Avatar billede martin-alm Nybegynder
27. marts 2006 - 01:02 Der er 18 kommentarer og
1 løsning

hijackthis log tjeck plzz

har en masse pop ups af alle mulige slags og har kørt diverse anti spyware plus anti virus programmer og intet har hjulpet

måske nogen kunne se hvad der er galt.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Logitech\G-series Software\LGDCore.exe
C:\Programmer\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\windows\mousepad5.exe
C:\Programmer\Network\ipnetwork.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\newfrn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Steam\Steam.exe
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\svchost.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\wmplayer.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\Sm9Kbw\command.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\Network Monitor\netmon.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\limewire\limewire.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Fælles filer\Windows\services32.exe
C:\Documents and Settings\JoJo\Skrivebord\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Programmer\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Programmer\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [IpNetwork] C:\Programmer\Network\ipnetwork.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [services32] C:\Programmer\Fælles filer\Windows\mc-110-12-0000140.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: wmplayer.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\en66l1js1.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Avatar billede martin-alm Nybegynder
27. marts 2006 - 01:35 #1
kørte lige et par ting efter at ha læst en artikle her inde nu ser det sådan her ud.

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Logitech\G-series Software\LGDCore.exe
C:\Programmer\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDClock.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\JoJo\Skrivebord\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Programmer\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdwareAlert] C:\Programmer\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [IpNetwork] C:\Programmer\Network\ipnetwork.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [services32] C:\Programmer\Fælles filer\Windows\mc-110-12-0000140.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O4 - Global Startup: wmplayer.#xe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\fn2021fmg.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Avatar billede levich Nybegynder
27. marts 2006 - 09:25 #2
Øjeblik, jeg ser på det.
Avatar billede levich Nybegynder
27. marts 2006 - 09:41 #3
(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Hent http://downloads.stevengould.org/cleanup/CleanUp40.exe
Læs vejledningen til Cleanup her: http://www.bleepingcomputer.com/forums/tutorial93.html

Hent scannereren http://www.spywareinfo.dk/download/mwav.exe.

Hent og udpak Killbox http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Hvis du undervejs skulle miste forbindelsen til internettet, så pak killbox.zip ud, kør programmet, sæt flueben i "I know what I am doing" klik på finish, så burde det virke igen.

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Programmer\Toolbar888\ToolBar888.dll (file missing)
O4 - HKLM\..\Run: [IpNetwork] C:\Programmer\Network\ipnetwork.exe
O4 - HKCU\..\Run: [services32] C:\Programmer\Fælles filer\Windows\mc-110-12-0000140.exe
O4 - Global Startup: wmplayer.#xe
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\fn2021fmg.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programmer\Network Monitor\netmon.exe (file missing)

(4)
Åbn en tilfældig mappe, i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende fil(er):
C:\Programmer\Network\ipnetwork.exe
C:\Programmer\Fælles filer\Windows\mc-110-12-0000140.exe
C:\WINDOWS\system32\fn2021fmg.dll
C:\WINDOWS\Sm9Kbw\command.exe
… og følgende mappe(r):
C:\Programmer\Toolbar888\
C:\Programmer\Network Monitor\

(5)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt nogen tid.

(6)
Kør Cleanup. Gå til option og sæt flueben ved cookies, prefetch, temp og all users. Tryk på “cleanup”.

(7)
Start KillBox, sæt prik i "Delete on reboot", kopier nedenstående filnavn(e) til tekstfeltet i Killbox og klik herefter på den røde knap med det hvide kryds. Gentag det for alle filerne, men sig først ja til at genstarte, når du kommer til den sidste fil. Du skal genstarte i fejlsikret tilstand.

C:\WINDOWS\Sm9Kbw\command.exe
C:\Programmer\Network Monitor\netmon.exe

(8)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(9)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.

(10)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.
Avatar billede martin-alm Nybegynder
27. marts 2006 - 13:30 #4
ok efter noget slid ser det nu sådan her ud... dog stadig med pop ups :(

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Logitech\G-series Software\LGDCore.exe
C:\Programmer\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDClock.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\JoJo\Skrivebord\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\fpr8039ue.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
27. marts 2006 - 13:42 #5
(Generelt - du skal lige have toppen med fra Loggen...)
Avatar billede martin-alm Nybegynder
27. marts 2006 - 13:44 #6
sådan her?

