CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede trold1 Nybegynder
19. maj 2007 - 21:33 Der er 13 kommentarer og
2 løsninger

startfejl i xp

Jeg har lige renset en pc for snavs og virus samt opdateret den, så den er på toppen. Det eneste jeg ikke er sluppet af med er denne boks, som dukker op nå PC er startet og skrivebordet er kommet frem. Windows kan ikke finde C:\Windows\system32\2.tmp. kontroller du skrev navnte korrekt og forsøg derefter igen. Hvis du vil søge efter en fil, skal du klikke på knappen start og derefter klikke på søg. Jeg klikker ok i boksen og XP kører som det skal, men hvordan hulen slipper jeg af med den s..... boks. Jeg har prøvet ccleaner.
Avatar billede johnstigers Seniormester
19. maj 2007 - 21:38 #1
Gå ind her og hent Hijackthis.

Kør Hijackthis, scan, save log og kopier logfilen herind, så kigger vi på den.
Opret et spørgsmål i Virus kategorien, der er chancen størst for hjælp.
Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.
Avatar billede johnstigers Seniormester
19. maj 2007 - 21:38 #2
Og link: http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe
Avatar billede trold1 Nybegynder
19. maj 2007 - 21:57 #3
Her er så en log af hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:54:19, on 19-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
E:\HiJackThis_v2.exe
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\2.tmp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\2.tmp
O1 - Hosts: 95.95.239.187 sandbox.norman.no
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E720B458-B65A-438C-9FF3-B1DF65D7DB3E} - (no file)
O3 - Toolbar: (no name) - {E720B458-B65A-438C-9FF3-B1DF65D7DB3F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\vmmon32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)
O9 - Extra 'Tools' menuitem: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: bw+0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {92955C3F-AF68-4A5A-A6CC-7AA816BA1F83} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\2.tmp (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)

--
End of file - 21858 bytes
Avatar billede trold1 Nybegynder
19. maj 2007 - 21:58 #4
Der er vist noget logitech desktop messenger som skal væk
Avatar billede johnstigers Seniormester
19. maj 2007 - 22:57 #5
Marker disse og klik på fix checked - genstart pc og kom med ny log til tjek.

Logitech messenger er ikke snavs, så den gør jeg ikke noget ved. Men du kan afinstallere vis tilføj/fjern programmer.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\2.tmp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\2.tmp
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E720B458-B65A-438C-9FF3-B1DF65D7DB3E} - (no file)
O3 - Toolbar: (no name) - {E720B458-B65A-438C-9FF3-B1DF65D7DB3F} - (no file)
O9 - Extra button: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)
O9 - Extra 'Tools' menuitem: Locators.com Search Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\2.tmp (file missing)
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)
Avatar billede trold1 Nybegynder
19. maj 2007 - 23:37 #6
Har lige set gone in 60 sec. Kigger på det i morgen. Foreløbig TAK sleep well. Veninden bliver glad hun er i seng.
Avatar billede trold1 Nybegynder
20. maj 2007 - 11:33 #7
Her er så en renset logfil fra hijackthis. Problemet er løst.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:29:37, on 20-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\cidaemon.exe
E:\HiJackThis_v2.exe
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 95.95.239.187 sandbox.norman.no
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\vmmon32.exe
O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\2.tmp (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)

--
End of file - 9249 bytes


Der er så med hjælp af spyboot search and destroy, norton antivirus og hijackthis fjernet 5 trojanere, 3 vira og 253 div. snavs

Så nu kører den.
Avatar billede Computer Hjælp (Gratis) Mester
20. maj 2007 - 11:46 #8
DER ER MERE ENDNU - STANDBY...
Avatar billede Computer Hjælp (Gratis) Mester
20. maj 2007 - 11:52 #9
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\vmmon32.exe
O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe
O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\svchost.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\2.tmp (file missing)
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)


For at kunne se alle filer og mapper, så følg denne vejledning:
http://www.spywareinfo.dk/tip-og-tricks/mappeindstillinger.htm

Genstart i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

Søg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

C:\WINDOWS\System32\vmmon32.exe
C:\WINDOWS\svchost.exe (og IKKE filen C:\WINDOWS\System32\svchost.exe !)

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller nej til den.
Avatar billede trold1 Nybegynder
20. maj 2007 - 12:37 #10
Så er det gjort. Jeg kunne dog ikke finde de 2 filer.

Her er ny log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:35:06, on 20-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
E:\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 95.95.239.187 sandbox.norman.no
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\2.tmp (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)

--
End of file - 8991 bytes
Avatar billede Computer Hjælp (Gratis) Mester
20. maj 2007 - 14:14 #11
Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten
* iPod-tjeneste (iPod Service)
* Windows Network Security Management Service (nsms)
* Windows Genuine Advantage Registration Service
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

og derefter med HiJackThis 'fixe' disse ->

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Windows Network Security Management Service (nsms) - Unknown owner - C:\WINDOWS\system32\2.tmp (file missing)
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)

Genstart...
Hvis de IKKE er væk fra en frisk HiJackThis log så bør du lægge loggen her ...

... og dit oprindelige problem ?
Avatar billede trold1 Nybegynder
20. maj 2007 - 16:26 #12
Her skulle så være en ren log. Tak for hjælpen begge 2. Smid et svar john og dr1 hvis i vil dele ellers den som vil have point.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:24:23, on 20-05-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
E:\HiJackThis_v2.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 95.95.239.187 sandbox.norman.no
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8940 bytes
Avatar billede Computer Hjælp (Gratis) Mester
20. maj 2007 - 17:26 #13
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt prik i "Vis ikke skjulte filer og mapper".

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

Point deles med <john_stigers> ... Sorry jeg 'blanede' mig *S*
Avatar billede trold1 Nybegynder
20. maj 2007 - 20:06 #14
Så skal der lige komme et svar fra John stigers.

Tak for hjælpen begge to. Tak for rådene dr1. jeg kender dem godt med hensyn til safe surfing, men min nye veninde gjorde ikke. Nu er hun glad for nu kører hendes pc igen, og hun har en fuldt opdateret og sikret pc.
Avatar billede johnstigers Seniormester
20. maj 2007 - 20:26 #15
dr1 tak for backup - de elementer skulle fixes i anden ombæring :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Windows kategorien

Titel Indlæg Oprettet Seneste aktivitet
Windows 11 Pro - IIS Af bsn i Windows 0 I dag 00:54 -
Proceslinje Af luffe1955 i Windows 28 25/11/202417:29 I går 15:51
driver til platonic 3200, på win 10 Af Novice-1 i Windows 1 20/11/202419:06 20/11/202419:31
Ældre version af windows media player Af absalon i Windows 4 16/11/202422:42 17/11/202420:15
Telefonlink Af jesperodde i Windows 10 14/11/202412:43 22/11/202416:13
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 00:54 Windows 11 Pro - IIS Af bsn i Windows
I går 18:46 Omdanne stik på router til USB Af valby i Routere & Switches
I går 10:49 Ændring finansår C5 Af Lene i Økonomiprogrammer
25/1117:29 Proceslinje Af luffe1955 i Windows
25/1115:07 videoredigering med DaVinci Resolve Af gerhardpet i Andet software
White papers
Flere white papers »


Premium
Teaser billede
Microsoft hæver priserne på M365: Sådan kommer de nye priser til at ramme
Læs mere »
Efter annullering: Nu åbner Energinet igen for DevOps-aftale til 164 millioner kroner
Står klar med 50 millioner kroner til indkøb af specialiserede it-konsulenter
AI-bølgen har fået markedsværdi for 139 år gammelt hardware-firma til at eksplodere: Steget med 400 procent siden nytår
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Test: Den snusfornuftige Volkswagen ID.3 blevet til lidt af el-bisse
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Se alle »
CIO
Teaser billede
Stort Microsoft-nedbrud rammer flere kunder: Problemer med Teams og mails
Læs mere »
Microsoft hæver priserne på M365: Sådan kommer de nye priser til at ramme
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Topchef Sara Green mener, at der er brug for et radikalt nyt syn på it-ledelse - særligt én ny trend hader hun som pesten
Se alle »
White paper
Teaser billede
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
Læs mere »
Sådan får du overblik og beskytter dine cloudapplikationer
Styrk compliance, sikkerhed og overblik med ét hug
Derfor kræver AI, cloud og sikkerhed et stærkere netværk
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »