Hjælp, min pc er inficeret, kan nogen hjælpe med en renselsesproc

Har du ikke et opdateret antivirus-program og firewall. Samtidig vil jeg anbefale dig at anskaffe Ad-Aware SE Personal, som er en spywareskanner. Spybot - Search & Destroy som også er en skanner. Spywareblaster som er et program som opdateres med links for adware og lignende dårligdomme, som den lægger ind under internetindstillinger-klassificerede websteder, som er websteder der skadelige for computeren. Det var en lidt længere afhandling hvis du allerede har det i forvejen, men jeg håber det kan hjælpe dig.

Følg denne http://www.eksperten.dk/artikler/954 - ikke mig der følger op.

tak for det hurtige svar, problemet er bare lige nu, at når jeg forsøger at installere SAS så melder den tilbage at den ikke kan opnå adgang til Windows Installer

Og her er forresten lige en hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 16:46:27, on 06-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\htpatch.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Antivirusprogrammer\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {98394CE5-C205-C784-E67B-02588D51CCC9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [prgsys0984] Bogobot.exe
O4 - HKLM\..\Run: [JAguAr] XTermInit.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PizzaFrenzySetup.exe] C:\DOWNLO~1\PIZZAF~1.EXE /r
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [KillAndClean] "C:\Programmer\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [backorif] keybdll.exe
O4 - HKCU\..\Run: [xsetup] Dest068.exe
O4 - HKCU\..\Run: [zantu] ActionScr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CF2B398-6881-4751-9E3D-CEB7D8995AD5}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{7585EAF9-C223-42E6-8AB2-9DB83C32A28A}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC87FD7E-8E0C-41E6-9569-B909D4FA2957}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{6CF2B398-6881-4751-9E3D-CEB7D8995AD5}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O17 - HKLM\System\CS3\Services\Tcpip\..\{6CF2B398-6881-4751-9E3D-CEB7D8995AD5}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O18 - Protocol: bw+0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw+0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw-0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw-0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw00 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw00s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw10 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw10s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw20 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw20s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw30 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw30s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw40 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw40s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw50 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw50s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw60 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw60s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw70 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw70s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw80 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw80s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw90 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bw90s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwa0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwa0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwb0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwb0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwc0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwc0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwd0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwd0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwe0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwe0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwf0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwf0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: offline-8876480 - {90A861BC-AF45-48E9-B9D4-D29B16CFC8B5} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe

Hent FixWareout fra et af disse links:

http://forums.subratam.org/index.php?act=A...e=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

Gem filen på dit Skrivebord og dobbeltklik på den. Klik Next -> Install og check, at der er et flueben i "Run fixit" - klik herefter på Finish. Fixet vil nu starte, og du skal blot følge instruktionerne. Du vil blive bedt om at genstarte din computer - gør venligst det. Genstarten vil tage lidt længere tid end normalt...

Når dit system genstarter skal du fortsat følge den vejledning, der gives på skærmen. Når fixet er færdigt vil HijackThis starte automatisk - klik på Scan, og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

R3 - URLSearchHook: (no name) - {98394CE5-C205-C784-E67B-02588D51CCC9} - (no file)
O4 - HKLM\..\Run: [prgsys0984] Bogobot.exe
O4 - HKLM\..\Run: [JAguAr] XTermInit.exe
O4 - HKCU\..\Run: [PizzaFrenzySetup.exe] C:\DOWNLO~1\PIZZAF~1.EXE /r
O4 - HKCU\..\Run: [KillAndClean] "C:\Programmer\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [backorif] keybdll.exe
O4 - HKCU\..\Run: [xsetup] Dest068.exe
O4 - HKCU\..\Run: [zantu] ActionScr.exe

Fjern kun 017 linierne hvis du ikke kender ip adressen:
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CF2B398-6881-4751-9E3D-CEB7D8995AD5}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{7585EAF9-C223-42E6-8AB2-9DB83C32A28A}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC87FD7E-8E0C-41E6-9569-B909D4FA2957}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{6CF2B398-6881-4751-9E3D-CEB7D8995AD5}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112
O17 - HKLM\System\CS3\Services\Tcpip\..\{6CF2B398-6881-4751-9E3D-CEB7D8995AD5}: NameServer = 85.255.114.92,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.92 85.255.112.112

Alle 018 linier


Luk HJT og klik på OK for at fortsætte. Genstart din computer, og kopier indholdet af C:\fixwareout\report.txt herind sammen med en frisk HijackThis log.

Ved ikke lige hvad der sker men min comupter genstarter ikke af sig selv. Når den dialogbox fra fixwareout kommer og siger at den vil genstarte og at det kan tage længere tid end normalt trykker jeg "ok". Derefter kommer der så en dialogbox op på dansk og siger jeg skal genstarte før ændringerne træder i kraft. Dette svarer jeg så også ok til......herefter sker der ingenting, dvs. computeren genstarter ikke men programmet er lukket.

Jeg må hellere lige tilføje at når jeg starter fixwareout dukker der en dosprompt op med følgende tekst......

"This batch will remove WareOutand, UnSpyPC from your system.
Use at your own risk.
Tryk på en vilkårlig tast for at fortsætte . . ."

Hvorefter jeg trykker på space og fixwareout blot fortsætter som normalt

Skal jeg blot genstarte med reboot knappen

hov, vent lige lidt.......når jeg trykker på space for at komme videre fra DOS prompten skriver den følgende....

"Script registered to run on reboot."

du skal trykke "enter" og som jeg sagde tidligere tager det længere tid at genstarte dette er normalt.

Fixwareout ver 1.003
Last edited 2/15/2006
Post this report in the forums please

Reg Entries that were deleted
...

Random Runs removed from HKLM
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
Beklager den lange ventetid men den genstartede ikke af sig selv så jeg lod den stå i næsten to timer i håb om at den gjorde det. Herefter genstartede jeg så med reboot knappen på toweret. Hijackthis skulle herefter startes manuelt men hvorom alt er så er rapporterne herunder.......på forhånd tusind tak for din tålmodighed



* csr.exe  C:\WINDOWS\System32\CSQCU.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool



--------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:02:41, on 06-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\htpatch.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Antivirusprogrammer\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe

Det ser meget bedre ud ;)

gå til:
start > kontrolpanel > tilføj/fjern programmer
Fjern: Killandclean

genstart

slet mappen:
C:\Programmer\KillAndClean < mappen skal fjernes

Opdater Ewido og kør en full system scan og kopier loggen herind sammen med en frisk log fra Hijackthis :)

kunne ikke finde killandclean hverken under tilføj/fjern programmer eller som mappe i C:\Programmer\ og jeg har derfor ikke genstartet...

Men jeg vil da godt lige tilføje at det har hjulpet......min PC kører BETYDELIGT bedre nu......meget betydeligt bedre :-)

det er godt at høre din PC kører bedre nu ;D

Jeg vil gerne se ewido loggen, uden den kan jeg ikke erklære din PC ren endnu :)

ps.
smider lige et svar :P

jeg scanner på livet løs......smider ewido loggen herind så snart den er klar, men det ser ud til at tage lidt tid endnu

det er bare iorden :D

Hej Fazli

Beklager ventetiden (endnu en gang) men da kl. var omkring midnat i går var en kun fjærdig med at scanne ca. 50% og jeg kunne sq ikke holde mig vågen til at sidde og vente på at de sidste 50% skulle blive færdig.
Anyway....her er så resultatet af scanningen sammen med en frisk hjt.


---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            08:15:21, 07-07-2006
+ Rapport-Checksum:        AD90E927

+ Scanningsresultat:
    C:\avenger\backup-09-03-2006-20.49.10,04.zip/avenger/bw2.#om -> Adware.AdURL : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Cookies\bjarne schack@adtech[1].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Cookies\bjarne schack@c.enhance[1].txt -> TrackingCookie.Enhance : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Cookies\bjarne schack@c.goclick[1].txt -> TrackingCookie.Goclick : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Cookies\bjarne schack@serving-sys[2].txt -> TrackingCookie.Serving-sys : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Lokale indstillinger\Temp\Cookies\bjarne schack@2o7[2].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Lokale indstillinger\Temp\Cookies\bjarne schack@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Lokale indstillinger\Temp\Cookies\bjarne schack@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Lokale indstillinger\Temp\Cookies\bjarne schack@data4.perf.overture[2].txt -> TrackingCookie.Overture : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Lokale indstillinger\Temp\Cookies\bjarne schack@perf.overture[1].txt -> TrackingCookie.Overture : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Lokale indstillinger\Temp\Cookies\bjarne schack@serving-sys[2].txt -> TrackingCookie.Serving-sys : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Lokale indstillinger\Temp\Cookies\bjarne schack@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Lokale indstillinger\Temp\GLBA77.tmp/empty_00000001 -> Adware.Ucmore : Renset med backup
    C:\Documents and Settings\Bjarne Schack.BJARNE-KONTORET\Lokale indstillinger\Temp\NI.UWA6P_0001_N56M1001\setup.exe -> Trojan.Fakealert : Renset med backup
    C:\Downloads\WinBejSetup-dm[1].exe -> Adware.Trymedia : Renset med backup
    C:\Programmer\CasinoOnNet\Casino.exe -> Adware.Casino : Renset med backup
    C:\WINDOWS\system32\{1CC8B286-AA3B-49C3-8CF9-5AC43D386070}.exe -> Trojan.Puper.bx : Renset med backup
    C:\WINDOWS\system32\{62163D70-FDA6-40E3-8897-778AE9237CB0}.exe -> Adware.Msnagent : Renset med backup
    C:\WINDOWS\system32\{A4B4F360-AC90-4A31-82C5-B6BF6CE668D5}.exe -> Trojan.Small.gq : Renset med backup
    C:\WINDOWS\system32\{BE43650D-146A-40E5-90B9-952C723C42ED}.exe -> Adware.FindSpy : Renset med backup


::Rapport slut



----------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 08:21:41, on 07-07-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\htpatch.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\ewido anti-malware\oldewido.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Antivirusprogrammer\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe

Det ser fint ud :)

du kan roligt fixe disse linier med Hijackthis, det vil gøre computeren hurtigere:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE

og hvis du ikke oplever flere problemer kan jeg godt kalde din PC for ren :)

Efter et virus/spyware angreb, er det altid en god ide at rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.


vh.
Fazli

Tusind tak for det......har lige et sidste spørgsmål her på falderebet....alt det som hjt finder....er det processer som kører i baggrunden når min PC kører. Hvis det er tilfældet kan jeg så slette linier, der vedrører programmer og hardware som jeg ikke længere benytter. Her tænker jeg specifikt på linierne..

O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\PROGRA~1\iolo\SYSTEM~1\PopupStopper.exe"

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe

Ja det kan du, men de der 023 linier er lidt lumske at fjerne. skriver lige en lille tutorial til dig:

klik "Start > kør" og skriv "services.msc" . Tryk enter
I listen skal du finde følgende services:

ccEvtMgr
ccPwdSvc
ccSetMgr
SBService
SNDSrvc

Dobble klik på den og klik stop for at stoppe denne service, gå til Generelt fanen og skift starttype til deaktiveret

klik anvend og derefter OK
--

nu må du gerne fixe linierne :D

øhh.......jeg kan ikke finde nogle af ovenstående linier under "services.msc"

såeh er de fjernet ;D

så kan du bare fixe dem i Hijackthis ;D så er det hele væk

lige en afsluttende bemærkning samt et par spørgsmål.....tusind tak for hjælpen, det ser ud til at min PC kører tilnærmelsesvist normalt igen. Så skal jeg blot høre om du har modtaget hhv. point og karma for din indsats og hvis dette IKKE er tilfældet så følg lige op med en forklaring på hvordan jeg gør det. Hav en rigtig god weekend, lad nu være at bruge alt din tid foran husalteret, selvom du gør et uundværligt stykke arbejde. Ud til stranden med dig......nyd sommeren mens den er her :-) Du fortjener det

Hilsen Bjarne

Jeg gør jo bare mit arbejde :)

du skal markere mit navn ude i siden og trykke accepter =) så får jeg point og du har givet mig karma. :D

Og bare rolig, selvom det ser ud som om jeg er online 24/7 så er jeg faktisk ret tit ude i det gode vejr, på stranden og nyder det hele. Er faktisk lige kommet hjem :D
det er godt at høre det hele kører som det skal, har du brug for hjælp, er jeg her. ;)

vh.
Fazli

Done.........hav en kanon sommer :-)

i lige måde :P