Logfile of HijackThis v1.99.1
Scan saved at 13:46:27, on 27-03-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Logitech\G-series Software\LGDCore.exe
C:\Programmer\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDClock.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\JoJo\Skrivebord\hijackthis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\fpr8039ue.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Avatar billede levich Nybegynder
27. marts 2006 - 15:17 #7
Det er blevet fjernet noget, og resten skal nok også blive fjernet.

Jeg er sikkert på, at følge linjer er snavs:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\fpr8039ue.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)

... men linjerne med 010 tror jeg ikke er snavs, men er usikker. Hvad siger I andre eksperter? F.eks. dr1, som er med på en kigger.
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
Avatar billede martin-alm Nybegynder
27. marts 2006 - 15:28 #8
tja jo mere man kan få væk jo bedre.  nu ser det sådan her ud

Logfile of HijackThis v1.99.1
Scan saved at 15:28:06, on 27-03-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Logitech\G-series Software\LGDCore.exe
C:\Programmer\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDClock.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\JoJo\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\o6ro0g93e6.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


den her linie kunne jeg åbenbart ik fjerne

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)
Avatar billede ejvindh Ekspert
27. marts 2006 - 16:59 #9
Levich: nvappfilter.dll er legal: http://castlecops.com/lsp-164.html

O20-linien er en l2m-infektion. Vil du eller skal jeg føre kniven imod dén?
Avatar billede martin-alm Nybegynder
27. marts 2006 - 22:50 #10
nogen orakler???

har stadig tons af popup ;(
Avatar billede levich Nybegynder
27. marts 2006 - 23:55 #11
Tak til ejvindh.

(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Hent L2mfix.exe fra et af disse steder: http://www.atribune.org/downloads/l2mfix.exe eller http://www.downloads.subratam.org/l2mfix.exe

De andre programmer har du allerede hentet.

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\o6ro0g93e6.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)

(4)
Dobbeltklik på l2mfix.exe, vælg install og følg instruktionerne. Åben herefter den nye mappe der er dannet på dit Skrivebord (l2mfix). Dobbeltklik på l2mfix.bat og vælg option 1 (Run Find log) ved at taste "1" og "Enter". Din computer bliver nu scannet - efter et par minutter åbnes en tekstfil i Notesblok. Gem denne tekstfil.
NB: Du må ikke køre option 2 eller andre af filerne i l2mfix mappen, før du er blevet bedt om det.

(5)
Åbn en tilfældig mappe, i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende fil(er):
C:\WINDOWS\system32\o6ro0g93e6.dll
C:\WINDOWS\Sm9Kbw\command.exe

(6)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt nogen tid.

(7)
Kør Cleanup. Gå til option og sæt flueben ved cookies, prefetch, temp og all users. Tryk på “cleanup”.

(8)
Start KillBox, sæt prik i "Delete on reboot", kopier nedenstående filnavn(e) til tekstfeltet i Killbox og klik herefter på den røde knap med det hvide kryds. Gentag det for alle filerne, men sig først ja til at genstarte, når du kommer til den sidste fil. Du skal genstarte i fejlsikret tilstand.

C:\WINDOWS\Sm9Kbw\command.exe

(9)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(10)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind sammen med tekstfilen fra l2mfix.

(11)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.
28. marts 2006 - 06:35 #12
... der er selvfølgelig 'talen':

Ved du hvad WindowsUpdate og M$ ServicePack/Sikkerhedsopdateringer er for noget - for din putter ved dette tilsyneladende ikke !!!

"Ubeskyttede pc’er holder i 20 minutter" http://forum.mib-eu.dk/forum_posts.asp?TID=44

Nævnte ServicePack2 (SP2) ka' let sakses fra http://intern.sdu.dk/enheder/it-service/tjenester/ftphotel/ftpindhold

Men først når din putter er 'REN' !!!

Install SP2... og efter en genstart eller to så gå til WindowsUpdate http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=da for de nyeste opdateringer... der skal nok være >40 'pakker' ...

Eller ses vi snart igen ... i virus kategorien...

Safe Surfing...


(Derfor skulle toppen med fra Loggen ...)
Avatar billede martin-alm Nybegynder
28. marts 2006 - 17:15 #13
ok nu ser hijack sådan her ud.

Logfile of HijackThis v1.99.1
Scan saved at 17:16:38, on 28-03-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Logitech\G-series Software\LGDCore.exe
C:\Programmer\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDClock.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\JoJo\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\l6j80g1ue6.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



og L2MFIX sådan her.


L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\gp2ql3f51.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D74ABAA1-F7F4-1E3A-A2CA-05783DBC1E46}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Egenskabsark for multimediefiler"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerstyring"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Sikkerhedsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskabsside for OLE-dokumentfil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rm"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security-side"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Udvidelsen Diskcopy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Gr‘nsefladeudvidelser til Microsoft Windows-netv‘rksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-sk‘rmstyring"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerstyring"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Gr‘nsefladeudvidelser til filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Gr‘nsefladeudvidelse til webudskrift"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontekstmenu til kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Rejsetaske"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-ikon"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Sikkerhedsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-filtype"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto signeringsfiltype"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netv‘rksforbindelser"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netv‘rksforbindelser"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-udvidelser til Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-dataforbindelse"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte opgaver"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Proceslinje og menuen Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›g"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="K›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internettet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="V‘rkt›jslinje til Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Webs›gning"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Redigeringsboks til adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-oversigtstjeneste"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Oversigt"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbillede til Internet Explorer 4-suiten"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internettet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-cachemappe"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Programstyring"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Opt‘lling af installerede programmer"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Udpakning af miniaturer til GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Dokumentinfo om miniaturehandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Udpakning af HTML-miniaturer"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Guiden Webudgivelse"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestil billedudskrift over World Wide Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objekt til guiden Webudgivelse"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Guiden F† et Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brugerkonti"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Genvej til kanal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappen Offlinefiler"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Efter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}"=""
"{755BA921-84FA-4A30-85EB-62E4784424F4}"=""
"{0847BE31-92A9-453C-A6A7-E7C41BF2259A}"=""
"{036AD6B3-93A7-44FA-A4E3-BCCB0E246CE4}"=""
"{ACFBA402-4D81-4C97-A55D-85ED7474085A}"=""
"{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}"=""
"{871A1D96-8036-4F5D-A322-0FC66D908FD2}"=""
"{BC3C2769-3F4D-4BAE-982C-45B9550002FA}"=""
"{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}"=""
"{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}"=""
"{9FF89D84-EDF7-4C51-ADE1-25C0DF93CC9C}"=""
"{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}"=""
"{4DC20D90-E7BD-40C8-89C4-CE104232406D}"=""
"{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}"=""
"{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}"=""
"{767FBEAF-84C4-4231-BD0E-F2F9794AA337}"=""
"{823199E1-C23E-4665-924E-B9628F03612C}"=""
"{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}"=""
"{63F0E4E7-A94F-43D2-A470-2E41E2179F62}"=""
"{81FA23EA-24D3-43F9-8099-49495FBEE172}"=""
"{C0C6219B-6A52-443C-891E-FE325710334B}"=""
"{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}"=""
"{86346858-1C8D-49A0-88AD-1A837EF9FCB4}"=""
"{E7C532D1-5832-4161-81D2-A8A66E06BD2D}"=""
"{3C6CA1ED-9183-4D4D-A884-D163976EC67F}"=""
"{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}\InprocServer32]
@="C:\\WINDOWS\\system32\\psrfos.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{755BA921-84FA-4A30-85EB-62E4784424F4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{755BA921-84FA-4A30-85EB-62E4784424F4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{755BA921-84FA-4A30-85EB-62E4784424F4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{755BA921-84FA-4A30-85EB-62E4784424F4}\InprocServer32]
@="C:\\WINDOWS\\system32\\oVkley.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ACFBA402-4D81-4C97-A55D-85ED7474085A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ACFBA402-4D81-4C97-A55D-85ED7474085A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ACFBA402-4D81-4C97-A55D-85ED7474085A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ACFBA402-4D81-4C97-A55D-85ED7474085A}\InprocServer32]
@="C:\\WINDOWS\\system32\\kydhe220.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\fnamebuf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{871A1D96-8036-4F5D-A322-0FC66D908FD2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871A1D96-8036-4F5D-A322-0FC66D908FD2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871A1D96-8036-4F5D-A322-0FC66D908FD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871A1D96-8036-4F5D-A322-0FC66D908FD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\pnnppagn.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BC3C2769-3F4D-4BAE-982C-45B9550002FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC3C2769-3F4D-4BAE-982C-45B9550002FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC3C2769-3F4D-4BAE-982C-45B9550002FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC3C2769-3F4D-4BAE-982C-45B9550002FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\rBsmxs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}\InprocServer32]
@="C:\\WINDOWS\\system32\\vva.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}\InprocServer32]
@="C:\\WINDOWS\\system32\\idign32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\nrrscs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}\InprocServer32]
@="C:\\WINDOWS\\system32\\cucdll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdhe319.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{767FBEAF-84C4-4231-BD0E-F2F9794AA337}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{767FBEAF-84C4-4231-BD0E-F2F9794AA337}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{767FBEAF-84C4-4231-BD0E-F2F9794AA337}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{767FBEAF-84C4-4231-BD0E-F2F9794AA337}\InprocServer32]
@="C:\\WINDOWS\\system32\\wzbcheck.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{823199E1-C23E-4665-924E-B9628F03612C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{823199E1-C23E-4665-924E-B9628F03612C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{823199E1-C23E-4665-924E-B9628F03612C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{823199E1-C23E-4665-924E-B9628F03612C}\InprocServer32]
@="C:\\WINDOWS\\system32\\ukrv42a.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkrawex.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{63F0E4E7-A94F-43D2-A470-2E41E2179F62}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{63F0E4E7-A94F-43D2-A470-2E41E2179F62}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{63F0E4E7-A94F-43D2-A470-2E41E2179F62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{63F0E4E7-A94F-43D2-A470-2E41E2179F62}\InprocServer32]
@="C:\\WINDOWS\\system32\\wysdmoe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{81FA23EA-24D3-43F9-8099-49495FBEE172}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81FA23EA-24D3-43F9-8099-49495FBEE172}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81FA23EA-24D3-43F9-8099-49495FBEE172}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81FA23EA-24D3-43F9-8099-49495FBEE172}\InprocServer32]
@="C:\\WINDOWS\\system32\\WKDMLOG.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0C6219B-6A52-443C-891E-FE325710334B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0C6219B-6A52-443C-891E-FE325710334B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0C6219B-6A52-443C-891E-FE325710334B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0C6219B-6A52-443C-891E-FE325710334B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\mivcp50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{86346858-1C8D-49A0-88AD-1A837EF9FCB4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86346858-1C8D-49A0-88AD-1A837EF9FCB4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86346858-1C8D-49A0-88AD-1A837EF9FCB4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86346858-1C8D-49A0-88AD-1A837EF9FCB4}\InprocServer32]
@="C:\\WINDOWS\\system32\\modimap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E7C532D1-5832-4161-81D2-A8A66E06BD2D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7C532D1-5832-4161-81D2-A8A66E06BD2D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7C532D1-5832-4161-81D2-A8A66E06BD2D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7C532D1-5832-4161-81D2-A8A66E06BD2D}\InprocServer32]
@="C:\\WINDOWS\\system32\\evcapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3C6CA1ED-9183-4D4D-A884-D163976EC67F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C6CA1ED-9183-4D4D-A884-D163976EC67F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C6CA1ED-9183-4D4D-A884-D163976EC67F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C6CA1ED-9183-4D4D-A884-D163976EC67F}\InprocServer32]
@="C:\\WINDOWS\\system32\\jysh400.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}\InprocServer32]
@="C:\\WINDOWS\\system32\\iTssam.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
  atmtd.dll      Mon 27 Mar 2006  0.54.36  A....        687.592  671,48 K
  en06l1~1.dll  Mon 27 Mar 2006  20.45.18  ..S.R        236.939  231,38 K
  gp2ql3~1.dll  Mon 27 Mar 2006  20.44.02  ..S.R        237.024  231,47 K
  __dele~1.dll  Tue 28 Mar 2006  16.38.44  A....        237.024  231,47 K

