NCASEPACKAGE.EXE - Hvordan slipper jeg af med den igen.

http://www.downloadportal.dk/showdownload.asp?rid=4212&sp=Hijackthis

download..scan og kopir den log der bliver genereret herind så kigger jeg på det

Logfile of HijackThis v1.99.0
Scan saved at 00:07:50, on 17-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\Program\fspex.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\FSGK32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fssm32.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FCH32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FAMEH32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\FWES\Program\fsdfwd.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\PowerDVD\PDVDServ.exe
D:\Programmer\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\fsguiexe.exe
C:\Programmer\Logitech\Video\LogiTray.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\ispnews.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\WINDOWS\cnongjcv.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
D:\Programmer\FreeRamXpro\Freeram_XP_pro\FreeRAM XP Pro 1.40.exe
D:\PROGRA~1\POP-UP~1\PSFREE.EXE
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programmer\AnalogX\Capture\capture.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Fam. Hansen\Skrivebord\Værktøjer\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = nov
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af Cybercity Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\AdobeAcrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\GoogleNav0.dll
O4 - HKLM\..\Run: [WINPROC AUDIT] C:\OEMCUST\TOOLS\WIN32\WINPROC.EXE C:\CABS\SCRIPTS\PROCESS\AUDIT.SCR C:\DRIVERS\PROCESS.TXT /TRACE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Microsoft QMGR] msqmgr.exe
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Programmer\WebSpeed Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "D:\Programmer\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] D:\Programmer\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\FAM~1.HAN\LOKALE~1\Temp\bundle.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [cnongjcv] C:\WINDOWS\cnongjcv.exe
O4 - HKLM\..\RunServices: [Microsoft QMGR] msqmgr.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Programmer\FreeRamXpro\Freeram_XP_pro\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleNav0.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleNav0.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleNav0.dll/cmcache.html
O8 - Extra context menu item: Download using Download &Express - C:\Download\Add_Url.htm
O8 - Extra context menu item: Download with Star Downloader - D:\Programmer\Star Downloader\sdie.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleNav0.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://kort.plf.dk/pluginlifa/acgm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O23 - Service: TDC Kabel TV Sikkerhedspakke - Unknown - D:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown - D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - D:\Programmer\WebSpeed Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: InCD Helper - Ahead Software AG - D:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

kigger

Måske skal det lige nævnes at jeg imellemtiden har nået at køre en system-gendannelse, fordi jeg havde nogle problemer med at få vist internetsider korrekt.
Da computeren så startede op efter denne gendannelse poppede et vindue op med en alarm:

SYSTEMET HAR OPDAGET AT ET 3.PARTS-PROGRAM HAR
FJERNET "180search Assistent" HVAD VIL DU GØRE VED DET?
1 - INSTALLERE DET IGEN
2 - UNDLADE AT INSTALLERE OG RENSE OP
3 - MIND MIG OM DET SENERE

Jeg har ikke rørt dialogboksen, for jeg synes jeg kan se en sammenhæng med mit problem. Hvad mener du/I ?

Kør HijackThis, scan og sæt et flueben ud for denne linie - luk øvrige programvinduer - klik "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = nov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = nov
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = nov
O4 - HKLM\..\Run: [WINPROC AUDIT] C:\OEMCUST\TOOLS\WIN32\WINPROC.EXE
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\FAM~1.HAN\LOKALE~1\Temp\bundle.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [cnongjcv] C:\WINDOWS\cnongjcv.exe
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

Genstart i Fejlsikret tilstand (uden netværk) ved at taste F8 under opstart.

Find og slet:

Filer

C:\WINDOWS\cnongjcv.exe

Mapper

C:\Program Files\DeskAd Service\
C:\Program Files\Admilli Service\

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.


