Søg
Avatar billede pedersen73 Nybegynder
14. februar 2005 - 21:28 Der er 19 kommentarer og
2 løsninger

Gennemsyn af Hijackthis log.

Hej,
Er der en ekspert der vil kigge på min log? Efter boot af maskinen får jeg en prompt med dette spørgsmål "Is your computer infected with spyware".

Logfile of HijackThis v1.99.0
Scan saved at 21:10:05, on 14-02-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Documents and Settings\Brian.BRIAN-WOP9UHG9N\Skrivebord\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - C:\WINDOWS\System32\uxbroiho.dll
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe snim.dll, DllRegisterServer
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: winupdate30349292[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programmer\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
Avatar billede johnstigers Seniormester
14. februar 2005 - 21:29 #1
Kigger på den :)
Avatar billede johnstigers Seniormester
14. februar 2005 - 21:38 #2
Genstart i fejlsikker tilstand og fix disse:
C:\WINDOWS\System32\open32.exe
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - C:\WINDOWS\System32\uxbroiho.dll
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe snim.dll, DllRegisterServer
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Startup: winupdate30349292[1].exe
(med mindre du selv har lavet dette med Spybot, så skal de fixes):
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll


genstart og ny log.
Avatar billede pedersen73 Nybegynder
14. februar 2005 - 22:10 #3
Ja det var straks bedre. Efter genstart bliver jeg dog præsenteret for denne prompt "Windows installation - forbereder installationen" denne forsvinder dog af sig selv. Hvad kan dette skyldes?

Logfile of HijackThis v1.99.0
Scan saved at 22:03:00, on 14-02-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Documents and Settings\Brian.BRIAN-WOP9UHG9N\Skrivebord\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - (no file)
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: winupdate30349292[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programmer\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
Avatar billede johnstigers Seniormester
14. februar 2005 - 22:36 #4
Fix lige disse og se om det hjælper:
O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - (no file)
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)
Avatar billede tonnybrandt Nybegynder
15. februar 2005 - 08:58 #5
John > Et hint: Der er haxdor virus på pc'en.
O4 - Startup: winupdate30349292[1].exe
Avatar billede tonnybrandt Nybegynder
15. februar 2005 - 09:24 #6
John, håber ikke det gør noget hvis jeg lige blander mig lidt:

Hent denne fil og pak den ud på Skrivebordet:
http://www.atribune.org/downloads/HSFix.zip

... og denne fil (gem den på dit Skrivebord):
www.spywareinfo.dk/download/cleantempxp2k.bat

Genstart i Fejlsikret tilstand (ved at taste F8 under opstart).

Kør hsfix.bat - 2 gange.

Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - (no file)
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)
O4 - Startup: winupdate30349292[1].exe

Dobbeltklik på cleantempxp2k.bat

Genstart i Normal tilstand og kør mindst én af disse online scannere:

http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/co...n_principal.htm
http://www3.ca.com/threatinfo/virusinfo/scan.aspx

Genstart i Normal tilstand og læg en frisk hijackthis log samt hsfix log'en (som du finder i C:/hslog.txt)
Avatar billede pedersen73 Nybegynder
15. februar 2005 - 23:44 #7
Hej Tonny,
Tak for indlægget. Jeg kæmper stadig - her er mine logs:

Logfile of HijackThis v1.99.0
Scan saved at 23:39:25, on 15-02-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\DOCUME~1\BRIAN~1.BRI\LOKALE~1\Temp\tmp9.tmp
C:\WINDOWS\System32\Regsvr32.exe
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\System32\tibs3.exe
C:\Documents and Settings\Brian.BRIAN-WOP9UHG9N\Skrivebord\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - (no file)
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe snim.dll, DllRegisterServer
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: winupdate30349292[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programmer\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe




Horseserver Removal Tool v1.05
      by Atri
-
-
1. Registry Fix Started
-
  Registry fix complete
-
2. Deleted Services
-
WINLOW
[SC] DeleteService SUCCESS
vdmt16
[SC] DeleteService SUCCESS
vdnt32
[SC] OpenService FAILED 1060:

Den angivne tjeneste findes ikke som en installeret tjeneste.

klo5
[SC] OpenService FAILED 1060:

Den angivne tjeneste findes ikke som en installeret tjeneste.

-
3. Finding files Located on system
-
klogini.dll
p2.ini
ps.a3d
vdnt32.sys
vdmt16.sys
winlow.sys
klo5.sys
drct16.dll
mszx23.exe
tibs3.exe
cz.dll
hz.dll
wz.dll
tmp*.exe
WebSiteViewer
tmp*.tmp
dload.exe
w32tm.exe
open32.exe
-
4. Deleting files that were found.
-
unable to remove drct16.dll
unable to remove mszx23.exe
-
5. Checking for and Removing Winupdate
-
-
-
Avatar billede tonnybrandt Nybegynder
16. februar 2005 - 00:29 #8
Man gemmer en tekstfil, ved at åbne notesblok, kopiere teksten over i notesblokken og vælger fil | gem som. Så vælger man i filtype "Alle filer" og skriver navnet i "Filnavn"

Gem teksten mellen de stiplede liner som en tekstfil med navnet remove.reg og læg den på dit skrivebord.

------------------------------------
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ENUM\ROOT\LEGACY_VDMT16]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winlow]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINLOW]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdmt16]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"secboot"=-

[HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\Parameters]
"Disable TrayIcon"-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"StackSize"=-
"Impersonate"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion]
"hws"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Session Manager\Memory Management]
"EnforceWriteProtect"=-
-------------------------------------


Genstart i fejlsikret tilstand.

Dobbeltklik på remove.reg og sig ja til at tilføje værdierne i registreringsdatabasen.

Kør hsfix.bat

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - (no file)
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe snim.dll, DllRegisterServer
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - Startup: winupdate30349292[1].exe
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll


Genstart i fejlsikret tilstand og gentag hele proceduren en gang til !!!!

Genstart i normal tilstand og kom med en ny log
Avatar billede pedersen73 Nybegynder
16. februar 2005 - 20:45 #9
Hej - snavset er ikke nemt at komme til livs!
Se mine logs efter ovenstående procedure.

Logfile of HijackThis v1.99.0
Scan saved at 20:38:31, on 16-02-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\BRIAN~1.BRI\LOKALE~1\Temp\tmp4.tmp
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\System32\tibs3.exe
C:\Documents and Settings\Brian.BRIAN-WOP9UHG9N\Skrivebord\Hijackthis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - (no file)
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe snim.dll, DllRegisterServer
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: winupdate30349292[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programmer\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe




Horseserver Removal Tool v1.05
      by Atri
-
-
1. Registry Fix Started
-
  Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-
Avatar billede tonnybrandt Nybegynder
16. februar 2005 - 22:56 #10
Hent KillBox her:

http://download.broadbandmedic.com/ el. her hvis først link ikke virker:
http://www.spywareinfo.dk/download/KillBox.zip

Her er listen over filer der skal slettes med KillBox:

C:\WINDOWS\blank.htm
C:\WINDOWS\System32\DSMANA~1.DLL
C:\WINDOWS\System32\snim.dll
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\System32\tibs3.exe
"C:\Documents and Settings\Brian.BRIAN-WOP9UHG9N\Menuen Start\Programmer\Start\winupdate30349292[1].exe"

Kør KillBox, sæt prik i "Delete on reboot". Kopier hver enkel linie ind i tekstfeltet på Killbox og klik herefter på den røde knap med det hvide kryds. Programmet vil spørge om du vil genstarte - svar NEJ, undtagen når du har kopieret den sidste linie ind. Efter at have kopieret den sidste linie ind, skal du svare JA, og din computer vil genstarte.

Så kører du HiJackThis og fixer disse linier:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - (no file)
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe snim.dll, DllRegisterServer
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - Startup: winupdate30349292[1].exe
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll

Genstart normalt og kom med en ny log
Avatar billede pedersen73 Nybegynder
17. februar 2005 - 20:40 #11
Det ser faktisk fornuftigt ud nu. Hvad siger du til min log?

Logfile of HijackThis v1.99.0
Scan saved at 20:36:11, on 17-02-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Brian.BRIAN-WOP9UHG9N\Skrivebord\Hijackthis\hijackthis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - (no file)
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programmer\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
Avatar billede tonnybrandt Nybegynder
17. februar 2005 - 20:48 #12
Jeg er enig, det ser rigtigt fornuftigt ud.

Vi skal lige have fjernet disse 3 linier:
O2 - BHO: (no name) - {791EA251-11AE-4083-77B4-ED728DDF6853} - (no file)
O2 - BHO: (no name) - {87D178C1-081D-075B-BDF6-6B2CD5F934B0} - (no file)
O2 - BHO: (no name) - {A4BA7498-ACC3-4864-C5AB-860D4B1303B9} - (no file)

Det gør vi således:

Klik start | kør, skriv regedit og tryk enter.
Find denne nøgle i registreringsdatabasen og udvid den så du kan se de underliggende objekter.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects


Klik "Browser Helper Objects" så den er markeret.
Klik Rediger | Tilladelser.
Marker "Alle" og sæt kryds i Tillad i "Fuld kontrol".
Klik knappen Avanceret, og sæt kryds i den nederste: "Erstat tilladelsesposter på alle underobj......"
Klik Anvend og ok
Og igen Anvend og ok.

Højreklik nu hver af disse objekter og vælg slet:
{791EA251-11AE-4083-77B4-ED728DDF6853}
{87D178C1-081D-075B-BDF6-6B2CD5F934B0}
{A4BA7498-ACC3-4864-C5AB-860D4B1303B9}

Luk regedit når de er slettet.

Genstart og kom med en ny log.
Avatar billede pedersen73 Nybegynder
17. februar 2005 - 21:12 #13
Ny log:

Logfile of HijackThis v1.99.0
Scan saved at 21:11:12, on 17-02-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Brian.BRIAN-WOP9UHG9N\Skrivebord\Hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Adobe LM Service - Unknown - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programmer\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
Avatar billede tonnybrandt Nybegynder
17. februar 2005 - 21:14 #14
Bingo, så er loggen ren :)

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse  - genstart din computer - aktiver systemgendannelse.
(klik start | indstillinger | kontrolpanel | system, fanebladet systemgendannelse)

Du kan evt installere nogle af programmerne i spywarefri pakken..de er alle små, konflikter ikke og er meget effektive mod snavs af den slags du lige har været angrebet af.

Specielt anbefaler vi Spybot,spywareblaster, IE-Spyad og spywareguard.
Se mere i "pakken" her
http://www.spywarefri.dk/pakken.htm
Avatar billede pedersen73 Nybegynder
17. februar 2005 - 21:16 #15
Jamen så vil jeg da gerne sige mange tak for hjælpen!!!
Avatar billede johnstigers Seniormester
17. februar 2005 - 21:17 #16
Tillader mig at svare også ;)
Avatar billede tonnybrandt Nybegynder
17. februar 2005 - 21:18 #17
Sorry John, jeg havde helt glemt at jeg "brød ind" :(
Avatar billede johnstigers Seniormester
17. februar 2005 - 21:21 #18
Du var så godt i gang og havde hjulpet før jeg overhovedet kom hjem- så det er ok ;)

pedersen73> Du bestemmer 100% selv om du vil dele point mellem os eller give det hele til tonnybrandt - det er ok ;)
Avatar billede pedersen73 Nybegynder
17. februar 2005 - 21:23 #19
Jamen så så "deles der i porten"

Tak til jer begge!
Avatar billede johnstigers Seniormester
17. februar 2005 - 21:25 #20
jeg takker :)
Avatar billede tonnybrandt Nybegynder
17. februar 2005 - 23:10 #21
Velbekomme og takker for point :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:02 Lille smart tingest Af nu_igen i Fitness & Smartwatches
03/0500:59 Mobilepay app virker ikke mere på Xiaomi Redmi Note 13 Pro Af henrixx i Apps til Android
02/0519:09 Download Win 11 - 25H2 Af ErikHg i Windows
30/0410:42 Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
29/0419:37 Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
White papers
Flere white papers »