Søg
Avatar billede webnoob Nybegynder
15. januar 2007 - 17:39 Der er 7 kommentarer og
2 løsninger

logfiler fra scanning, hvad skal fjernes?

Indholdet af logfilen fra SUPERAntiSpyware

SUPERAntiSpyware Scan Log
Generated 01/15/2007 at 05:27 PM

Application Version : 3.3.1020

Core Rules Database Version : 3164
Trace Rules Database Version: 1176

Scan type      : Complete Scan
Total Scan Time : 00:07:02

Memory items scanned      : 196
Memory threats detected  : 1
Registry items scanned    : 4724
Registry threats detected : 107
File items scanned        : 4542
File threats detected    : 56

Trojan Downloader-SystemAlert/Resident.Process
    C:\WINDOWS\SYSTEM32\GWQUVW.DLL
    C:\WINDOWS\SYSTEM32\GWQUVW.DLL

Trojan.Smitfraud Variant
    HKLM\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}
    HKCR\CLSID\{8D8C2387-7F80-4022-9BE6-43630A969558}
    HKCR\CLSID\{8D8C2387-7F80-4022-9BE6-43630A969558}\InProcServer32
    HKCR\CLSID\{8D8C2387-7F80-4022-9BE6-43630A969558}\InProcServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{8d8c2387-7f80-4022-9be6-43630a969558}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#carbinyl

Adware.Tracking Cookie
    C:\Documents and Settings\Thomas\Cookies\thomas@ad1.emediate[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@vhost.oddcast[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1069661426[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@tracking.notabenestats[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@ar[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1072623259[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@ads.hub[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@ad.ofir[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@statse.webtrendslive[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@alivemedia[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@mediaplex[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@ads[3].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1061806147[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@omasex.eigenstart[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@adtech[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@st[3].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@toplist[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@www.adultfreevideos[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@cgi-bin[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@oddcast[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@ex=1_[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@e2.emediate[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1072537607[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@image.masterstats[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1063602291[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@ilead.itrack[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@pics4clicks.suze[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@adbrite[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@231213211232321[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@adfair[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@mb[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1072554910[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1069374389[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@atdmt[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@clicktorrent[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@track.adform[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@stat.postdanmark[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1068394040[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1070044912[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1072556617[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1070424076[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1072306408[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@swingersex[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@1069398217[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@go.drivecleaner[1].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@indextools[2].txt
    C:\Documents and Settings\Thomas\Cookies\thomas@dk.drivecleaner[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[1].txt

Trojan.Media-Codec
    HKU\S-1-5-21-2105884420-647074808-1900857197-1107\Software\Internet Security
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString

Malware.AntiVermins
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\fqrac
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InprocServer32
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\InprocServer32#ThreadingModel
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\LteuMiTrdz
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\pCktuDlaDTCnw
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\ProgID
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\tPYUnv
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\VersionIndependentProgID
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\XwxeJxVrc
    HKCR\CLSID\{01775F16-B10C-B483-63E3-AFCED5DCDEF2}\Yeuzs
    HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}
    HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}\1.0
    HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}\1.0\0
    HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}\1.0\0\win32
    HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}\1.0\FLAGS
    HKCR\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E}\1.0\HELPDIR
    HKCR\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}
    HKCR\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}\ProxyStubClsid
    HKCR\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}\ProxyStubClsid32
    HKCR\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}\TypeLib
    HKCR\Interface\{118601E4-0BC8-4B98-AAEC-723EBA43ED33}\TypeLib#Version
    HKCR\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}
    HKCR\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}\ProxyStubClsid
    HKCR\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}\ProxyStubClsid32
    HKCR\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}\TypeLib
    HKCR\Interface\{15548C74-5C8B-4911-AE88-739DD473E2BA}\TypeLib#Version
    HKCR\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}
    HKCR\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}\ProxyStubClsid
    HKCR\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}\ProxyStubClsid32
    HKCR\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}\TypeLib
    HKCR\Interface\{468164CC-476E-47D5-9269-278D0DB22A13}\TypeLib#Version
    HKCR\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}
    HKCR\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}\ProxyStubClsid
    HKCR\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}\ProxyStubClsid32
    HKCR\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}\TypeLib
    HKCR\Interface\{478B7D17-F00A-4AB3-B802-46972CAB1AE9}\TypeLib#Version
    HKCR\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}
    HKCR\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}\ProxyStubClsid
    HKCR\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}\ProxyStubClsid32
    HKCR\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}\TypeLib
    HKCR\Interface\{4FCD9AB0-0765-4117-A612-DB3B4FAC1EE3}\TypeLib#Version
    HKCR\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}
    HKCR\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}\ProxyStubClsid
    HKCR\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}\ProxyStubClsid32
    HKCR\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}\TypeLib
    HKCR\Interface\{5D89BA32-C9F8-48CC-B22A-18C808DF6D83}\TypeLib#Version
    HKCR\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}
    HKCR\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}\ProxyStubClsid
    HKCR\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}\ProxyStubClsid32
    HKCR\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}\TypeLib
    HKCR\Interface\{698664FF-F50E-4BDC-B9C0-C00F96A64B84}\TypeLib#Version
    HKCR\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}
    HKCR\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}\ProxyStubClsid
    HKCR\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}\ProxyStubClsid32
    HKCR\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}\TypeLib
    HKCR\Interface\{89AE8B3E-3EE8-4068-8932-60CA9E6AC40B}\TypeLib#Version
    HKCR\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}
    HKCR\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}\ProxyStubClsid
    HKCR\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}\ProxyStubClsid32
    HKCR\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}\TypeLib
    HKCR\Interface\{93362B42-9631-4BAE-92EF-7726E5DD747D}\TypeLib#Version
    HKCR\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}
    HKCR\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}\ProxyStubClsid
    HKCR\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}\ProxyStubClsid32
    HKCR\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}\TypeLib
    HKCR\Interface\{999E9507-216C-4A7A-B103-57D3FF617E49}\TypeLib#Version
    HKCR\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}
    HKCR\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}\ProxyStubClsid
    HKCR\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}\ProxyStubClsid32
    HKCR\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}\TypeLib
    HKCR\Interface\{A5A2382E-6EA1-40C9-9EEB-FCE758A7A3F1}\TypeLib#Version
    HKCR\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}
    HKCR\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}\ProxyStubClsid
    HKCR\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}\ProxyStubClsid32
    HKCR\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}\TypeLib
    HKCR\Interface\{C20782A3-B65D-41AB-8D04-BBE3122363C2}\TypeLib#Version
    HKCR\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}
    HKCR\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}\ProxyStubClsid
    HKCR\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}\ProxyStubClsid32
    HKCR\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}\TypeLib
    HKCR\Interface\{C54890B0-B9F8-4E58-9715-8C58B52A4D5D}\TypeLib#Version
    HKCR\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}
    HKCR\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}\ProxyStubClsid
    HKCR\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}\ProxyStubClsid32
    HKCR\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}\TypeLib
    HKCR\Interface\{D037BE5C-7E06-4D4D-8729-FD1EE7E59C89}\TypeLib#Version
    HKCR\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}
    HKCR\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}\ProxyStubClsid
    HKCR\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}\ProxyStubClsid32
    HKCR\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}\TypeLib
    HKCR\Interface\{D108017B-1769-4BFB-8A4C-0E6202FDBD08}\TypeLib#Version
    HKCR\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}
    HKCR\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}\ProxyStubClsid
    HKCR\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}\ProxyStubClsid32
    HKCR\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}\TypeLib
    HKCR\Interface\{DECC44F4-E972-4E5C-8F5F-238295C5ADD5}\TypeLib#Version
    C:\Programmer\AntiVerminser\AntiVerminser.exe
    C:\Programmer\AntiVerminser\av.ini
    C:\Programmer\AntiVerminser\ignored.lst
    C:\Programmer\AntiVerminser
    C:\WINDOWS\Prefetch\ANTIVERMINSER.EXE-236082C7.pf

Trojan.Unknown Origin
    C:\DOCUMENTS AND SETTINGS\THOMAS\LOKALE INDSTILLINGER\TEMP\LAF28.TMP

*****************************************************************

Indholdet af logfilen fra DrWeb

gwquvw.dll;c:\windows\system32;Trojan.Fakealert.229;Will be cured after reboot.;
hltv.exe;C:\Sierra\Half-Life;Tool.ProxyHLTV;;
gwquvw.dll;C:\WINDOWS\system32;Trojan.Fakealert.229;Will be cured after reboot.;