Genstart normalt og smid en ny log fil herind

2 - UNDLADE AT INSTALLERE OG RENSE OP

du skal fjerne det... når du følger min guide.. og genstarter tjek om der er en mappe som hedder 180search Assistent i C:/

slet den også

Tryk Start - Kør og skriv "rededit" og tryk enter.

find dette punkt

HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run

i højre side.. find denne
“Logo” = "%Windows%\WINPROC.EXE"
slet den!

luk redit og genstart

TAK for hjælpen!

Jeg bliver desværre nødt til at slutte for idag,da vækkeuret ringer kl. 05.30!
Jeg arbejder videre imorgen aften.

TAK

ingen årsag:) vi gør den færdig i morgen

Hej kalp

Kan vi blive enige om at jeg skal skrive "regedit" ? Når jeg skriver "rededit" får jeg at vide at det er et ugyltigt mappenavn.

Når jeg skriver "regedit" og følger stien: "HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run" finder jeg overhovedet ikke noget der ligner:
“Logo” = "%Windows%\WINPROC.EXE"  !!!!!!

Jeg kører en ny "HijackThis" nu, og prøver derefter at udføre de instruktioner du gav mig igår. Derefter køre jeg "HijackThis" igen og lægger en frisk log ind.

Du behøver ikke nødvendigvis at kigge på den idag, vi skal vel alle sove en gang imellem.

Jeg fandt ikke:

"C:\WINDOWS\cnongjcv.exe"

men fandt istedet følgende:

"C:\WINDOWS\Prefetch\CNONGJCV.EXE-139cb64b.pf"

Egenskaberne kalder den bare en PF-fil, skal den slettes?

Jeg fandt og slettede mapperne:

C:\Program Files\DeskAd Service\
C:\Program Files\Admilli Service\

Har derefter kørt "Diskoprydning" og slettet "Temp-filer" - "Temporary Internet Files" og "Tømt papirkurv"

Har nu genstartet og kørt "HijackThis" med følgende log:

Logfile of HijackThis v1.99.0
Scan saved at 00:05:23, on 18-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\Program\fspex.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\FSGK32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fssm32.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FCH32.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\PowerDVD\PDVDServ.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FAMEH32.EXE
D:\Programmer\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FWES\Program\fsdfwd.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\ispnews.exe
D:\Programmer\FreeRamXpro\Freeram_XP_pro\FreeRAM XP Pro 1.40.exe
D:\PROGRA~1\POP-UP~1\PSFREE.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\fsguiexe.exe
C:\Documents and Settings\Fam. Hansen\Skrivebord\Værktøjer\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af Cybercity Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\AdobeAcrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\GoogleNav0.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Microsoft QMGR] msqmgr.exe
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Programmer\WebSpeed Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "D:\Programmer\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] D:\Programmer\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\RunServices: [Microsoft QMGR] msqmgr.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Programmer\FreeRamXpro\Freeram_XP_pro\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleNav0.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleNav0.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleNav0.dll/cmcache.html
O8 - Extra context menu item: Download using Download &Express - C:\Download\Add_Url.htm
O8 - Extra context menu item: Download with Star Downloader - D:\Programmer\Star Downloader\sdie.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleNav0.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://kort.plf.dk/pluginlifa/acgm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O23 - Service: TDC Kabel TV Sikkerhedspakke - Unknown - D:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown - D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - D:\Programmer\WebSpeed Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: InCD Helper - Ahead Software AG - D:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

Jeg kan se at følgende punkter stadig optræder! Skal de det?

