Søg
Avatar billede janny Nybegynder
13. januar 2005 - 16:29 Der er 13 kommentarer og
1 løsning

Hijak logfil

Hej

Vil i prøve se denne igennem.



Logfile of HijackThis v1.99.0
Scan saved at 16:27:03, on 13-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
c:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmer\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Skrivebord\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ejer\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ejer\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {B76C92F3-D03C-43E4-95E5-043C0D7529C6} - C:\WINDOWS\system32\fafi.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmer\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programmer\HP\hpcoretech\comp\hpuiprot.dll
O18 - Filter: text/html - {FA353D4C-3B0B-4B74-9AC7-FDACA70A683D} - C:\WINDOWS\system32\fafi.dll
O18 - Filter: text/plain - {FA353D4C-3B0B-4B74-9AC7-FDACA70A683D} - C:\WINDOWS\system32\fafi.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - c:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede victor-1 Nybegynder
13. januar 2005 - 16:51 #1
Kigger på den og vender tilbage så hurtigt jeg kan *S*
Avatar billede janny Nybegynder
13. januar 2005 - 16:54 #2
takker og venter
JH
Avatar billede victor-1 Nybegynder
13. januar 2005 - 17:09 #3
Udfør følgende:

Åbn en mappe, (lige gyldigt hvilken) klik i menuen øverst oppe på Funktioner > Mappeindstillinger > fanebladet Vis
Fjern flueben ved "Skjul beskyttede operativsystemfiler" (bare klik <Ok> til en eventuel advarsel)
Fjern flueben ved "Skjul filtypenavne for kendte filtyper"
Sæt prik i "Vis skjulte filer og mapper", tryk Ok og luk mappen.

Afbryd din Internetforbindelse (fysisk - stikket ud)

Så genstarter du i fejlsikker tilstand (tryk på <F8> når maskinen starter op, lige inden den begynder at indlæse Windows) og kører programmet HijackThis.
Sæt flueben ud for linierne listet herunder. Når du har gjort det så lukker du alle andre vinduer ned (også mappen du åbnede for at køre HijackThis). Det er meget vigtigt, at det eneste vindue som er åbent er HijackThis vinduet. Husk også at lukke dette vindue (din Internet browser) når du har markeret filerne. Nu må du fixe > Klik på <Fix cheked>.

Her er linierne du skal fixe.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ejer\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ejer\LOKALE~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {B76C92F3-D03C-43E4-95E5-043C0D7529C6} - C:\WINDOWS\system32\fafi.dll

O18 - Filter: text/html - {FA353D4C-3B0B-4B74-9AC7-FDACA70A683D} - C:\WINDOWS\system32\fafi.dll
O18 - Filter: text/plain - {FA353D4C-3B0B-4B74-9AC7-FDACA70A683D} - C:\WINDOWS\system32\fafi.dll

Prøv derefter en tur med Regedit:
Klik på Start > Kør skriv >regedit< uden disse >< og klik OK.

Du får et vindue frem der minder om stifinder - Klik dig frem til:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Tjek om der ligger en nøgle/tekst der hedder HOMEOldSP, gør der det, så slet den.

Klik så på "Denne computer" i Regedit-vinduet, derefter på "Redigér > Søg" skriv >HOMEOldSP< uden disse >< og klik på "Find næste" slet det den finder og tryk på <F3> tasten, slet dem der findes, tryk igen på <F3> til du får at vide at søgningen er afsluttet. Samme fremgangsmåde med søgeordet >About:blank<.

Derefter genstarter du i fejlsikker tilstand - finder og sletter det herunder listede:
Brug evt. Start > Søg > Alle filer og mapper > Under "Flere avancerede indstillinger" skal der være flueben i de tre øverste > Indsæt derefter det listede i feltet og tryk på søg. Slet alle de forekomster den finder.

C:\WINDOWS\system32\fafi.dll <<< FILEN

Find og slet alt indhold i dine Temp mapper:
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\brugernavn\Local Settings\Temp\

Genstart > NY log *S*
Avatar billede janny Nybegynder
13. januar 2005 - 18:20 #4
Ny log

BEMÆRK:
Linierne:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ejer\LOKALE~1\Temp\sp.dll/sp.html


og

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ejer\LOKALE~1\Temp\sp.dll/sp.html
Fandt vi ikke da vi scannede i fejlsikret tilstand.

Her er den nye log:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Ejer\LOKALE~1\Temp\sp.dll/sp.html
Avatar billede janny Nybegynder
13. januar 2005 - 18:21 #5
Prøver loge igen:

Logfile of HijackThis v1.99.0
Scan saved at 18:17:22, on 13-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
c:\Programmer\Norton Personal Firewall\NISUM.EXE
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmer\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ejer\Skrivebord\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Programmer\PopupPopper\PopLib.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Programmer\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: PopupPopper Kontrol Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Programmer\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?315
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programmer\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - c:\Programmer\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD Helper - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec Corporation - c:\Programmer\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
Avatar billede victor-1 Nybegynder
13. januar 2005 - 18:29 #6
Hent og gem denne engangsscanner på dit skrivebord - vent med at køre den, KUN gemme.
http://www.spywareinfo.dk/download/mwav.exe

Hent CWSschredder her:
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

Kør programmet, luk alle vinduer, undtaget CWSschredder, opdater online, klik på "Fix", den scanner nu, når den er færdig klik på "Next", klik på "Finish".

Afbryd din Internetforbindelse (fysisk - stikket ud)

Genstart i fejlsikker tilstand (tryk på <F8> når maskinen starter op, lige inden den begynder at indlæse Windows) og kør nu virus-scanneren fra Kaspersky som du hentede i starten (måske skal du trykke på knappen <Kør> i en "åbn-fil advarsel" fra Windows) og klik derefter på knappen <Unzip>. Nu pakker programmet sig ud til C:\Kaspersky og du skal klikke på knappen <Ok> når det er udpakket, hvorefter programmet starter.
Sæt flueben i følgende:
<Memory>, <Starup Folders>, <Drive>, <Registry>, <System Folders> og <Services>
Sæt prik i følgende:
<All Local Drives> og <Scan All Files>
Klik nu på knappen <Scan Clean>

VIGTIGT:
Noter dig hvilke filer scanneren finder, hvor den finder dem og hvad den gør med dem. Fortæl lidt om scanningen "hvad fandt den/slettede den"

Genstart - NY log fra HJT.
Avatar billede janny Nybegynder
13. januar 2005 - 19:03 #7
denne server/site er nede:

http://www.spywareinfo.com/downloads/tools/CWShredder.exe

jeg vender tilbage søndag

JH
Avatar billede victor-1 Nybegynder
13. januar 2005 - 19:22 #8
Beklager - her er et andet link til programmet.
http://www.soft32.com/download-CWShredder-19014-5.html
Avatar billede janny Nybegynder
13. januar 2005 - 22:01 #9
her er log fra kaspersky:

File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-20d74b09-78ef8106.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-51d3f209-6bd6c9e8.class infected by "Trojan.Java.ClassLoader.Dummy.c" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-430613f3.class infected by "Trojan.Java.ClassLoader.Dummy.c" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-578ef112-41565b59.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5c66adaf-43f94cff.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-63644d4e-3696adc5.class infected by "Trojan.Java.ClassLoader.Dummy.d" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ok.class-176fd6ab-610f5b65.class infected by "Trojan.Java.Nocheat" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-15809ea9-27843ef1.zip infected by "Trojan.Java.ClassLoader.k" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-69977a08-68742648.zip infected by "Trojan.Java.ClassLoader.k" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-7429efec-42425834.zip infected by "Trojan.Java.ClassLoader.k" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-77402a30-5c617bb4.zip infected by "Trojan.Java.ClassLoader.k" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-78ee691-733e6955.zip infected by "Trojan.Java.ClassLoader.k" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-771ffd62-1d435045.zip infected by "TrojanDownloader.Java.OpenConnection.i" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b188f-238707c3.zip infected by "TrojanDownloader.Java.OpenStream.c" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Ejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv74.jar-170b189c-547cdc60.zip infected by "TrojanDownloader.Java.OpenStream.c" Virus. Action Taken: File Deleted.
File C:\hp\bin\Terminator.exe tagged as not-a-virus:RiskWare.Tool.KillApp. No Action Taken.
File C:\hp\bin\win32all-146.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Avatar billede victor-1 Nybegynder
16. januar 2005 - 00:08 #10
Genstart din maskine (vigtigt) og kør HJT, scan og læg en ny log herind.
Avatar billede johnstigers Seniormester
16. januar 2005 - 20:59 #11
victor-1 http://www.eksperten.dk/spm/581396
Avatar billede victor-1 Nybegynder
16. januar 2005 - 21:04 #12
Hmm ?
:-(
Avatar billede victor-1 Nybegynder
13. september 2005 - 21:14 #13
Har også lagt svar her > http://www.eksperten.dk/spm/581396
Avatar billede victor-1 Nybegynder
14. september 2005 - 09:48 #14
Takker. *S*
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 14:15 PHP Html Af Asky i Programmeringsværktøjer
I dag 11:06 Rufus mange muligheder - valg ved install Windows Af Uvanga i Windows
I går 16:53 HTML Af Asky i Programmeringsværktøjer
I går 10:01 Mister internettet efter slumre, Af valby i Windows
05/0513:02 Lille smart tingest Af nu_igen i Fitness & Smartwatches
White papers
Flere white papers »