*****************************************************************

Indholdet af logfilen fra hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 17:37:46, on 15-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\VIRUSfighter\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\VIRUSfighter\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\VIRUSfighter\bin\ZLH.EXE
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\VIRUSfighter\Nvc\BIN\nipsvc.exe
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Thomas\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156627539502
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hilsoe.local
O17 - HKLM\Software\..\Telephony: DomainName = hilsoe.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hilsoe.local
O18 - Protocol: bw+0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B9B4B77E-0FE8-408E-984E-86293A2647BA} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

*****************************************************************

Hvad skal der fjernes?
Avatar billede Computer Hjælp (Gratis) Mester
15. januar 2007 - 19:37 #1
Er du MEGET interesseret i denne former for (reklame)beskeder midt i det hele:
http://hemmingsvej.dk/spywarefri/Tekster/LDM.jpg

Afinstaller
* Logitech Desktop Messenger
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

+ en frisk HiJackThis log...

---------------------------------------
Avatar billede webnoob Nybegynder
15. januar 2007 - 19:57 #2
Logfile of HijackThis v1.99.1
Scan saved at 19:55:26, on 15-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\VIRUSfighter\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\VIRUSfighter\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\VIRUSfighter\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\VIRUSfighter\bin\ZLH.EXE
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Thomas\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156627539502
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hilsoe.local
O17 - HKLM\Software\..\Telephony: DomainName = hilsoe.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hilsoe.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Er det alt hvad du anbefaler?
Avatar billede Computer Hjælp (Gratis) Mester
15. januar 2007 - 21:59 #3
Hvis det endelig skal være så ->

Og så er der dem som er oprydning, og ikke bør slettes, men hvor det er meget bedre at slette flueben i msconfig:

Disse er unødvendige at have liggende i din opstart, da de alle kan nås via startprogrammer. De ligger bare og ”sluger” computerens kræfter.
Du skal fjerne vingen til venstre for følgende program:
Start
Kør
Skriv: msconfig
Ok
Fanebladet start

SunJavaUpdateSched
iTunesHelper
msnmsgr
MSMSGS
Adobe Reader Hurtigstart

Når du næste gang genstarter, du får en advarsel om, at start er lavet om. Fjern flueben i vis denne advarsel. Klik ok til det.
Er du i tvivl om hvad du skal gøre, så kig her:
http://www.spywareinfo.dk/#/tip-og-tricks/msconfig.htm

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!

------------------------------------------------------------------------
Avatar billede webnoob Nybegynder
15. januar 2007 - 22:13 #4
Logfile of HijackThis v1.99.1
Scan saved at 22:10:38, on 15-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\VIRUSfighter\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\VIRUSfighter\bin\NJEEVES.EXE
C:\VIRUSfighter\Nvc\bin\nvcoas.exe
C:\VIRUSfighter\Nvc\BIN\nipsvc.exe
C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\VIRUSfighter\bin\ZLH.EXE
C:\Programmer\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\VIRUSfighter\Nvc\BIN\NIP.EXE
C:\VIRUSfighter\Nvc\bin\cclaw.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\userinit.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Thomas\Skrivebord\alternativt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156627539502
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hilsoe.local
O17 - HKLM\Software\..\Telephony: DomainName = hilsoe.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hilsoe.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\VIRUSfighter\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\VIRUSfighter\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\VIRUSfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\VIRUSfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

så er der kørt en ny scanning.
Avatar billede Computer Hjælp (Gratis) Mester
15. januar 2007 - 22:22 #5
Nåja
NeroFilterCheck
ka' også få kniven ...

Ellers ka' jeg ikke finde på mere...
Avatar billede webnoob Nybegynder
16. januar 2007 - 11:02 #6
ok, men så siger jeg tak for hjælpen. Lig et svar.
Avatar billede Computer Hjælp (Gratis) Mester
16. januar 2007 - 22:09 #7
Ping...
Avatar billede Computer Hjælp (Gratis) Mester
16. januar 2007 - 22:10 #8
Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...
Avatar billede webnoob Nybegynder
16. januar 2007 - 22:15 #9
Det er noteret og vil blive gjort i morgen.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 19:53 installer mange programmer på en gang Af Overgaard1654 i Andet software
I dag 17:48 Min hp Officejet pro 7740 skærer det nederste af billedet i word Af rosmarin i Printere
I dag 13:13 Batch OCR Af KurtG i Billedbehandling
I dag 10:42 AI integreret i Access Af per2edb i Access
04/0409:43 AI google.com Af Peter Olsen i Andre onlineløsninger
White papers
Flere white papers »