O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe

Jeg takker for i aften og finder min seng - god nat.

slet "C:\WINDOWS\Prefetch\CNONGJCV.EXE-139cb64b.pf"

tjek om mapperne

C:\Program Files\DeskAd Service\
C:\Program Files\Admilli Service\

er væk hvis ikke genstart i fejlsikret og slet dem igen... kør hijackthis i fejlsikret også og fiks linjerne der så kigger jeg på en ny log fra dig som du tager i normal tilstand

angående din kommentar

Kommentar: heskha
17/01-2005 23:10:10

så ja det hedder rededit:) virker det stadig ikke?

tror heller ikke det gør så meget for netop den er væk fra log'en:)

Det er stadig det samme, når jeg skriver "rededit" får jeg bare beskeden:
"WINDOWS KAN IKKE FINDE "rededit" VÆR SIKKER PÅ AT DU HAR SKREVET STIEN KORREKT........"

det hedder REGEDIT :)

Jeg har slettet: "C:\WINDOWS\Prefetch\CNONGJCV.EXE-139cb64b.pf"

Mapperne:

C:\Program Files\DeskAd Service\
C:\Program Files\Admilli Service\

er væk.

Skal jeg prøve og lave en ny "HjackThis" skanning, og skal det være i "Fejlsikker tilstand" ?

nej lav en ny i normal tilstand.. og ja det hedder selvfølgelig regedit så mig blind på d'et hehe


men den er vist væk linjen

O.K. Det gør jeg nu!

Hermed seneste "log" kørt i normal tilstand.

Logfile of HijackThis v1.99.0
Scan saved at 22:13:53, on 18-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\Program\fspex.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\FSGK32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FCH32.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FAMEH32.EXE
D:\Programmer\PowerDVD\PDVDServ.exe
D:\Programmer\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FWES\Program\fsdfwd.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\ispnews.exe
D:\Programmer\FreeRamXpro\Freeram_XP_pro\FreeRAM XP Pro 1.40.exe
D:\PROGRA~1\POP-UP~1\PSFREE.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\fsguiexe.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Fam. Hansen\Skrivebord\Værktøjer\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af Cybercity Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\AdobeAcrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\GoogleNav0.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Microsoft QMGR] msqmgr.exe
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Programmer\WebSpeed Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "D:\Programmer\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] D:\Programmer\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\RunServices: [Microsoft QMGR] msqmgr.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Programmer\FreeRamXpro\Freeram_XP_pro\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleNav0.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleNav0.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleNav0.dll/cmcache.html
O8 - Extra context menu item: Download using Download &Express - C:\Download\Add_Url.htm
O8 - Extra context menu item: Download with Star Downloader - D:\Programmer\Star Downloader\sdie.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleNav0.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://kort.plf.dk/pluginlifa/acgm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O23 - Service: TDC Kabel TV Sikkerhedspakke - Unknown - D:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown - D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - D:\Programmer\WebSpeed Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: InCD Helper - Ahead Software AG - D:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)


Det undrer mig at disse to linier:

O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe

stadig optræder. Mapperne er væk, og jeg har prøvet at kopiere stien in i "Søg" funktionen, der får jeg at vide at stien henviser til en placering der ikke er tilgængelig, hvilket jo må betyde at de ikke findes. Eller hva' ?

Kør HijackThis, scan og sæt et flueben ud for denne linie - luk øvrige programvinduer - klik "Fix checked":

O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe


Genstart og ny log.. så burde de være væk

O.K. Nu ser den sådan ud.


Logfile of HijackThis v1.99.0
Scan saved at 22:42:56, on 18-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\Program\fspex.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\FSGK32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\slserv.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fssm32.exe
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FCH32.EXE
D:\Programmer\PowerDVD\PDVDServ.exe
D:\Programmer\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\ispnews.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
D:\Programmer\FreeRamXpro\Freeram_XP_pro\FreeRAM XP Pro 1.40.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FAMEH32.EXE
D:\PROGRA~1\POP-UP~1\PSFREE.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\fsguiexe.exe
C:\Documents and Settings\Fam. Hansen\Skrivebord\Værktøjer\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af Cybercity Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\AdobeAcrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\GoogleNav0.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Microsoft QMGR] msqmgr.exe
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Programmer\WebSpeed Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "D:\Programmer\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] D:\Programmer\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKLM\..\RunServices: [Microsoft QMGR] msqmgr.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Programmer\FreeRamXpro\Freeram_XP_pro\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\POP-UP~1\PSFREE.EXE"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleNav0.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleNav0.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleNav0.dll/cmcache.html
O8 - Extra context menu item: Download using Download &Express - C:\Download\Add_Url.htm
O8 - Extra context menu item: Download with Star Downloader - D:\Programmer\Star Downloader\sdie.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleNav0.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://kort.plf.dk/pluginlifa/acgm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O23 - Service: TDC Kabel TV Sikkerhedspakke - Unknown - D:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown - D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - D:\Programmer\WebSpeed Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: InCD Helper - Ahead Software AG - D:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

tæt på hehe
Kør HijackThis, scan og sæt et flueben ud for denne linie - luk øvrige programvinduer - klik "Fix checked":

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

Genstart i Fejlsikret tilstand (uden netværk) ved at taste F8 under opstart.

Find og slet:
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

genstart og ny log.. så burde du være ren:)

O.K. Fik du pludselig øje på den, den har været med hele vejen igennem !!!

hehe det derfor man sender log'en ind og ind igen hehe.. men din log er ren efter dette:) du velkommen til at smide en ny ind igen når du har fjernet den så kigger jeg på den i morgen for skal smutte nu desværre:( men jeg regner stærkt med det var den sidste og at den forsvinder:)

Du kan inden du går i seng sætte din computer til at scanne med mwav for at være helt sikker på der ikke er mere gemt i systemet som ikke fremgår i din log.

Download og gem denne scanner på skrivebordet.
http://www.spywareinfo.dk/download/mwav.exe

Slå systemgendannelse fra.. genstart i fejlsikret tilstand

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Slet alt den finder..

Herefter genstart normalt og ny log herind.

Det vil jeg prøve. 1000 TAK for idag!

Nu har jeg kørt "MWAV.EXE" og slettet det meste af det programmet fandt mistænkeligt.
Det var ikke alle punkterne, heller ikke selv om jeg brugte funktionen "Søg" De var der simpelthen ikke!

Herefter genstart i normal tilstand med følgende log:

Logfile of HijackThis v1.99.0
Scan saved at 00:36:00, on 20-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\Program\fspex.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\FSGK32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FCH32.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FAMEH32.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE
D:\Programmer\QuickTime\qttask.exe
D:\Programmer\PowerDVD\PDVDServ.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FWES\Program\fsdfwd.exe
D:\Programmer\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\ispnews.exe
D:\Programmer\FreeRamXpro\Freeram_XP_pro\FreeRAM XP Pro 1.40.exe
D:\PROGRA~1\POP-UP~1\PSFREE.EXE
D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsav32.exe
D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Fam. Hansen\Skrivebord\Værktøjer\PC-pest programmer\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af Cybercity Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\AdobeAcrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - D:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\GoogleNav0.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Programmer\WebSpeed Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] D:\Programmer\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "D:\Programmer\WebSpeed Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Programmer\FreeRamXpro\Freeram_XP_pro\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\POP-UP~1\PSFREE.EXE"
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\GoogleNav0.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\GoogleNav0.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\GoogleNav0.dll/cmcache.html
O8 - Extra context menu item: Download using Download &Express - C:\Download\Add_Url.htm
O8 - Extra context menu item: Download with Star Downloader - D:\Programmer\Star Downloader\sdie.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\GoogleNav0.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://kort.plf.dk/pluginlifa/acgm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O23 - Service: TDC Kabel TV Sikkerhedspakke - Unknown - D:\PROGRA~1\WEBSPE~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown - D:\Programmer\WebSpeed Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - Unknown - D:\Programmer\WebSpeed Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon - F-Secure Corporation - D:\Programmer\WebSpeed Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Programmer\WebSpeed Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: InCD Helper - Ahead Software AG - D:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

ENDELIG! Din log er ren:)

Det være hermed gjort. 1000 TAK for hjælpen!

selv tak:) husk at lukke spørgsmålet efter os:)