---

Har lige scannet med SUPERantispyware, der fandt noget snavs, som jeg satte i karantæne

Genstartede, hvorefter en dialogbox kom op og fortalte, at systemet ikke kunne finde ibm00001.exe, og at jeg muligvis havde slettet den

Hentede den fra karantænen og genstartede - ingen dialogbox

Scannede og fik igen at vide, at der var fundet snavs

Filens placering: C:\WINDOWS\SYSTEM\ibm00001.exe

Hjemmesiden siger følgende om den:

Description : Trojan.IBM/Shell.Process is a trojan that installs under the Microsoft Shared folder in Common Files under Program Files. The files are typically around 2-10K in size and start with IBM00000X.EXE the X is a variable number between 1-9.

Så nu er spørgsmålet: laver programmet en fejl her, eller skal jeg fjerne filen, og hvad så med dialogboxen ?

---

Jeg har forsøgt at finde filen på min xp opsætning, og den er der ikke. Så den hører sikkert ikke til systemet. Jeg ville lade den blive i karantæne en uges tid. Og derefter slette den, hvis det ellers kører fint.

Jeg fandt følgende som måske kan hjælpe dig:

http://www.hol.dk/traad.asp?tid=350520&fid=13

Programmet msconfig fandt jeg her : C:\WINDOWS\ServicePackFiles\i386 på min pc.

God fornøjelse.

---

http://www.spywarefri.dk/vaerktoj.htm#hijackthis hent hijackthis her og scan med den - læg loggen herind så kommer der før eller senere nogen og kigger på den.

manualen kan du finde her:
http://www.spywarefri.dk/manualer/hijackthis-manual.htm

---

Den er god nok, den er dårlig http://www.bleepingcomputer.com/startups/ibm00001.exe-12302.html

Skidtet har skrevet sig til i Windows, og derfor reagerer Windows på den manglende fil. Ikke noget unormalt i det.

Hvis du følger Miritdk´s anvisning, så ser jeg på din HijackThis log. Spring bare alt det andet pjat over i vejledningen, og sæt Hijackthis loggen her ind.

---

Cybercity har pt fejl i deres mailsystem så store problemer med at sende og modtage

Har først fundet ud af det nu, da jeg troede det var kandus sædvanlige langsommelighed

Vender tilbage når tingene er normaliseret - foreløbig tak - håber jeg kan sende dette

---

stl_s: skal jeg fjerne exe filen inden jeg foretager mig noget med loggen - og den er så her:

Logfile of HijackThis v1.99.1
Scan saved at 17:46:54, on 15-08-2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\CREATIVE\SBAUDIGY2\SURROUND MIXER\CTSYSVOL.EXE
C:\WINDOWS\SYSTEM\CTHELPER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\LOGITECH\SETPOINT\KEM.EXE
E:\MUSIK\NY MP3\MM_TRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMER\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE
C:\PROGRAMMER\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMER\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\PROGRAMMER\MICROSOFT OFFICE\OFFICE\1030\MSOFFICE.EXE
C:\PROGRAMMER\PLUS!\SPIDER\SPIDER.EXE
C:\PROGRAMMER\MSN APPS\UPDATER\01.03.0000.1005\DA\MSNAPPAU.EXE
C:\PROGRAMMER\INCREDIMAIL\BIN\INCMAIL.EXE
C:\PROGRAMMER\INCREDIMAIL\BIN\IMAPP.EXE
C:\PROGRAMMER\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SKRIVEBORD\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAMMER\INCREDIMAIL\BIN\IMNOTFY.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internetstart.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAMMER\MSN APPS\MSN TOOLBAR\01.02.5000.1021\DA\MSNTB.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAMMER\MSN APPS\MSN TOOLBAR\01.02.5000.1021\DA\MSNTB.DLL
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Recycled\Dc162\Easy-WebPrint\Toolband.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Skan registreringsdatabase] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmer\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTStartup] :"C:\PROGRAMMER\CREATIVE\SPLASH SCREEN\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SetPoint] C:\Programmer\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [MMTray] "E:\Musik\Ny MP3\mm_tray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Planlægningsagent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmer\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAMMER\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: &AOL Toolbar Search - c:\programmer\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google-søgning - res://C:\PROGRAMMER\GOOGLE\GOOGLETOOLBAR3.DLL/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://C:\PROGRAMMER\GOOGLE\GOOGLETOOLBAR3.DLL/cmwordtrans.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://C:\PROGRAMMER\GOOGLE\GOOGLETOOLBAR3.DLL/cmcache.html
O8 - Extra context menu item: Lignende sider - res://C:\PROGRAMMER\GOOGLE\GOOGLETOOLBAR3.DLL/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://C:\PROGRAMMER\GOOGLE\GOOGLETOOLBAR3.DLL/cmbacklinks.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAMMER\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAMMER\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.iwin.com/global/premium/popcap/popcaploader_v6.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://atlantis9.bigfishgames.com/Reef/en_thedavincicode/online/DVCDownloaderControl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://home3.ca.com/PestPatrol/uniblue/pestscan/pestscan.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://atlantis9.bigfishgames.com/Reef/en_mahjongescape/online/PTGameLauncher.cab
O18 - Protocol: offline-8876480 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {6BB370D5-4721-46FD-B384-0379CAFF39E0} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAMMER\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL
O20 - Winlogon Notify: SASWinLogon - C:\PROGRAMMER\SUPERANTISPYWARE\SASWINLO.DLL

---

Slet bare det scanneren har fundet.

Lige et spørgsmål: Har du selv installeret AOL toolbaren, og bruger du AOL ?

---

stl_s

Nej til begge spørgsmål, men troede jeg havde fået den fjernet. Kunne godt se i loggen at der var noget

---

Ok, procedure kommer om lidt

---

Kør en scanning med HijackThis, så du kan se alle filer. Luk alle vinduer, sæt flueben ved disse linier, og klik fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: &AOL Toolbar Search - c:\programmer\aol\aol toolbar 2.0\resources\en-US\local\search.html
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.iwin.com/global/premium/popcap/popcaploader_v6.cab


Slet denne mappe:

c:\programmer\aol

Hvis du ikke bruger Logitechs Desktop Messenger, kan du spare lidt ressourcer ved at afinstallere den. Se alle de linier den laver i loggen. Skidt program, efter min mening

I stedet for burde du måske overveje et ANTIVIRUS AVG her er gratis, sløver ikke maskinen, og passer sig selv http://free.grisoft.com/doc/2/lng/us/tpl/v5

---

Tak for svaret stl_s.

1000, 1000 tak - de her pruheste er jo ikke til at finde ud af for os almindelige

Faktisk har jeg lige købt Nortons "Internet Security", men kunne ikke få lov at installere den, fik derfor mistanke om, at der var snavs på dyret

Osse tak for tippet om Logitechs Desktop Messenge, har slettet den

---

stl_s

ØH, den dialogboks popper stadig op, skal jeg bare lære at leve med det

---

Den burde holde op af sig selv efter nogle genstarter. Hvis ikke, så vend lige tilbage her i tråden.

Btw, med hensyn til Norton, så håber jeg det er 2005 versionen du har købt. 2006 versionen kan nemlig ikke køre på Win ME.

---

stl_s

Det er 2005 versionen af Norton - ved godt at vi dedikerede win 98 brugere skal være opmærksomme på, hvad vi installerer/køber

Har nu haft over 10 genstarter - stadig ifølge med den efterhånden irriterende box - så vil møj gerne ha hjælp til at fjerne den

---

Aktiver lige visning af skjulte filer, og systemfiler. Søg så på system.ini. Åbn filen, og kopier indholdet af den her ind. Du må ikke slette filen, den er helt legal.

Tjek så lige at disse filer er væk:

ibm00000.exe
ibm00001.dll
ibm00001.exe
ibm00002.dll
tmp.tmp

Ellers slet dem i fejlsikret.

---

Hov, jeg ser lige at du ikke har haft scannet. Det er sørme en fejl .

Hent denne scanner ned til skrivebordet ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Vent med at aktivere den.


Hent denne scanner http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Installer, og opdater scanneren manuelt. OBS, ved installationen bliver det foreslået at du registrerer med din email. Det behøver du ikke at gøre.


Start op i fejlsikret tilstand (tast f8 flere gange under opstart). Hvis du ikke kan det, så se her
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1


Dobbeltklik på drweb-cureit.exe. Den vil køre en expressscan, og det siger du ja til.

Når den skriver "Select object for scanning" nederst til venstre, skal du klikke på Options->Change settings.

Skift til fanebladet SCAN, og fjern fluebenet ved "Heuristic analysis".

Skift til fanebladet Actions. Under ADWARE indstiller du til DELETE. Alle andre punkter under MALWARE sættes til MOVE. Fjern fluebenet ved PROMPT ON ACTION. Klik ANVEND og OK.

Klik på det de drev du vil have scannet. Der kommer en rød prik, som viser at de er valgt.

Klik på den grønne pil ovre til højre på siden, for at starte scanningen.


Når scanningen er færdig, så find mappen Dr Web som ligger på dit hoveddrev, typisk C drevet, og find CUREIT.LOG. Scroll helt ned i bunden af loggen, hvor der står SCAN PATH og SCAN STATISTICS (KUN de nederste) og kopier det her ind.


Start SuperAntiSpyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

Genstart til normal tilstand (scanneren tilbyder måske at gøre det).

Åbn scanneren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden, sammen med CUREIT loggen.


Lykkedes det at få Norton ind ? Ellers vil det måske lykkes efter scanningerne.

---

Du får lige en ny vejledning til Dr Web scanneren, så se bort fra den gamle. Bemærk især afsnittet om loggen. Kom også bare med en frisk HijackThis bagefter.

Hent denne scanner ned til skrivebordet ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Vent med at køre den.


Start op i fejlsikret tilstand (tast f8 flere gange under opstart). Hvis du ikke kan det, så se her
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1


Vejledning her http://fromsej.dk/Vejledninger/html/drweb.html


Kopier loggen her ind.

Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.