Notifikationer

Markér alle som læst Log ud

terib Nybegynder

11. april 2008 - 14:55 Der er 4 kommentarer og
1 løsning

Hijackthis log - lidt hjælp søges

Hejsa,
Jeg har haft spyware på min pc - og har stadig lidt rester tror jeg. Specielt er jeg interesseret i alle forekomster af 018 - hvorfor er der så mange af dem?
Har kørt spybot 1.5, avg antispyware, smitfraud og ccleaner inden log!
Er der en der kan hjælpe?

Hijack loggen ser således ud:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:23, on 11-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Borland\InterBase\bin\ibguard.exe
C:\Programmer\Borland\InterBase\bin\ibserver.exe
C:\Programmer\Firebird\InterClient\bin\interserver.exe
C:\Programmer\Fælles filer\EuroPlus Shared\LblServices.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\promtdbmsserver.exe
C:\Programmer\Priva\Common\Itnetwork\PTPD.EXE
C:\Documents and Settings\All Users\Application Data\pcdqrqze\dejknkrg.exe
C:\WINDOWS\system32\r_server.exe
C:\Programmer\SPAMfighter\sfus.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Priva\Priva Office\server\bin\syslog.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\TermServ.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\tools\tomcatservice.exe
C:\Programmer\Priva\Priva Office\Tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\PosysM.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\promtmonitor.exe
C:\Programmer\Priva\Common\Itnetwork\PTPUI.EXE
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\sv_logger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\GHServer.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Priva\Priva Office\Server\Bin\LogDataMgr.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Firebird\InterClient\bin\interserver.exe
C:\Programmer\Firebird\InterClient\bin\interserver.exe
C:\Programmer\Firebird\InterClient\bin\interserver.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Administrator\Skrivebord\Spywarefri\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {0DC0BE0A-1B7E-44F2-8AD0-869A4A0FA938} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63AB48C9-01A8-495C-8194-A715DB8A37A2} - C:\WINDOWS\system32\pmnoMgEt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [0CDxq5JKPe] C:\Documents and Settings\All Users\Application Data\pcdqrqze\dejknkrg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-21-484763869-1801674531-839522115-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'officeghserver')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://remote.c5gart.dk/XTSAC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180885738243
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://pixelprint.dk/da/ImageUploader3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{224B2B21-941A-416D-8B8D-A7AF6B0FB966}: NameServer = 194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ECD69B5-FAB5-48A3-8958-A4847FD00B9F}: NameServer = 194.239.134.83,193.162.145.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8F11443-574F-487B-9587-0C7E9AEEA66E}: NameServer = 194.239.134.83,193.162.159.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{224B2B21-941A-416D-8B8D-A7AF6B0FB966}: NameServer = 194.239.134.83
O17 - HKLM\System\CS2\Services\Tcpip\..\{224B2B21-941A-416D-8B8D-A7AF6B0FB966}: NameServer = 194.239.134.83
O18 - Protocol: bw+0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: pmnoMgEt - C:\WINDOWS\SYSTEM32\pmnoMgEt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Greenhouse Server (GHServer) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: IBAffinity - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibserver.exe
O23 - Service: InterServer - Firebird SQL - C:\Programmer\Firebird\InterClient\bin\interserver.exe
O23 - Service: Label Services (LabelServices) - Euro Plus d.o.o. - C:\Programmer\Fælles filer\EuroPlus Shared\LblServices.exe
O23 - Service: LogData manager (LogDataMgr) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Greenhouse Server (OfficeGHServer) - Alexandria Software Consulting - C:\Programmer\Priva\Priva Office\tools\tomcatservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Posys mirror (PosysMirror) - Unknown owner - C:\Programmer\Priva\Priva Office\Tools\srvany.exe
O23 - Service: Database server (promtdbmsserver) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: Database monitor (promtmonitor) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: PTP Daemon (PTPD) - Priva B.V. - C:\Programmer\Priva\Common\Itnetwork\PTPD.EXE
O23 - Service: PTP User Interface (PTPUI) - Priva Hortimation B.V. - C:\Programmer\Priva\Common\Itnetwork\PTPUI.EXE
O23 - Service: Radmin Communication Server (rcomsrv) - Famatech International Corp. - C:\WINDOWS\system32\rcomsrv30\rcomsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: Data logger (sv_logger) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: SysLogSrv - Unknown owner - C:\Programmer\Priva\Priva Office\server\bin\syslog.exe
O23 - Service: Terminal Server (TermServ) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe

--
End of file - 27261 bytes

Synes godt om

Computer Hjælp (Gratis) Mester

11. april 2008 - 15:32 #1

Jeg ser på den...

