Søg
Avatar billede mikkelbm Nybegynder
02. januar 2005 - 16:45 Der er 8 kommentarer og
1 løsning

HijackThis log

Er der en venlig sjæl der vil kigge på den her:

Logfile of HijackThis v1.99.0
Scan saved at 16:44:30, on 02-01-2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\WINDOWS\lsihheyr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\ISTsvc\istsvc.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nikolai\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9YRGTAR\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9095A461-8E74-4B35-8971-CB13C2613DEB} - C:\WINDOWS\System32\cjg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [KH852] C:\WINDOWS\lsihheyr.exe
O4 - HKLM\..\Run: [KH80+¿ÔÇè]Iú" ‹üžigC:\Programmer\ISTsvc\istsvc.exe] C:\WINDOWS\lsihheyr.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Global Startup: raid_tool.exe.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range:  (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://search-search.net/ws2.chm::/w.exe
O18 - Filter: text/html - {B1316474-4306-475D-9B30-2F2098CC7487} - C:\WINDOWS\System32\cjg.dll
O18 - Filter: text/plain - {B1316474-4306-475D-9B30-2F2098CC7487} - C:\WINDOWS\System32\cjg.dll
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
Avatar billede johnstigers Seniormester
02. januar 2005 - 17:06 #1
Kan se du mangler at  opdatere til min. SP1 - gør det og smid en ny log.
SP1 kan du finde her: http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/
Avatar billede mikkelbm Nybegynder
02. januar 2005 - 19:24 #2
Så lykkedes det :

Logfile of HijackThis v1.99.0
Scan saved at 19:22:56, on 02-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Programmer\Archive\archive.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\Symantec\LiveUpdate\AUpdate.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nikolai\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Nikolai\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9095A461-8E74-4B35-8971-CB13C2613DEB} - C:\WINDOWS\System32\cjg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [Archive] C:\Programmer\Archive\archive.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Global Startup: raid_tool.exe.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range:  (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://search-search.net/ws2.chm::/w.exe
O18 - Filter: text/html - {0D1C118E-56C6-41A9-80B0-50BC0CA478CB} - C:\WINDOWS\System32\cjg.dll
O18 - Filter: text/plain - {0D1C118E-56C6-41A9-80B0-50BC0CA478CB} - C:\WINDOWS\System32\cjg.dll
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
Avatar billede johnstigers Seniormester
02. januar 2005 - 19:43 #3
ok - lige en opgave mere inden vi begynder at fixe med hijackthis: Hent og kør Cwshredder: http://www.arlet.dk/cwshredder.htm - derefter endnu en log for at se om den kan fjerne den startside - tak :)
Avatar billede mikkelbm Nybegynder
02. januar 2005 - 19:48 #4
ahh - det var dejligt at komme af med den :)

Logfile of HijackThis v1.99.0
Scan saved at 19:48:01, on 02-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Programmer\Archive\archive.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Nikolai\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [Archive] C:\Programmer\Archive\archive.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O4 - Global Startup: raid_tool.exe.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range:  (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://search-search.net/ws2.chm::/w.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
Avatar billede johnstigers Seniormester
02. januar 2005 - 19:58 #5
Ok - vi går videre med hijackthis:

1. Genstart i Fejlsikret tilstand (ved at taste F8 under opstart).

2. Gå i Start -> Kør og skriv Services.msc

Se om du kan finde disse services på listen:

Microsoft Global Services
Microsoft Global Backup Services

Hvis du finder den - Højreklik på den og vælg Egenskaber - klik på "Stop" og vælg Starttype "Deaktiveret" - klik Anvend og OK. Luk service vinduet.

3. Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKCU\..\Run: [Spyware Vanisher] c:\spywarevanisher-free\FreeScanner.exe -FastScan
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range:  (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://search-search.net/ws2.chm::/w.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

4. Find og slet

C:\WINDOWS\web\related.htm - (mappen web+indhold)
c:\spywarevanisher-free - (mappen spywarevanisher-free + indhold)
C:\Program Files\Windows ServeAd - (mappen Windows ServeAd + indhold)

5. Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Genstart i Normal tilstand, kør HijackThis, scan og smid en ny log herind - tak.
Avatar billede mikkelbm Nybegynder
02. januar 2005 - 20:18 #6
Således:

Logfile of HijackThis v1.99.0
Scan saved at 20:16:56, on 02-01-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Programmer\Archive\archive.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Documents and Settings\Nikolai\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [Archive] C:\Programmer\Archive\archive.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: raid_tool.exe.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service - Computer Associates International, Inc. - C:\Programmer\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Avatar billede johnstigers Seniormester
02. januar 2005 - 20:24 #7
Din log er ren nu.

tag et kig på http://fromsej.dk/html/avoid.html + http://www.spywarefri.dk/pakken.htm
for yderligere sikkerhed fremover.
Avatar billede mikkelbm Nybegynder
02. januar 2005 - 20:25 #8
Super! Tusind tak for hjælpen!
Avatar billede johnstigers Seniormester
02. januar 2005 - 20:30 #9
Var så lidt - tak for points :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 14:15 PHP Html Af Asky i Programmeringsværktøjer
I går 11:06 Rufus mange muligheder - valg ved install Windows Af Uvanga i Windows
06/0516:53 HTML Af Asky i Programmeringsværktøjer
06/0510:01 Mister internettet efter slumre, Af valby i Windows
05/0513:02 Lille smart tingest Af nu_igen i Fitness & Smartwatches
White papers
Flere white papers »