Søg
Avatar billede snakes Nybegynder
12. august 2005 - 21:10 Der er 4 kommentarer og
1 løsning

Tjekke denne log fil

Kan nogle venligst kigge på denn logfil -

Logfile of HijackThis v1.99.1
Scan saved at 21:01:17, on 12-08-2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\xxytlf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\WINDOWS\System32\MSASP32.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\System32\services32.exe
C:\WINDOWS\switpa.exe
C:\WINDOWS\System32\MSASP32.exe
C:\WINDOWS\System32\MSLSA32.exe
C:\WINDOWS\System32\u2vlum62.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\PETERR~1\LOKALE~1\Temp\iinstall.exe
C:\Programmer\ISTsvc\istsvc.exe
C:\WINDOWS\nwijhay.exe
C:\Programmer\SurfAccuracy\SAcc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Programmer\BullsEye Network\bin\bargains.exe
C:\Programmer\180searchassistant\sais.exe
C:\WINDOWS\System32\exdl1.exe
C:\Documents and Settings\Peter Ravnhøj\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.opasia.dk/msie_search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\programmer\180searchassistant\saishook.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O2 - BHO: (no name) - {70BB6064-29E2-1CC0-CBD2-DA3F98271CF0} - C:\WINDOWS\System32\cdmdownld\onrmksjcfs.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programmer\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [MSNS PLUS XP] inetinfo.exe
O4 - HKLM\..\Run: [System32 Service] services32.exe
O4 - HKLM\..\Run: [SX84R] C:\WINDOWS\whhrkqq.exe
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [bO²ùðZ×y-¯Œ] C:\WINDOWS\whhrkqq.exe
O4 - HKLM\..\Run: [Microsoft LSA layer] MSLSA32.exe
O4 - HKLM\..\Run: [bonlfv] c:\windows\system32\xxytlf.exe r
O4 - HKLM\..\Run: [u2vlum62] C:\WINDOWS\System32\u2vlum62.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [eL6IKf] C:\WINDOWS\nwijhay.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmer\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [sais] c:\programmer\180searchassistant\sais.exe
O4 - HKLM\..\Run: [vap] C:\WINDOWS\vap.exe
O4 - HKLM\..\RunServices: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP] inetinfo.exe
O4 - HKLM\..\RunServices: [System32 Service] services32.exe
O4 - HKLM\..\RunServices: [Microsoft LSA layer] MSLSA32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKCU\..\Run: [Microsoft LSA layer] MSLSA32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: Win32 Classes -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O18 - Protocol: bw+0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: offline-8876480 - {61B9F561-7DE5-11D9-B780-00301B29756D} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

På forhånd tak

Jakes
Avatar billede fromsej Praktikant
12. august 2005 - 21:59 #1
Den er godt nok styg, jeg vil faktisk kalde det næsten håbløst.
Formater den og start forfra, denne gang skal du have installeret Servicepack 1 på den, inden du går på nettet, den kan du hente her, brænd filen over på en CD, så kan du installere den umiddelbart efter XP, inden du går på nettet.
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/

Vi kan måske, gentager måske, rense den helt, men den kommer aldrig til at køre ordentligt.
Avatar billede kalp Novice
13. august 2005 - 01:44 #2
muligvis et lille håb om at en systemgendannelse fra langt tilbage kan gøre det.. og så lidt hijackthis efterfølgende.
Avatar billede fromsej Praktikant
13. august 2005 - 09:00 #3
Muligt, men jeg tvivler på det.
En "lille" liste over tilstedeværende snavs:

Nail.exe << En rigtig ond fætter.
svcproc.exe << Hører sammen med Nail infektionen.
nem220.dll
180searchassistant
AuroraHandler.dll << Aurora er heller ikke nem at fjerne.
msbe.dll
YourSiteBar
Media Gateway
BullsEye Network
ISTsvc
SurfAccuracy
Internet Optimizer
Power Scan
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: Win32 Classes
static.windupdates.com

Orme og andet godt:
MSASP32.exe
inetinfo.exe
services32.exe
whhrkqq.exe
switpa.exe
MSLSA32.exe
xxytlf.exe r << Epolvy trojan, hundesvær at pelse.
u2vlum62.exe
nwijhay.exe
vap.exe

Summa summarum, ikke en umulig opgave, men jeg tvivler på at det er ulejligheden værd.
Det er lige før denne tråd skulle i en artikel om XP uden Servicepacks til skræk og advarsel.
Hårde ord, det ved jeg, men det er altså fakta.
Avatar billede fromsej Praktikant
13. august 2005 - 09:49 #4
Nu gik der altså sport i det.*S*

Print vejledningen her ud, eller gem den i et tekstdokument.

Fjern følgende i Tilføj/Fjern programmer, hvis du kan:
180searchassistant, Aurora, YourSiteBar, Media Gateway, BullsEye Network, ISTsvc, SurfAccuracy, Internet Optimizer og Power Scan.
--------------------------
Hent og kør dette program:
http://securityresponse.symantec.com/avcenter/FxIstbar.exe

Tryk start - > kør og skriv regedit og klik OK.
Naviger hen til:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I højre side find og slet:
"IST Service" = "C:\Program Files\ISTsvc\ISTsvc.exe"
Naviger nu hen til:
HKEY_LOCAL_MACHINE\Software\ISTsvc
Slet den

Luk regedit.
--------------------------
Download DelDomains.inf
http://www.mvps.org/winhelp2002/DelDomains.inf

Højreklik på DelDomains.inf og vælg: Install
Dette vil fjerne alle entries I trusted og restricted zone
Det betyder så, at hvis du har installeret IE-Spyad, eller selv har lagt sider ind i Klassificerede Websteder, er du nødt til at gøre det igen efter vi er færdige med at rense din PC.
--------------------------

Hent Ewido herfra (14 dages version af plus-versionen - herefter bliver den "neddroslet" til gratis-versionen):
http://shop.element5.com/product.html?productid=531168&affiliateid=200010704 (klik på demo download)
Installer og kør Ewido - opdater programmet (men lad være med at scanne).

Hent Cleanup herfra:
http://www.stevengould.org/downloads/cleanup/CleanUp40.exe
Dobbeltklik på Cleanup40.exe og installer programmet (følg instruktionen undervejs). Programmet skal IKKE køres endnu.

Hent herefter denne lille fil (du skal ikke køre programmet endnu):
http://www.spywareedge.net/nf/nailfix.exe
http://www.noidea.us/easyfile/file.php?download=20050711214630636 (alternativ)

Hent Advanced Process Termination herfra:
http://www.diamondcs.com.au/downloads/apt.zip
Pak programmet ud til dit Skrivebord.
Dobbeltklik på Min Computer og naviger til C:\WINDOWS\System32. Find filen xxytlf.exe.
Du skal ikke slette filen, men hold System32 mappen åben så du kan se infektions-filen.

Kør APT.exe som du hentede og pakkede ud før. Find processen xxytlf.exe.
Marker processen og klik på Kill 3.
Skift til System32 mappen som du har åben og Slet filen xxytlf.exe.

Genstart herefter i Fejlsikret tilstand.

Dobbeltklik på nailfix.exe, som du hentede før. Klik "Next" (der skal være flueben i "Run Nailfix") - og klik "Finish".

Kør en fuld scanning med Ewido. Programmet laver en lille log, som du skal kopiere herind i dit næste svar.

Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\programmer\180searchassistant\saishook.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O2 - BHO: (no name) - {70BB6064-29E2-1CC0-CBD2-DA3F98271CF0} - C:\WINDOWS\System32\cdmdownld\onrmksjcfs.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Programmer\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [MSNS PLUS XP] inetinfo.exe
O4 - HKLM\..\Run: [System32 Service] services32.exe
O4 - HKLM\..\Run: [SX84R] C:\WINDOWS\whhrkqq.exe
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [bO²ùðZ×y-¯Œ] C:\WINDOWS\whhrkqq.exe
O4 - HKLM\..\Run: [Microsoft LSA layer] MSLSA32.exe
O4 - HKLM\..\Run: [bonlfv] c:\windows\system32\xxytlf.exe r
O4 - HKLM\..\Run: [u2vlum62] C:\WINDOWS\System32\u2vlum62.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [eL6IKf] C:\WINDOWS\nwijhay.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Programmer\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [sais] c:\programmer\180searchassistant\sais.exe
O4 - HKLM\..\Run: [vap] C:\WINDOWS\vap.exe
O4 - HKLM\..\RunServices: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKLM\..\RunServices: [MSNS PLUS XP] inetinfo.exe
O4 - HKLM\..\RunServices: [System32 Service] services32.exe
O4 - HKLM\..\RunServices: [Microsoft LSA layer] MSLSA32.exe
O4 - HKCU\..\Run: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKCU\..\Run: [Microsoft LSA layer] MSLSA32.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: Win32 Classes -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c267.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O18 - Protocol: ALLE
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
--------------------------
Sletning af \mapper\ og filer: (Nogle af dem bør være væk nu)
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:
c:\programmer\180searchassistant\
C:\WINDOWS\System32\cdmdownld\
C:\Programmer\YourSiteBar\
C:\Program Files\Media Gateway\
C:\Programmer\BullsEye Network\
C:\Programmer\ISTsvc\
C:\Programmer\SurfAccuracy\
C:\Program Files\Internet Optimizer\
C:\Programmer\Power Scan\
-------------------
Filer:
C:\WINDOWS\Nail.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\switpa.exe
C:\WINDOWS\AuroraHandler.dll
C:\WINDOWS\whhrkqq.exe
C:\WINDOWS\nwijhay.exe
C:\WINDOWS\vap.exe
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\System32\MSASP32.exe
C:\WINDOWS\System32\services32.exe
C:\WINDOWS\System32\MSLSA32.exe
C:\WINDOWS\System32\u2vlum62.exe
c:\windows\system32\xxytlf.exe
inetinfo.exe
--------------------------
Kør programmet CleanUp40. Klik på knappen "Options" og fjern fluebenet i "Cookies". Klik herefter på "CleanUp". Luk programmet når det er færdigt.

Genstart i Normal tilstand og læg en frisk HijackThis log herind sammen med log'en fra Ewido.

Husk der skal være Servicepack 1 på den, hvis du ikke kan, så skriv venligst fejlmeldingerne du får, så må vi finde en løsning.
Avatar billede snakes Nybegynder
14. august 2005 - 16:22 #5
Der går lige en rum tid før jeg sidder ved den computer igen. Det var en kammerat som havde problemer og han bor desværre lidt langt væk fra hvor jeg bor. Men når jeg skal derop igen, så vender jeg straks tilbage.

På gensyn
Jakes
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
29 min siden Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
I går 19:37 Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
I går 12:23 Facebook Af hkv i Sociale medier
I går 11:38 JAVASCRIPT omdan ekstern variabel til søjleværdi .. Af snestrup2000 i Programmeringsværktøjer
I går 09:50 jeg mangler hjælp til opsætning af shop og Google ADS Af Hightech i Webhotel
White papers
Flere white papers »