4 items found:  4 files (2 H/S), 0 directories.
  Total of file sizes:  1.398.579 bytes      1,33 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
  guard.tmp      Tue 28 Mar 2006  16.38.46  A....        233.532  228,06 K

1 item found:  1 file, 0 directories.
  Total of file sizes:  233.532 bytes    228,06 K
**********************************************************************************
Directory Listing of system files:
Disken i drev C har ikke noget navn.
Diskens serienummer er C05F-E861

Indhold af C:\WINDOWS\System32

28-03-2006  16:44    <DIR>          ..
28-03-2006  16:44    <DIR>          .
27-03-2006  20:45          236.939 en06l1ds1.dll
27-03-2006  20:44          237.024 gp2ql3f51.dll
27-03-2006  12:38    <DIR>          dllcache
              2 fil(er)          473.963 byte
Avatar billede levich Nybegynder
28. marts 2006 - 22:51 #14
Godt så.

Dobbeltklik på l2mfix.bat og vælg option 2 (Run Fix) ved at taste "2" og "Enter". Tryk en vilkårlig knap, og computeren genstarter. Skrivebordet og ikonerne forsvinder et øjeblik (dette er normalt). L2mfix scanner og slutter med at åbne notepad med en log. Kopier denne log sammen med en ny log fra hijackthis herind.
Avatar billede martin-alm Nybegynder
29. marts 2006 - 00:31 #15
så det også gjordt..

L2mfix 032106
Creating Account.
Kommandoen blev udf›rt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX  ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 732 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 816 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1692 'explorer.exe'
Killing PID 1692 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1560 'rundll32.exe'
Killing PID 1884 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administratorer  ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
        1 fil(er) kopieret.
        1 fil(er) kopieret.
        1 fil(er) kopieret.
        1 fil(er) kopieret.
Deleting: C:\WINDOWS\system32\__delete_on_reboot__Amdiodev.dll 
Successfully Deleted: C:\WINDOWS\system32\__delete_on_reboot__Amdiodev.dll 
Deleting: C:\WINDOWS\system32\enpsl1771.dll 
Successfully Deleted: C:\WINDOWS\system32\enpsl1771.dll 
Deleting: C:\WINDOWS\system32\l6j80g1ue6.dll 
Successfully Deleted: C:\WINDOWS\system32\l6j80g1ue6.dll 
Deleting: C:\WINDOWS\system32\guard.tmp 
Successfully Deleted: C:\WINDOWS\system32\guard.tmp 

msg11?.dll
        0 fil(er) kopieret.



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l6j80g1ue6.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\__delete_on_reboot__Amdiodev.dll
C:\WINDOWS\system32\enpsl1771.dll
C:\WINDOWS\system32\l6j80g1ue6.dll
C:\WINDOWS\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok. 
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}\InprocServer32]
@="C:\\WINDOWS\\system32\\psrfos.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{755BA921-84FA-4A30-85EB-62E4784424F4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{755BA921-84FA-4A30-85EB-62E4784424F4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{755BA921-84FA-4A30-85EB-62E4784424F4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{755BA921-84FA-4A30-85EB-62E4784424F4}\InprocServer32]
@="C:\\WINDOWS\\system32\\oVkley.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{ACFBA402-4D81-4C97-A55D-85ED7474085A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ACFBA402-4D81-4C97-A55D-85ED7474085A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ACFBA402-4D81-4C97-A55D-85ED7474085A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ACFBA402-4D81-4C97-A55D-85ED7474085A}\InprocServer32]
@="C:\\WINDOWS\\system32\\kydhe220.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\fnamebuf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{871A1D96-8036-4F5D-A322-0FC66D908FD2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871A1D96-8036-4F5D-A322-0FC66D908FD2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871A1D96-8036-4F5D-A322-0FC66D908FD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871A1D96-8036-4F5D-A322-0FC66D908FD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\pnnppagn.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BC3C2769-3F4D-4BAE-982C-45B9550002FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC3C2769-3F4D-4BAE-982C-45B9550002FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC3C2769-3F4D-4BAE-982C-45B9550002FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC3C2769-3F4D-4BAE-982C-45B9550002FA}\InprocServer32]
@="C:\\WINDOWS\\system32\\rBsmxs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}\InprocServer32]
@="C:\\WINDOWS\\system32\\vva.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}\InprocServer32]
@="C:\\WINDOWS\\system32\\idign32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\nrrscs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}\InprocServer32]
@="C:\\WINDOWS\\system32\\cucdll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdhe319.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{767FBEAF-84C4-4231-BD0E-F2F9794AA337}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{767FBEAF-84C4-4231-BD0E-F2F9794AA337}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{767FBEAF-84C4-4231-BD0E-F2F9794AA337}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{767FBEAF-84C4-4231-BD0E-F2F9794AA337}\InprocServer32]
@="C:\\WINDOWS\\system32\\wzbcheck.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{823199E1-C23E-4665-924E-B9628F03612C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{823199E1-C23E-4665-924E-B9628F03612C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{823199E1-C23E-4665-924E-B9628F03612C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{823199E1-C23E-4665-924E-B9628F03612C}\InprocServer32]
@="C:\\WINDOWS\\system32\\ukrv42a.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkrawex.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{63F0E4E7-A94F-43D2-A470-2E41E2179F62}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{63F0E4E7-A94F-43D2-A470-2E41E2179F62}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{63F0E4E7-A94F-43D2-A470-2E41E2179F62}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{63F0E4E7-A94F-43D2-A470-2E41E2179F62}\InprocServer32]
@="C:\\WINDOWS\\system32\\wysdmoe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{81FA23EA-24D3-43F9-8099-49495FBEE172}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81FA23EA-24D3-43F9-8099-49495FBEE172}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81FA23EA-24D3-43F9-8099-49495FBEE172}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81FA23EA-24D3-43F9-8099-49495FBEE172}\InprocServer32]
