Results 1 to 7 of 7
  1. #1
    Member silverhd's Avatar
    Join Date
    Nov 2004
    Location
    North of Sweden
    Posts
    60
    Points
    0

    Default What is Bonjour, virus,trojan or what?

    I have got a new program in the computer,named Bonjour. I have tried to take it away but I can´t. Have tried with Hjack,smitfraud,ccleaner,combofix,superantispyware but no result. I only recive the answer "can´t take away"

    Please help and maby tell me where the file come from.
    Thanks

    My log.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:13:07, on 2007-10-09
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\Program\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
    C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    C:\Program\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program\F-Secure\Common\FSMA32.EXE
    C:\Program\F-Secure\Anti-Virus\fssm32.exe
    C:\Program\F-Secure\Common\FSMB32.EXE
    C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
    C:\Program\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program\F-Secure\Common\FAMEH32.EXE
    C:\Program\F-Secure\Anti-Virus\fsqh.exe
    C:\Program\F-Secure\Anti-Virus\fsrw.exe
    C:\Program\F-Secure\Common\FNRB32.EXE
    C:\Program\F-Secure\FWES\Program\fsdfwd.exe
    C:\Program\F-Secure\Common\FIH32.EXE
    C:\Program\F-Secure\Anti-Virus\fsav32.exe
    C:\Program\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program\Ahead\InCD\InCD.exe
    C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program\F-Secure\ANTI-S~1\fsaw.exe
    C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
    C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
    C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\F-Secure\FSGUI\fsguidll.exe
    C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program\PC Connectivity Solution\ServiceLayer.exe
    C:\Program\internet explorer\iexplore.exe
    C:\Documents and Settings\Eilert\Skrivbord\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program\Delade filer\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
    O8 - Extra context menu item: &Block this popup - C:\Program\F-Secure\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure\Anti-Spyware\ieshield.dll
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program\Internet Explorer\Toolbar\toolbar.hta
    O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program\Internet Explorer\Toolbar\toolbar.hta
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program\bonjour\mdnsnsp.dllO10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program\f-secure\fsps\program\fslsp.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AshampooDefragService - - C:\Program\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\Program\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure\BackWeb\7681197\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Ahead\InCD\InCDsrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

  2. #2
    Member silverhd's Avatar
    Join Date
    Nov 2004
    Location
    North of Sweden
    Posts
    60
    Points
    0

    Default

    hi again,
    I find this little program to remove the Bonjour. But Its still left in Hj.

    http://download.gizmoproject.com/jas...OffBonjour.exe

  3. #3
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    Do you use iTunes ?

    mdnsresponder.exe is a process associated with "Bonjour for Windows" software. It is used by ITunes for music sharing.

    If you want it gone, we can help. If we do iTunes will not work like you want.

    BG

  4. #4
    Member silverhd's Avatar
    Join Date
    Nov 2004
    Location
    North of Sweden
    Posts
    60
    Points
    0

    Default

    Thanks,

    No, I don´t use Itunes. I don´t know where the program come from.
    Maby from the program AdobePhotoshop CS3 I just installed?

  5. #5
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    It's not just Itunes which uses "bonjour" so does photoshop

    If you want photoshop to work properly, then you should leave bonjour installed & running ...

    click this link :-

    http://blogs.adobe.com/jnack/photoshop_cs3_beta/

    Scroll down to & read this heading ...

    January 04, 2007
    CS3 doesn't install spyware


    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  6. #6
    Member silverhd's Avatar
    Join Date
    Nov 2004
    Location
    North of Sweden
    Posts
    60
    Points
    0

    Default

    Ok, but I took it away. Thanks for information.

  7. #7
    Member
    Join Date
    Jan 2003
    Posts
    12,000
    Points
    1191

    Default

    From the Help2Go team - Your are Welcome and Happy Surfing
    Since this issue appears resolved ... this Topic is closed.

    Please read and load the free programs that we use to protect our own PC's. They are free and they will have little or no impact on your PC's performance:

    http://www.help2go.com/article152.html

    If you need this topic reopened, please request this by sending a moderator a PM with the address of the thread. This applies only to the original topic starter.

    Everyone else please begin a New Topic.

    Basementgeek