Synes godt om

Computer Hjælp (Gratis) Mester

11. april 2008 - 15:36 #2

Afinstaller
* Logitech Desktop Messenger
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: (no name) - {0DC0BE0A-1B7E-44F2-8AD0-869A4A0FA938} - (no file)
O2 - BHO: (no name) - {63AB48C9-01A8-495C-8194-A715DB8A37A2} - C:\WINDOWS\system32\pmnoMgEt.dll
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKLM\..\Policies\Explorer\Run: [0CDxq5JKPe] C:\Documents and Settings\All Users\Application Data\pcdqrqze\dejknkrg.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O18 - Protocol: bw+0 - {67B61DBC-0640-4B2D-B15C-79CA40650466} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Alle linier - hvis de er der?)
O20 - Winlogon Notify: pmnoMgEt - C:\WINDOWS\SYSTEM32\pmnoMgEt.dll

Genstart normalt, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Synes godt om

terib Nybegynder

11. april 2008 - 16:29 #3

Der var ingen 02-018 og 020?

Ny log - hvad med 010? og hvilke R0 og R1 kan jeg fixe?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:04, on 11-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Borland\InterBase\bin\ibguard.exe
C:\Programmer\Borland\InterBase\bin\ibserver.exe
C:\Programmer\Firebird\InterClient\bin\interserver.exe
C:\Programmer\Fælles filer\EuroPlus Shared\LblServices.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\promtmonitor.exe
C:\Programmer\Priva\Common\Itnetwork\PTPD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\r_server.exe
C:\Programmer\SPAMfighter\sfus.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Priva\Priva Office\server\bin\syslog.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\TermServ.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\GHServer.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\LogDataMgr.exe
C:\Programmer\Priva\Priva Office\tools\tomcatservice.exe
C:\Programmer\Priva\Priva Office\Tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\PosysM.exe
C:\Programmer\Priva\Common\Itnetwork\PTPUI.EXE
C:\Programmer\Priva\Priva Office\tools\srvany.exe
C:\Programmer\Priva\Priva Office\Server\Bin\sv_logger.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Firebird\InterClient\bin\interserver.exe
C:\Programmer\Firebird\InterClient\bin\interserver.exe
C:\Programmer\Firebird\InterClient\bin\interserver.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Administrator\Skrivebord\Spywarefri\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-21-484763869-1801674531-839522115-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'officeghserver')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://remote.c5gart.dk/XTSAC.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180885738243
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://pixelprint.dk/da/ImageUploader3.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{224B2B21-941A-416D-8B8D-A7AF6B0FB966}: NameServer = 194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\..\{6ECD69B5-FAB5-48A3-8958-A4847FD00B9F}: NameServer = 194.239.134.83,193.162.145.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8F11443-574F-487B-9587-0C7E9AEEA66E}: NameServer = 194.239.134.83,193.162.159.194
O17 - HKLM\System\CS1\Services\Tcpip\..\{224B2B21-941A-416D-8B8D-A7AF6B0FB966}: NameServer = 194.239.134.83
O17 - HKLM\System\CS2\Services\Tcpip\..\{224B2B21-941A-416D-8B8D-A7AF6B0FB966}: NameServer = 194.239.134.83
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Greenhouse Server (GHServer) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: IBAffinity - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\Programmer\Borland\InterBase\bin\ibserver.exe
O23 - Service: InterServer - Firebird SQL - C:\Programmer\Firebird\InterClient\bin\interserver.exe
O23 - Service: Label Services (LabelServices) - Euro Plus d.o.o. - C:\Programmer\Fælles filer\EuroPlus Shared\LblServices.exe
O23 - Service: LogData manager (LogDataMgr) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Greenhouse Server (OfficeGHServer) - Alexandria Software Consulting - C:\Programmer\Priva\Priva Office\tools\tomcatservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Posys mirror (PosysMirror) - Unknown owner - C:\Programmer\Priva\Priva Office\Tools\srvany.exe
O23 - Service: Database server (promtdbmsserver) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: Database monitor (promtmonitor) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: PTP Daemon (PTPD) - Priva B.V. - C:\Programmer\Priva\Common\Itnetwork\PTPD.EXE
O23 - Service: PTP User Interface (PTPUI) - Priva Hortimation B.V. - C:\Programmer\Priva\Common\Itnetwork\PTPUI.EXE
O23 - Service: Radmin Communication Server (rcomsrv) - Famatech International Corp. - C:\WINDOWS\system32\rcomsrv30\rcomsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: Data logger (sv_logger) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe
O23 - Service: SysLogSrv - Unknown owner - C:\Programmer\Priva\Priva Office\server\bin\syslog.exe
O23 - Service: Terminal Server (TermServ) - Unknown owner - C:\Programmer\Priva\Priva Office\tools\srvany.exe

--
End of file - 13995 bytes

Synes godt om

Computer Hjælp (Gratis) Mester

11. april 2008 - 21:56 #4

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Synes godt om

terib Nybegynder

12. april 2008 - 08:36 #5

Lige et par kommentarer....Som skrevet i starten har jeg kørt ccleaner - den renser da også tempfiler, eller hvad?

Jeg spurgte om R1 - kan jeg ikke fjerne de henvisninger til microsoftsider uden problemer? OG så var der O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll....
som jeg synes så lidt suspekt ud?

Men ellers super mange tak for hjælpen.
Hav en god dag

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

09/01

Folk frygtede, at Google ville ende som Nokia - her er historien om, hvordan søgegiganten pludselig blev den stærkeste AI-spiller på kloden

09/01

Prøvekørt: Renault 4 E-Tech er et retro-offensiv, der ikke glemmer det praktiske

09/01

Kinas cyberoffensiv mod USA viser, hvor sårbar den digitale supermagt er

09/01

Nørgaard: Nørgaard: Mit mål i dag er at bringe jer gode nyheder, der får smilet frem

09/01

Kunderne undrer sig: Microsoft har i al stilhed skrottet særlig licens i Power Platform

09/01

Sådan skaber du den perfekte it-struktur ifølge Gartner - uden at kvæle innovation og øge cyberrisiko

09/01

Efter markant kritik fra kunder: Microsoft skrotter plan om loft i Exchange

09/01

IBM Danmark vinder hemmeligholdt udbud hos Forsvarsministeriet: Var eneste selskab der bød

09/01

Bøger: Fem fremragende bud på ny sci-fi

09/01

Digital rådgiver på 71 år har ingen planer om at stoppe med at arbejde: ”Jeg har oplevet nogle, der følte sig gamle som 35-årige”

09/01

AI-funktioner rulles ud til tre milliarder Gmail-brugere: Du skal selv slå det fra, hvis du ikke er interesseret

Vis flere artikler

IT-JOB

KMD A/S

DevOps Engineer

Evida

Head of IT Business Applications

Forsvarsministeriets Materiel- og Indkøbsstyrelse

IT-specialist med geospatiale kompetencer ved Forsvarsministeriets Materiel- og Indkøbsstyrelse i Ballerup

KMD A/S

Delphi-udvikler til lønsystem søges

Forsyningstilsynet

Vil du være med til at styrke Forsyningstilsynets informationssikkerhed og databeskyttelse?

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 15:51	Slet album i Google foto Af gerhardpet i Andet software
09/0108:19	Gendan W10 efter nulstillet computer Af barth i Andet software
08/0112:38	Kopiere fra stifinder Af hkprofil i Office & Kontorpakker
07/0118:18	jpg til jpeg Af Nysum i Billedbehandling
07/0113:19	Formateret USB Af arnepedersen i Backup- & Antivirus

White papers

Undersøgelse: Datakontrol rykker helt op på direktionsniveau
ScanNet
IT i front: Sådan bliver netværk en strategisk driver
TDC Erhverv
Styrk medarbejderglæde og produktivitet med DEX
Conscia
Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta

Flere white papers »