Avatar billede Karsten Rasmussen Nybegynder
12. november 2006 - 17:22 Der er 11 kommentarer og
1 løsning

Hjælp til Inficeret maskine!

Er der nogen der kan fixe denne log fra hijack, Maskinen har været inficeret med en masse snavs. Jeg vil helst ikke geninstallere den?
Avatar billede Karsten Rasmussen Nybegynder
12. november 2006 - 17:22 #1
Her kommer loggen!

Logfile of HijackThis v1.99.1
Scan saved at 17:18:37, on 12-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmer\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmer\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Programmer\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Programmer\Softwin\BitDefender9\bdoesrv.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Softwin\BitDefender9\bdnagent.exe
C:\Programmer\Softwin\BitDefender9\bdswitch.exe
C:\Programmer\LiveUpdate\LiveUpdate.exe
C:\Programmer\Adc\ADC.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmer\Softwin\BitDefender9\vsserv.exe
c:\programmer\softwin\bitdefender9\bdmcon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\karsten\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programmer\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Programmer\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [BDMCon] "C:\Programmer\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Programmer\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programmer\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\programmer\softwin\bitdefender9\bdswitch.exe"
O4 - HKCU\..\Run: [BTCLiveUpdate] "c:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Pando] "C:\Programmer\Pando\pando.exe" /Automation
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [PMCS] "C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\Adc\ADC.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149366129218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {ABCCB0F0-514E-4BA6-989D-C67E5DBC2946} - https://netbank.danskebank.dk/download/keydownload/DB/KeyDownloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtqnlm - awtqnlm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetOp Helper ver. 9.00 (2006157) (NetOp Host for NT Service) - Danware Data A/S - C:\Programmer\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmer\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmer\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Avatar billede johnstigers Seniormester
12. november 2006 - 19:17 #2
Fix denne - så kan jeg ikke se mere i loggen.
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
Avatar billede Karsten Rasmussen Nybegynder
12. november 2006 - 21:35 #3
Er der andre, der har tid at chekke. den virker stadig forkert!
Avatar billede johnstigers Seniormester
12. november 2006 - 22:31 #4
ææææhhh....

At den virker forkert hjælper godt nok ikke meget...

Det svarer jo til at ringe til brandvæsnet og råbe: " det brænder", hvorefter brandmanden spørger: "hvor" og du svarer "i mit køkken" og så smækker røret på...
Avatar billede Karsten Rasmussen Nybegynder
12. november 2006 - 23:17 #5
jeg fik virus ind på maskinen, da jeg scannede sagde bitdefender at maskinen var inficeret med : trojan.virtumod, trojan.popupper og trojan.juan.
nu finder scanneren mange virus men kan ikke remove dem. og når jeg ser efter er antivirus og firewall slået fra.
derudover kan jeg ikke få lov at afinstallere bitdefenderen, så jeg kunne installere kaspersky.
beklager de sparsomme opl. men jeg er ikke så erfaren.
Avatar billede johnstigers Seniormester
13. november 2006 - 20:06 #6
OK ;)

http://www.eksperten.dk/artikler/954

Kør denne artikel igennem - print den gerne ud + læs den igennem først så du har downloadet det du skal downloade først.
Avatar billede Karsten Rasmussen Nybegynder
13. november 2006 - 22:11 #7
Jeg prøver, efter denne vejledning. men der går et par dage. skal passe mit arbejde.
Avatar billede Karsten Rasmussen Nybegynder
14. november 2006 - 22:40 #8
Her er de logfiler der er lavet efter vejledningen.
Dr.Web fandt ikke noget, og gav ingen log.

SUPERAntiSpyware Scan Log
Generated 11/14/2006 at 10:08 PM

Application Version : 3.3.1020

Core Rules Database Version : 3128
Trace Rules Database Version: 1146

Scan type      : Complete Scan
Total Scan Time : 00:49:26

Memory items scanned      : 166
Memory threats detected  : 0
Registry items scanned    : 6919
Registry threats detected : 37
File items scanned        : 34704
File threats detected    : 0

Unclassified.Unknown Origin
    HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}
    HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}\InprocServer32
    HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}\InprocServer32#ThreadingModel
    HKCR\CLSID\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}
    HKCR\CLSID\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}\InprocServer32
    HKCR\CLSID\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}\InprocServer32#ThreadingModel

Malware.VirusBurst
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}#Merit
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\InprocServer32
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\InprocServer32#ThreadingModel
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\kDdn
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\LxsW
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\nGXfUh
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input#Direction
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input#IsRendered
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input#AllowedZero
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input#AllowedMany
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input#ConnectsToPin
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input\Types
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output#Direction
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output#IsRendered
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output#AllowedZero
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output#AllowedMany
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output#ConnectsToPin
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output\Types
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\tYmhs
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\uezrWgoolx
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\uwmsslBM
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\vUMZrg
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\xwva

Logfile of HijackThis v1.99.1
Scan saved at 22:20:06, on 14-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmer\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Programmer\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmer\LiveUpdate\LiveUpdate.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Adc\ADC.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe
c:\programmer\softwin\bitdefender9\vsserv.exe
C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Documents and Settings\karsten\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programmer\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Programmer\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [kis] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [BTCLiveUpdate] "c:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Pando] "C:\Programmer\Pando\pando.exe" /Automation
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [PMCS] "C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\Adc\ADC.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149366129218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {ABCCB0F0-514E-4BA6-989D-C67E5DBC2946} - https://netbank.danskebank.dk/download/keydownload/DB/KeyDownloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetOp Helper ver. 9.00 (2006157) (NetOp Host for NT Service) - Danware Data A/S - C:\Programmer\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmer\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - c:\programmer\softwin\bitdefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Avatar billede Karsten Rasmussen Nybegynder
22. november 2006 - 18:40 #9
takker for den hurtige reaktion, maskinen er skrottet nu.
Avatar billede johnstigers Seniormester
22. november 2006 - 18:55 #10
hmm.... fik aldrig mail - næste gang så prøv at smide en kommentar mere...-
Avatar billede Karsten Rasmussen Nybegynder
02. december 2006 - 20:29 #11
Beklager, men du skal stadig have tak.
Vil du have point?
Avatar billede johnstigers Seniormester
03. december 2006 - 19:13 #12
Behold du dem bare :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester