Notifikationer

Markér alle som læst Log ud

jne Nybegynder

04. maj 2004 - 15:34 Der er 10 kommentarer og
2 løsninger

Virus? winlogon.exe

Hej Eksperter...

Jeg har et problem, jeg fik en advarsel af Norton Antivirus hvori der stod Norton Antivirus havde stoppet en virus som hed winlogon.exe
Jeg sagde okay til det, men hver gang jeg åbner Internet Explorer går den ind op denne side: about:blank istedet for den almindelige startside.
Og der kommer et popup vindue hvori der står følgende:
ALERT !!!!
SPYWARE ACTIVITY DETECTED ON YOUR COMPUTER
FIND OUT HOW TO REMOVE SPYWARE

Jeg har slettet alle midlertidige filer og cookies. Jeg har selvfølgelig prøvet at ændre startsiden til den almindelige, men den laver det om når jeg åbner Internet Explorer...
Jeg har undersøgt i mcconfig, om den åbner et program ved start af computeren, jeg syntes ikke at kunne se den åbner noget ekstra program end normalt. Og jeg har den sidste nye opdatering af Norton Antivirus, og når jeg scanner min computer finder den ingen virus...

Hvad kan dette skyldes? Og hvordan finder jeg en løsning på dette problem?

MVH
Jne

Synes godt om

ralfi Nybegynder

04. maj 2004 - 15:40 #1

har du scannet med spybot og adaware ??

ellers var et nok en rigtig god ide

Synes godt om

jne Nybegynder

04. maj 2004 - 15:43 #2

hvor finder jeg dette program, jeg har nemlig ikke scannet med andet en norton antivirus

Synes godt om

cp1 Nybegynder

04. maj 2004 - 15:52 #3

her er spybot's site http://spybot.safer-networking.de/ , den bøvler lidt iøjeblikket.. så prøv at hente den her istedet http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
Adaware http://www.lavasoftusa.com/support/download/

Synes godt om

arlet Juniormester

04. maj 2004 - 17:25 #4

Og efter de to programmer, skal vi se en hijackthis : http://www.arlet.dk/hjt.htm

Synes godt om

jne Nybegynder

04. maj 2004 - 23:00 #5

Logfile of HijackThis v1.97.7
Scan saved at 22:56:27, on 04-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programmer\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
D:\Dokumenter\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2892F6F8-12F6-40A4-B98B-72FCF14AAFFE} - C:\WINDOWS\mrhop.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37957.4368171296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Synes godt om

arlet Juniormester

04. maj 2004 - 23:17 #6

Hent og kør CWSHredder herfra: http://www.arlet.dk/special.htm
genstart og ny hijackthis log

Synes godt om

jne Nybegynder

05. maj 2004 - 13:53 #7

Logfile of HijackThis v1.97.7
Scan saved at 13:52:12, on 05-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programmer\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
D:\Dokumenter\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37957.4368171296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Synes godt om

jne Nybegynder

05. maj 2004 - 13:59 #8

Adaware finder stadig 7 elementer, herunder har jeg indsat logfilen efter scan af computeren...

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :5. maj 2004 13:54:07
Created with Ad-aware Personal, free for private use.
Using reference-file :01R302 03.05.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry

05-05-2004 13:54:07 - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 05-05-2004 11:50:48
BasePriority : Normal

#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 05-05-2004 11:50:50
BasePriority : High

#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 05-05-2004 11:50:50
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Tjenester og controllerprogrammer
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 09-10-2001 13:00:00
Last accessed : 05-05-2004 11:40:45
Last modified : 09-10-2001 13:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 05-05-2004 11:50:50
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 09-09-2002 12:13:40
Last accessed : 05-05-2004 11:40:45
Last modified : 09-09-2002 12:13:40

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 05-05-2004 11:50:51
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 09-10-2001 13:00:00
Last accessed : 05-05-2004 11:40:45
Last modified : 09-10-2001 13:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 05-05-2004 11:50:51
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 09-10-2001 13:00:00
Last accessed : 05-05-2004 11:40:45
Last modified : 09-10-2001 13:00:00

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 05-05-2004 11:50:53
BasePriority : Normal
FileSize : 974 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Stifinder
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 29-05-2003 10:51:08
Last accessed : 05-05-2004 11:50:53
Last modified : 29-05-2003 10:51:08

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 05-05-2004 11:50:53
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 09-10-2001 13:00:00
Last accessed : 05-05-2004 11:40:45
Last modified : 09-10-2001 13:00:00

#:9 [ccevtmgr.exe]
FilePath : C:\Programmer\Fælles filer\Symantec Shared\
ThreadCreationTime : 05-05-2004 11:50:53
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.03.4
ProductVersion : 1.03.4
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 02-12-2003 21:06:19
Last accessed : 05-05-2004 11:40:45
Last modified : 17-07-2003 10:16:38

#:10 [hpgs2wnd.exe]
FilePath : C:\Programmer\Hewlett-Packard\HP Share-to-Web\
ThreadCreationTime : 05-05-2004 11:50:55
BasePriority : Normal
FileSize : 56 KB
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
OriginalFilename : hpgs2wnd.exe
ProductName : Hewlett-Packard hpgs2wnd
Created on : 02-12-2003 19:45:45
Last accessed : 05-05-2004 11:50:48
Last modified : 03-07-2001 08:11:52

#:11 [ccapp.exe]
FilePath : C:\Programmer\Fælles filer\Symantec Shared\
ThreadCreationTime : 05-05-2004 11:50:56
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 11-02-2004 12:46:58
Last accessed : 05-05-2004 11:50:48
Last modified : 02-12-2003 15:11:04

#:12 [wcescomm.exe]
FilePath : C:\Programmer\Microsoft ActiveSync\
ThreadCreationTime : 05-05-2004 11:50:56
BasePriority : Normal
FileSize : 404 KB
FileVersion : 3.7.0.3083
ProductVersion : 3.7.3083
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
OriginalFilename : WCESCOMM.EXE
ProductName : Microsoft ActiveSync
Created on : 24-02-2004 22:54:43
Last accessed : 05-05-2004 11:50:48
Last modified : 22-04-2003 22:43:44

#:13 [msmsgs.exe]
FilePath : C:\Programmer\Messenger\
ThreadCreationTime : 05-05-2004 11:50:56
BasePriority : Normal
FileSize : 1462 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 14-04-2003 19:04:50
Last accessed : 05-05-2004 11:50:48
Last modified : 14-04-2003 19:04:50

#:14 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 05-05-2004 11:50:56
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft
Created on : 09-09-2002 12:13:30
Last accessed : 05-05-2004 11:50:48
Last modified : 09-09-2002 12:13:30

#:15 [hpobrt07.exe]
FilePath : C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\
ThreadCreationTime : 05-05-2004 11:50:56
BasePriority : Normal
FileSize : 476 KB
FileVersion : 2.00
ProductVersion : A.14.03.05
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2000
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOBRT07
OriginalFilename : HPOBRT07.EXE
ProductName : hp psc 700 series
Created on : 24-04-2002 00:28:32
Last accessed : 05-05-2004 11:50:48
Last modified : 24-04-2002 00:28:32

#:16 [hpgs2wnf.exe]
FilePath : C:\PROGRA~1\HEWLET~1\HPSHAR~1\
ThreadCreationTime : 05-05-2004 11:50:56
BasePriority : Normal
FileSize : 64 KB
FileVersion : 2,4,0,26
ProductVersion : 2,4,0,26
Copyright : Copyright 2001
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
OriginalFilename : hpgs2wnf.EXE
ProductName : hpgs2wnf Module
Created on : 02-12-2003 19:45:45
Last accessed : 05-05-2004 11:40:45
Last modified : 03-07-2001 08:17:04

#:17 [hpoevm07.exe]
FilePath : C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\
ThreadCreationTime : 05-05-2004 11:50:57
BasePriority : Normal
FileSize : 292 KB
FileVersion : 1.00
ProductVersion : A.14.03.05
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2000
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM07
OriginalFilename : HPOEVM07.EXE
ProductName : hp psc 700 series
Created on : 24-04-2002 00:50:00
Last accessed : 05-05-2004 11:40:45
Last modified : 24-04-2002 00:50:00

#:18 [hposts07.exe]
FilePath : C:\Programmer\Hewlett-Packard\AiO\Shared\bin\
ThreadCreationTime : 05-05-2004 11:50:58
BasePriority : Normal
FileSize : 284 KB
FileVersion : 1.00
ProductVersion : A.14.03.05
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2000
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS07
OriginalFilename : HPOCPY07.EXE
ProductName : hp psc 700 series
Created on : 24-04-2002 01:04:32
Last accessed : 05-05-2004 11:40:45
Last modified : 24-04-2002 01:04:32

#:19 [mdm.exe]
FilePath : C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\
ThreadCreationTime : 05-05-2004 11:51:09
BasePriority : Normal
FileSize : 314 KB
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft
Created on : 19-06-2003 22:25:00
Last accessed : 05-05-2004 11:40:45
Last modified : 19-06-2003 22:25:00

#:20 [navapsvc.exe]
FilePath : C:\Programmer\Norton AntiVirus\
ThreadCreationTime : 05-05-2004 11:51:09
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 02-12-2003 21:06:14
Last accessed : 05-05-2004 11:40:45
Last modified : 14-11-2002 18:41:26

#:21 [nprotect.exe]
FilePath : C:\Programmer\Norton AntiVirus\AdvTools\
ThreadCreationTime : 05-05-2004 11:51:09
BasePriority : Normal
FileSize : 132 KB
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
Copyright : Copyright (C) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 02-12-2003 21:01:24
Last accessed : 05-05-2004 11:40:45
Last modified : 14-08-2002 05:03:00

#:22 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 05-05-2004 11:51:09
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 09-10-2001 13:00:00
Last accessed : 05-05-2004 11:40:45
Last modified : 09-10-2001 13:00:00