@="C:\\WINDOWS\\system32\\WKDMLOG.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C0C6219B-6A52-443C-891E-FE325710334B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0C6219B-6A52-443C-891E-FE325710334B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0C6219B-6A52-443C-891E-FE325710334B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0C6219B-6A52-443C-891E-FE325710334B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\mivcp50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{86346858-1C8D-49A0-88AD-1A837EF9FCB4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86346858-1C8D-49A0-88AD-1A837EF9FCB4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86346858-1C8D-49A0-88AD-1A837EF9FCB4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{86346858-1C8D-49A0-88AD-1A837EF9FCB4}\InprocServer32]
@="C:\\WINDOWS\\system32\\modimap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E7C532D1-5832-4161-81D2-A8A66E06BD2D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7C532D1-5832-4161-81D2-A8A66E06BD2D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7C532D1-5832-4161-81D2-A8A66E06BD2D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E7C532D1-5832-4161-81D2-A8A66E06BD2D}\InprocServer32]
@="C:\\WINDOWS\\system32\\evcapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3C6CA1ED-9183-4D4D-A884-D163976EC67F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C6CA1ED-9183-4D4D-A884-D163976EC67F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C6CA1ED-9183-4D4D-A884-D163976EC67F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C6CA1ED-9183-4D4D-A884-D163976EC67F}\InprocServer32]
@="C:\\WINDOWS\\system32\\jysh400.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}\InprocServer32]
@="C:\\WINDOWS\\system32\\iTssam.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6AB63696-7EAF-4FAF-A6AB-36D3B98F0125}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6AB63696-7EAF-4FAF-A6AB-36D3B98F0125}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6AB63696-7EAF-4FAF-A6AB-36D3B98F0125}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6AB63696-7EAF-4FAF-A6AB-36D3B98F0125}\InprocServer32]
@="C:\\WINDOWS\\system32\\Amdiodev.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}"=-
"{755BA921-84FA-4A30-85EB-62E4784424F4}"=-
"{0847BE31-92A9-453C-A6A7-E7C41BF2259A}"=-
"{036AD6B3-93A7-44FA-A4E3-BCCB0E246CE4}"=-
"{ACFBA402-4D81-4C97-A55D-85ED7474085A}"=-
"{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}"=-
"{871A1D96-8036-4F5D-A322-0FC66D908FD2}"=-
"{BC3C2769-3F4D-4BAE-982C-45B9550002FA}"=-
"{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}"=-
"{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}"=-
"{9FF89D84-EDF7-4C51-ADE1-25C0DF93CC9C}"=-
"{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}"=-
"{4DC20D90-E7BD-40C8-89C4-CE104232406D}"=-
"{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}"=-
"{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}"=-
"{767FBEAF-84C4-4231-BD0E-F2F9794AA337}"=-
"{823199E1-C23E-4665-924E-B9628F03612C}"=-
"{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}"=-
"{63F0E4E7-A94F-43D2-A470-2E41E2179F62}"=-
"{81FA23EA-24D3-43F9-8099-49495FBEE172}"=-
"{C0C6219B-6A52-443C-891E-FE325710334B}"=-
"{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}"=-
"{86346858-1C8D-49A0-88AD-1A837EF9FCB4}"=-
"{E7C532D1-5832-4161-81D2-A8A66E06BD2D}"=-
"{3C6CA1ED-9183-4D4D-A884-D163976EC67F}"=-
"{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}"=-
"{6AB63696-7EAF-4FAF-A6AB-36D3B98F0125}"=-
[-HKEY_CLASSES_ROOT\CLSID\{E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03}]
[-HKEY_CLASSES_ROOT\CLSID\{755BA921-84FA-4A30-85EB-62E4784424F4}]
[-HKEY_CLASSES_ROOT\CLSID\{0847BE31-92A9-453C-A6A7-E7C41BF2259A}]
[-HKEY_CLASSES_ROOT\CLSID\{036AD6B3-93A7-44FA-A4E3-BCCB0E246CE4}]
[-HKEY_CLASSES_ROOT\CLSID\{ACFBA402-4D81-4C97-A55D-85ED7474085A}]
[-HKEY_CLASSES_ROOT\CLSID\{F9BBA9EB-1F04-4572-8C4E-582D0DF775E6}]
[-HKEY_CLASSES_ROOT\CLSID\{871A1D96-8036-4F5D-A322-0FC66D908FD2}]
[-HKEY_CLASSES_ROOT\CLSID\{BC3C2769-3F4D-4BAE-982C-45B9550002FA}]
[-HKEY_CLASSES_ROOT\CLSID\{4B506E9E-580B-41F3-ABA5-0AD9EFFDB842}]
[-HKEY_CLASSES_ROOT\CLSID\{A5CD4E46-FEB5-473F-B3BC-BD6970E17560}]
[-HKEY_CLASSES_ROOT\CLSID\{9FF89D84-EDF7-4C51-ADE1-25C0DF93CC9C}]
[-HKEY_CLASSES_ROOT\CLSID\{FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1}]
[-HKEY_CLASSES_ROOT\CLSID\{4DC20D90-E7BD-40C8-89C4-CE104232406D}]
[-HKEY_CLASSES_ROOT\CLSID\{0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD}]
[-HKEY_CLASSES_ROOT\CLSID\{F81B09B9-8AF3-4F9B-81B2-237BBBD5E802}]
[-HKEY_CLASSES_ROOT\CLSID\{767FBEAF-84C4-4231-BD0E-F2F9794AA337}]
[-HKEY_CLASSES_ROOT\CLSID\{823199E1-C23E-4665-924E-B9628F03612C}]
[-HKEY_CLASSES_ROOT\CLSID\{2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3}]
[-HKEY_CLASSES_ROOT\CLSID\{63F0E4E7-A94F-43D2-A470-2E41E2179F62}]
[-HKEY_CLASSES_ROOT\CLSID\{81FA23EA-24D3-43F9-8099-49495FBEE172}]
[-HKEY_CLASSES_ROOT\CLSID\{C0C6219B-6A52-443C-891E-FE325710334B}]
[-HKEY_CLASSES_ROOT\CLSID\{C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8}]
[-HKEY_CLASSES_ROOT\CLSID\{86346858-1C8D-49A0-88AD-1A837EF9FCB4}]
[-HKEY_CLASSES_ROOT\CLSID\{E7C532D1-5832-4161-81D2-A8A66E06BD2D}]
[-HKEY_CLASSES_ROOT\CLSID\{3C6CA1ED-9183-4D4D-A884-D163976EC67F}]
[-HKEY_CLASSES_ROOT\CLSID\{FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1}]
[-HKEY_CLASSES_ROOT\CLSID\{6AB63696-7EAF-4FAF-A6AB-36D3B98F0125}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
  adding: dlls/enpsl1771.dll (188 bytes security) (deflated 4%)
  adding: dlls/guard.tmp (188 bytes security) (deflated 5%)
  adding: dlls/l6j80g1ue6.dll (188 bytes security) (deflated 4%)
  adding: dlls/__delete_on_reboot__Amdiodev.dll (188 bytes security) (deflated 4%)
  adding: backregs/0FB8CD82-951D-4FF8-9BB3-2D68EF3417AD.reg (188 bytes security) (deflated 70%)
  adding: backregs/2FF5ECE1-20B5-4953-8A56-5B9693BA6AB3.reg (188 bytes security) (deflated 70%)
  adding: backregs/3C6CA1ED-9183-4D4D-A884-D163976EC67F.reg (188 bytes security) (deflated 70%)
  adding: backregs/4B506E9E-580B-41F3-ABA5-0AD9EFFDB842.reg (188 bytes security) (deflated 70%)
  adding: backregs/63F0E4E7-A94F-43D2-A470-2E41E2179F62.reg (188 bytes security) (deflated 70%)
  adding: backregs/6AB63696-7EAF-4FAF-A6AB-36D3B98F0125.reg (188 bytes security) (deflated 70%)
  adding: backregs/755BA921-84FA-4A30-85EB-62E4784424F4.reg (188 bytes security) (deflated 70%)
  adding: backregs/767FBEAF-84C4-4231-BD0E-F2F9794AA337.reg (188 bytes security) (deflated 70%)
  adding: backregs/81FA23EA-24D3-43F9-8099-49495FBEE172.reg (188 bytes security) (deflated 70%)
  adding: backregs/823199E1-C23E-4665-924E-B9628F03612C.reg (188 bytes security) (deflated 70%)
  adding: backregs/86346858-1C8D-49A0-88AD-1A837EF9FCB4.reg (188 bytes security) (deflated 70%)
  adding: backregs/871A1D96-8036-4F5D-A322-0FC66D908FD2.reg (188 bytes security) (deflated 70%)
  adding: backregs/A5CD4E46-FEB5-473F-B3BC-BD6970E17560.reg (188 bytes security) (deflated 70%)
  adding: backregs/ACFBA402-4D81-4C97-A55D-85ED7474085A.reg (188 bytes security) (deflated 70%)
  adding: backregs/BC3C2769-3F4D-4BAE-982C-45B9550002FA.reg (188 bytes security) (deflated 70%)
  adding: backregs/C0C6219B-6A52-443C-891E-FE325710334B.reg (188 bytes security) (deflated 70%)
  adding: backregs/C1F4BBAE-15FC-451E-9AE9-B3B7A13A90A8.reg (188 bytes security) (deflated 70%)
  adding: backregs/E6AAD2FE-B203-4A4F-A7F6-6874CE1FAC03.reg (188 bytes security) (deflated 69%)
  adding: backregs/E7C532D1-5832-4161-81D2-A8A66E06BD2D.reg (188 bytes security) (deflated 70%)
  adding: backregs/F81B09B9-8AF3-4F9B-81B2-237BBBD5E802.reg (188 bytes security) (deflated 69%)
  adding: backregs/F9BBA9EB-1F04-4572-8C4E-582D0DF775E6.reg (188 bytes security) (deflated 70%)
  adding: backregs/FC3BE2F8-10B4-4E29-A8F1-953C9A7B82E1.reg (188 bytes security) (deflated 70%)
  adding: backregs/FFDFFB7F-258F-46A5-BC85-C7A4C82E61F1.reg (188 bytes security) (deflated 70%)
  adding: backregs/notibac.reg (188 bytes security) (deflated 62%)
  adding: backregs/shell.reg (188 bytes security) (deflated 72%)


og hijackthis;

Logfile of HijackThis v1.99.1
Scan saved at 00:30:56, on 29-03-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Logitech\G-series Software\LGDCore.exe
C:\Programmer\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Steam\Steam.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Programmer\Logitech\G-series Software\Applets\LCDClock.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\JoJo\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programmer\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\l6j80g1ue6.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

jeg skylder dig en stor tak om end vi ik for alt fjernet har du sgu gjord en fantastisk indstats.
Avatar billede martin-alm Nybegynder
29. marts 2006 - 01:01 #16
skal måske nævne jeg ik har haft en popup siden sidtse reboot ;) tror den er ved at være der;)
Avatar billede levich Nybegynder
29. marts 2006 - 10:04 #17
Det er godt at høre, men følgende linjer er stadig at se i hijackthis:
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\l6j80g1ue6.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9Kbw\command.exe (file missing)

Prøv at gentage punkterne 1, 3, 5, 6, 7, 8, 9 ,10 og 11  fra ovenstående vejledningen, som jeg skrev den 27/03-2006 kl. 23:55:15, og efterfulgt af en grudig scanning med et antivirusprogram.
Hvis det ikke virker, så ved jeg ikke hvad du skal gøre.
Avatar billede martin-alm Nybegynder
31. marts 2006 - 12:14 #18
min computer er Nu som den var før ;) dog med SP 2 ;)

Levich vil gerne gi dig point så vis du smider et svar :)
Avatar billede levich Nybegynder
01. april 2006 - 00:06 #19
svar
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester



IT-JOB

MAN Energy Solutions

Principal Expert DevOps

Netcompany A/S

Test Specialist

Danske Commodities A/S

Data technician trainee

Netcompany A/S

IT Consultant