46B2-A3C9-C312CF08B7F8} - http://www.sexdating.dk/messenger/dk/sexdating/oneclick/install.cab

Du må lige sætte din startside igen bagefter. Den havde en lille bug i regedit. Ellers er det ok nu.


Du har følgende muligheder
Dette spørgsmål er blevet annulleret, det er derfor ikke muligt for at tilføje flere kommentarer.
Søg
Reklame
Statistik
Spørgsmål : 177433
Tips : 31962
Nyheder : 719565
Indlæg : 6407961
Brugere : 218879

Månedens bedste
Årets bedste
Sidste års bedste