#:23 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 05-05-2004 11:54:02
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 04-05-2004 19:52:34
Last accessed : 05-05-2004 11:42:16
Last modified : 12-07-2003 19:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0

Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Main
Value : HOMEOldSP

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1

Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 2

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : john eggert@adtech[2].txt
Object : C:\Documents and Settings\John Eggert\Cookies\

Created on : 05-05-2004 11:44:53
Last accessed : 05-05-2004 11:44:53
Last modified : 05-05-2004 11:44:53

Tracking Cookie Object recognized!
Type : File
Data : john eggert@cgi-bin[1].txt
Object : C:\Documents and Settings\John Eggert\Cookies\

Created on : 05-05-2004 11:52:50
Last accessed : 05-05-2004 11:52:50
Last modified : 05-05-2004 11:52:50

Tracking Cookie Object recognized!
Type : File
Data : john eggert@mediaplex[1].txt
Object : C:\Documents and Settings\John Eggert\Cookies\

Created on : 05-05-2004 11:52:50
Last accessed : 05-05-2004 11:52:50
Last modified : 05-05-2004 11:52:50

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 5

13:55:48 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:01:41:719
Objects scanned :46895
Objects identified :5
Objects ignored :0
New objects :5

Synes godt om

arlet Juniormester

05. maj 2004 - 17:50 #9

Flyt først filen Hijackthis til en mappe oprettet kun til den.

Du skal nu til at i gang med at fixe:

Deaktiver systemgendannelse:
http://www.arlet.dk/systemgendannelsen.htm

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må du aktiver din systemgendannelse igen.

Synes godt om

jne Nybegynder

05. maj 2004 - 22:30 #10

Hej Arlet

Jeg havde ikke dennne linie:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

Min log ser sådan ud:
Logfile of HijackThis v1.97.7
Scan saved at 22:24:47, on 05-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Programmer\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
D:\Dokumenter\hi\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home19.inet.tele.dk/startnu
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programmer\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Hurtig start af Microsoft Office OneNote 2003.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O10 - Unknown file in Winsock LSP: c:\programmer\spamfighter\proxy\proxy.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37957.4368171296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Når jeg scanner med Ad-aware 6.0 kommer der heller ingen fejl mere, det eneste jeg har gjort er at opdatere windows som du har skrevet på din hjemmeside... Kan det være løsningen???

Synes godt om

arlet Juniormester

06. maj 2004 - 09:10 #11

Så er du ren og kan aktiver din systemgendannelse igen

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

Synes godt om

shaviro Nybegynder

07. maj 2004 - 02:46 #12

rename mrhop.dll til mrhop.old og det hele virker! :)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

15/05

Test: Bærbar ekstra skærm til din laptop, smartphone eller spillekonsol er et fedt ekstra værktøj

15/05

Pludselig er de datalogi-studerendes karakterer raslet ned: ”AI-assistenterne afslører en svaghed i universitetssystemet"

15/05

Nørgaard: Datacentre, dommedag og den evige danske lyst til at sige nej

15/05

Produktionsgigant bekræfter hackerangreb: 11 millioner fortrolige filer fra Apple- og Nvidia kan være stjålet

15/05

KMD-aftale sender Aevens omsætning op mod to milliarder kroner – men underskud og gæld eksploderer

15/05

Microsoft vil selv fjerne dårlige drivere fra din pc: Ny funktion skal stoppe crashes og blue screens

15/05

Google afløser Chromebooken: Afløseren er marineret i AI-funktioner

15/05

Jan Topp er ny CIO i DLG

15/05

Motoren under materialismen: Derfor har du så mange ting - og bliver ved med at købe flere

15/05

Europas få AI-aktier eksploderer: Kaster sig over alt, der lugter af kunstig intelligens

15/05

To it-topchefer: Sådan sikrer du dine kompetencer i en tid, hvor AI presser it-folk til arbejdsløshed

Vis flere artikler

IT-JOB

TV2

Identity Provider Specialist til IAM-teamet

Netcompany A/S

Test Consultant

Jyske Bank

Microsoft 365 Platform Specialist til Digital Arbejdsplads

Digitaliseringsstyrelsen

Teknisk systemforvalter til Digitaliseringsstyrelsens EU-gateway-løsninger

Everllence

Software Engineer – Build the toolchain behind the engines that move the world

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 16:04	Canon printer vil ikke udskrive farver Af mort1 i Printere
I går 14:50	Hvilket fabrikat af Mesh systemer virker? Af fkj i Wifi
15/0513:45	AJAX kode -javascript Af Asky i Programmeringsværktøjer
15/0511:50	Vælg indstilling - blå skærm med med flere muligheder for fejlretning Af Uvanga i Windows
14/0523:24	Google sheets beregning udfra dato Af rickiegrayholm i Office & Kontorpakker

White papers

Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Find den SOC-model, der virker i praksis
SecureDevice
E-fakturering bliver et krav – er din forretning klar?
Tabellae
Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf

Flere white papers »