CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede Karsten Rasmussen Nybegynder
12. november 2006 - 17:22 Der er 11 kommentarer og
1 løsning

Hjælp til Inficeret maskine!

Er der nogen der kan fixe denne log fra hijack, Maskinen har været inficeret med en masse snavs. Jeg vil helst ikke geninstallere den?
Avatar billede Karsten Rasmussen Nybegynder
12. november 2006 - 17:22 #1
Her kommer loggen!

Logfile of HijackThis v1.99.1
Scan saved at 17:18:37, on 12-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmer\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmer\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Programmer\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Programmer\Softwin\BitDefender9\bdoesrv.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Softwin\BitDefender9\bdnagent.exe
C:\Programmer\Softwin\BitDefender9\bdswitch.exe
C:\Programmer\LiveUpdate\LiveUpdate.exe
C:\Programmer\Adc\ADC.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmer\Softwin\BitDefender9\vsserv.exe
c:\programmer\softwin\bitdefender9\bdmcon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\karsten\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programmer\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Programmer\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [BDMCon] "C:\Programmer\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Programmer\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\programmer\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\programmer\softwin\bitdefender9\bdswitch.exe"
O4 - HKCU\..\Run: [BTCLiveUpdate] "c:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Pando] "C:\Programmer\Pando\pando.exe" /Automation
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [PMCS] "C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\Adc\ADC.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149366129218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {ABCCB0F0-514E-4BA6-989D-C67E5DBC2946} - https://netbank.danskebank.dk/download/keydownload/DB/KeyDownloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtqnlm - awtqnlm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetOp Helper ver. 9.00 (2006157) (NetOp Host for NT Service) - Danware Data A/S - C:\Programmer\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmer\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmer\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Avatar billede johnstigers Seniormester
12. november 2006 - 19:17 #2
Fix denne - så kan jeg ikke se mere i loggen.
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
Avatar billede Karsten Rasmussen Nybegynder
12. november 2006 - 21:35 #3
Er der andre, der har tid at chekke. den virker stadig forkert!
Avatar billede johnstigers Seniormester
12. november 2006 - 22:31 #4
ææææhhh....

At den virker forkert hjælper godt nok ikke meget...

Det svarer jo til at ringe til brandvæsnet og råbe: " det brænder", hvorefter brandmanden spørger: "hvor" og du svarer "i mit køkken" og så smækker røret på...
Avatar billede Karsten Rasmussen Nybegynder
12. november 2006 - 23:17 #5
jeg fik virus ind på maskinen, da jeg scannede sagde bitdefender at maskinen var inficeret med : trojan.virtumod, trojan.popupper og trojan.juan.
nu finder scanneren mange virus men kan ikke remove dem. og når jeg ser efter er antivirus og firewall slået fra.
derudover kan jeg ikke få lov at afinstallere bitdefenderen, så jeg kunne installere kaspersky.
beklager de sparsomme opl. men jeg er ikke så erfaren.
Avatar billede johnstigers Seniormester
13. november 2006 - 20:06 #6
OK ;)

http://www.eksperten.dk/artikler/954

Kør denne artikel igennem - print den gerne ud + læs den igennem først så du har downloadet det du skal downloade først.
Avatar billede Karsten Rasmussen Nybegynder
13. november 2006 - 22:11 #7
Jeg prøver, efter denne vejledning. men der går et par dage. skal passe mit arbejde.
Avatar billede Karsten Rasmussen Nybegynder
14. november 2006 - 22:40 #8
Her er de logfiler der er lavet efter vejledningen.
Dr.Web fandt ikke noget, og gav ingen log.

