Søg
Avatar billede staal Praktikant
04. december 2006 - 17:03 Der er 14 kommentarer og
1 løsning

Hjælp til Hijacklog - angrebet af Spyware

Logfile of HijackThis v1.99.1
Scan saved at 16:59:33, on 04-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Programmer\Video ActiveX Object\isamonitor.exe
C:\Programmer\Video ActiveX Object\pmsngr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\Programmer\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Programmer\Video ActiveX Object\isamini.exe
C:\Programmer\Video ActiveX Object\pmmon.exe
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\PowerISO\PWRISOVM.EXE
C:\Programmer\CyberLink\PowerCinema\PCMService.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\LiveUpdate\LiveUpdate.exe
C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Programmer\XP Tools\xptools.exe
C:\Programmer\Philips Intelligent Agent\Philips Intelligent Agent.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\TechSmith\SnagIt 8\TSCHelp.exe
C:\Documents and Settings\Ejer\Skrivebord\Sikkerhed\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programmer\Video ActiveX Object\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Programmer\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [XP Tools] C:\Programmer\XP Tools\xptools.exe /min
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Programmer\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: bw+0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarOpen - SigmaTel Inc. - (no file)
Avatar billede staal Praktikant
04. december 2006 - 17:06 #1
Den ævler om Zlob.bbw - networm-i.virus@fp - TrojanSPM/LX
Avatar billede levich Nybegynder
04. december 2006 - 18:32 #2
øjeblik, jeg ser på det.
Avatar billede levich Nybegynder
04. december 2006 - 18:41 #3
Læs alle punkterne inden du gør noget.

(1)
Opdater AVG Anti-Spyware 7.5, men vent med at scanne.

Hent: http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Dobbeltklik på SmitfraudFix.zip, hvorefter programmet pakker sig ud til mappen smitRem.

(2)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programmer\Video ActiveX Object\isaddon.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Programmer\Video ActiveX Object\iesplugin.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
<=- alle linjer der starter med “O18 - Protocol: bw” undtagen denne ene linje:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll -=>

(3)
Scan med Ewido, fix de ting som den finder og gem loggen, f.eks. på skrivebordet.

(5)
Åbn mappen smitfraudfix mappen, dobbeltklik på smitfraudfix.cmd, vælg option #2, svar yes (=y) til at rense inficerede filer.
Hvis du bliver bedt om at erstatte  filen wininet.dll med en anden, skal du svare yes (=y).
Hvis du bliver bedt om at genstarte computer, skal du genstarte den i normal tilstand.

(5)
Hvis du lige har genstartet i normalt tilstand, så skal du genstart igen i fejlsikret tilstand, eller ikke.
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet mappe(r):
C:\Programmer\Video ActiveX Object\

(6)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(7)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind sammen med loggen fra Ewido.
Avatar billede staal Praktikant
04. december 2006 - 19:23 #4
Logfile of HijackThis v1.99.1
Scan saved at 19:23:13, on 04-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\Programmer\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\PowerISO\PWRISOVM.EXE
C:\Programmer\CyberLink\PowerCinema\PCMService.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\LiveUpdate\LiveUpdate.exe
C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\XP Tools\xptools.exe
C:\Programmer\Philips Intelligent Agent\Philips Intelligent Agent.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\alg.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\TechSmith\SnagIt 8\TSCHelp.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Crazy Browser\Crazy Browser.exe
C:\Documents and Settings\Ejer\Skrivebord\Sikkerhed\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [XP Tools] C:\Programmer\XP Tools\xptools.exe /min
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Programmer\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O18 - Protocol: bw+0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {A96CA587-BABB-4D37-831D-2D1853C462BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarOpen - SigmaTel Inc. - (no file)
Avatar billede staal Praktikant
04. december 2006 - 19:25 #5
ynchronize database and filecache
application start was blocked because of several instances
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
Timer deletion failed, Value: 000003E5
The file C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\heuristic.dat has a different md5. The file will be downloaded from the AVG Anti-Spyware server.
Avatar billede levich Nybegynder
04. december 2006 - 19:55 #6
Ewido har ændret navn til AVG Anti-Spyware. I punkt (3) i min vejledning skulle du scanne med dette program. Gjorde du det?
Avatar billede levich Nybegynder
04. december 2006 - 19:57 #7
Fix alle linjer, som starter med "O18 - Protocol: bw" inden i hijackthis.
Avatar billede staal Praktikant
04. december 2006 - 19:59 #8
Ja - jeg brugte AVG.en
Jeg fixer alle linier og vende tilbage med en ny log
Avatar billede levich Nybegynder
04. december 2006 - 20:01 #9
Jeg vil også gerne se loggen fra AVG Anti-Spyware, hvis du kan finde den.
Avatar billede staal Praktikant
04. december 2006 - 20:11 #10
Logfile of HijackThis v1.99.1
Scan saved at 20:05:56, on 04-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Ejer\Skrivebord\Sikkerhed\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BTCLiveUpdate] "C:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [XP Tools] C:\Programmer\XP Tools\xptools.exe /min
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Programmer\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarOpen - SigmaTel Inc. - (no file)
Avatar billede staal Praktikant
04. december 2006 - 20:14 #11
Kan ikke finde den, men scanner lige igen
Avatar billede staal Praktikant
04. december 2006 - 20:48 #12
VG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    20:47:33 04-12-2006

+ Scan result:   



HKU\S-1-5-21-823518204-688789844-725345543-1003\Software\Internet Security -> Adware.IntCodec : Ignored.
C:\Documents and Settings\Ejer\Cookies\ejer@z1.adserver[1].txt -> TrackingCookie.Adserver : Ignored.
C:\Documents and Settings\Ejer\Cookies\ejer@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Ignored.


::Report end
Avatar billede levich Nybegynder
04. december 2006 - 21:54 #13
Det ser fint ud nu. Hvordan kører dit windows?
Avatar billede staal Praktikant
04. december 2006 - 22:01 #14
Egentlig okay lige nu - jeg prøver lige en genstart
Avatar billede staal Praktikant
04. december 2006 - 22:28 #15
Tak for hjælpen
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:53 installer mange programmer på en gang Af Overgaard1654 i Andet software
I går 17:48 Min hp Officejet pro 7740 skærer det nederste af billedet i word Af rosmarin i Printere
I går 13:13 Batch OCR Af KurtG i Billedbehandling
I går 10:42 AI integreret i Access Af per2edb i Access
04/0409:43 AI google.com Af Peter Olsen i Andre onlineløsninger
White papers
Flere white papers »