SUPERAntiSpyware Scan Log
Generated 11/14/2006 at 10:08 PM

Application Version : 3.3.1020

Core Rules Database Version : 3128
Trace Rules Database Version: 1146

Scan type      : Complete Scan
Total Scan Time : 00:49:26

Memory items scanned      : 166
Memory threats detected  : 0
Registry items scanned    : 6919
Registry threats detected : 37
File items scanned        : 34704
File threats detected    : 0

Unclassified.Unknown Origin
    HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}
    HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}\InprocServer32
    HKCR\CLSID\{F18F04B0-9CF1-4B93-B004-77A288BEE28B}\InprocServer32#ThreadingModel
    HKCR\CLSID\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}
    HKCR\CLSID\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}\InprocServer32
    HKCR\CLSID\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}\InprocServer32#ThreadingModel

Malware.VirusBurst
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}#Merit
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\InprocServer32
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\InprocServer32#ThreadingModel
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\kDdn
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\LxsW
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\nGXfUh
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input#Direction
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input#IsRendered
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input#AllowedZero
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input#AllowedMany
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input#ConnectsToPin
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input\Types
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output#Direction
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output#IsRendered
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output#AllowedZero
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output#AllowedMany
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output#ConnectsToPin
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output\Types
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\tYmhs
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\uezrWgoolx
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\uwmsslBM
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\vUMZrg
    HKCR\CLSID\{6A66CC28-F0A2-FCBC-D3D5-1EA3001ED26A}\xwva

Logfile of HijackThis v1.99.1
Scan saved at 22:20:06, on 14-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmer\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Programmer\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programmer\LiveUpdate\LiveUpdate.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Adc\ADC.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe
c:\programmer\softwin\bitdefender9\vsserv.exe
C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Documents and Settings\karsten\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programmer\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [PMCRemote] C:\Programmer\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [kis] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [BTCLiveUpdate] "c:\Programmer\LiveUpdate\LiveUpdate.exe" /autostart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Pando] "C:\Programmer\Pando\pando.exe" /Automation
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [PMCS] "C:\Programmer\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\Adc\ADC.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149366129218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {ABCCB0F0-514E-4BA6-989D-C67E5DBC2946} - https://netbank.danskebank.dk/download/keydownload/DB/KeyDownloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NetOp Helper ver. 9.00 (2006157) (NetOp Host for NT Service) - Danware Data A/S - C:\Programmer\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmer\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmer\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - c:\programmer\softwin\bitdefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Avatar billede Karsten Rasmussen Nybegynder
22. november 2006 - 18:40 #9
takker for den hurtige reaktion, maskinen er skrottet nu.
Avatar billede johnstigers Seniormester
22. november 2006 - 18:55 #10
hmm.... fik aldrig mail - næste gang så prøv at smide en kommentar mere...-
Avatar billede Karsten Rasmussen Nybegynder
02. december 2006 - 20:29 #11
Beklager, men du skal stadig have tak.
Vil du have point?
Avatar billede johnstigers Seniormester
03. december 2006 - 19:13 #12
Behold du dem bare :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 3 I går 20:49 I dag 01:12
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:49 pop up black friday Af Malm i Virus
I går 18:31 Hvor finder jeg en netværksdriver? Af jcr18 i Wifi
I går 16:49 Identificér og hent del af tekststreng Af TheLibrarian i Excel
I går 16:30 Smart vægt til fitness tracking Af Henrik i Fitness & Smartwatches
I går 08:08 touchpad virker ikke Af Malm i PC
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Audi Q6 er en super fed SUV - men gør dig selv en tjeneste og kast flere penge efter den
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Stor sag mod Microsoft kan være på vej: Beskyldes for at låse Azure-kunder fast med ulovlige metoder
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Tre Norlys-topchefer fratræder med omgående virkning: Internet-forretningen er udfordret - vil have mere fart i integrationen af Telia Danmark
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Se alle »
White paper
Teaser billede
MDR: Transparent sikkerhed og overvågning i realtid
Læs mere »
Sådan gør du: Elektronisk dokumentudveksling i praksis
Sikkerhed uden grænser: Cisco Hypershield
Er din cybersikkerhed klar til AI-revolutionen?
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »