Notifikationer

Markér alle som læst Log ud

Slettet bruger

05. maj 2005 - 15:10 Der er 7 kommentarer og
1 løsning

hijack this please

hejsa sidder lige med søsters pc den virker lidt slow så jeg smidder lige en hijack

Logfile of HijackThis v1.99.1
Scan saved at 15:09:04, on 05-05-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Grxp4exe.exe
C:\Programmer\Creative\ShareDLL\CtNotify.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\DU Meter\DUMeter.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\PestPatrol\PPControl.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
C:\WUTemp\com_microsoft.DirectX_9_0C_RECOMMENDED\dxwebsetup.exe
C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\IXP000.TMP\dxwsetup.exe
C:\Documents and Settings\Mads Ahm\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: (no name) - {CADC9557-C471-4973-B445-C216CC3DCFF7} - C:\WINNT\system32\djane.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [updateWins] c:\winnt\system32\zxz\systrey.exe
O4 - HKLM\..\Run: [ExplorerTask] C:\WINNT\Fonts\explorer.exe
O4 - HKLM\..\Run: [eDonkey2000] C:\Programmer\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [explore] C:\winnt\web\printers\images\explore.exe
O4 - HKLM\..\Run: [Syste32lin] c:\winnt\system32\cuirsor\systroy.exe
O4 - HKLM\..\Run: [messnger] C:\WINNT\system32\Dvldr32.exe
O4 - HKLM\..\Run: [Windows Management Instrumentation] C:\WINNT\system32\mwd.exe
O4 - HKLM\..\Run: [msmanager32] c:\winnt\system32\clients\faxclient\drivers\msmngr32.exe
O4 - HKLM\..\Run: [skinz] C:\program files\real\realplayer\other\skinz.exe
O4 - HKLM\..\Run: [task] c:\program files\real\realplayer\other\skinz.exe
O4 - HKLM\..\Run: [mssyslanhelper] C:\WINNT\system32\msmsgri32.exe
O4 - HKLM\..\Run: [MSN Loader] msgner.exe
O4 - HKLM\..\Run: [WinntSyst] c:\winnt\system32\madia\cwntr.exe
O4 - HKLM\..\Run: [registry1] c:\winnt\system32\systeem\klsys.exe
O4 - HKLM\..\Run: [a1] c:\winnt\system32\data\tool.exe
O4 - HKLM\..\Run: [lsass] c:\winnt\config\system\emm32\dosboot\windows\startup\lsass.exe
O4 - HKLM\..\Run: [Microsoft Internet] windows32.exe
O4 - HKLM\..\Run: [Iamnacho On Irc.MusIrc.com Is a Homosexual!] XBox64.exe
O4 - HKLM\..\Run: [caqvevch] C:\WINNT\SYSTEM32\sefss.exe
O4 - HKLM\..\Run: [xghfgdr] vqz.exe
O4 - HKLM\..\Run: [nmihyv] C:\WINNT\SYSTEM32\vqec.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [gqegbvqvc] C:\WINNT\SYSTEM32\fqecvs.exe
O4 - HKLM\..\Run: [Casdvqwa] bgdw.exe
O4 - HKLM\..\Run: [vaxxa] C:\WINNT\SYSTEM32\ffms.exe
O4 - HKLM\..\Run: [djdsdvqwa] vjdhdg.exe
O4 - HKLM\..\Run: [imlaunching] C:\WINNT\SYSTEM32\faf.exe
O4 - HKLM\..\Run: [fqqza] feqzw.exe
O4 - HKLM\..\Run: [DumpFaultCheck] C:\WINNT\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Programmer\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programmer\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PestPatrolRegistration] C:\Programmer\PestPatrol\Register.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmer\PestPatrol\PPControl.exe
O4 - HKLM\..\RunServices: [MSN Loader] msgner.exe
O4 - HKLM\..\RunServices: [Microsoft Internet] windows32.exe
O4 - HKLM\..\RunServices: [Iamnacho On Irc.MusIrc.com Is a Homosexual!] XBox64.exe
O4 - HKLM\..\RunServices: [xghfgdr] vqz.exe
O4 - HKLM\..\RunServices: [Casdvqwa] bgdw.exe
O4 - HKLM\..\RunServices: [djdsdvqwa] vjdhdg.exe
O4 - HKLM\..\RunServices: [fqqza] feqzw.exe
O4 - HKLM\..\RunServices: [DumpFaultCheck] C:\WINNT\system32\drivers\csrss.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINNT\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1015.dll,InstantAccess
O4 - HKCU\..\Run: [SpyKiller] C:\Programmer\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O18 - Filter: text/html - {45B039C6-BED4-4A1A-A6AC-7F1064B320AF} - C:\WINNT\system32\djane.dll
O18 - Filter: text/plain - {45B039C6-BED4-4A1A-A6AC-7F1064B320AF} - C:\WINNT\system32\djane.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Client Runtime Server Subsystem (crss) - Unknown owner - crss.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Windows Communicator (S+D_31a) - Unknown owner - C:\WINNT\system32\wincom.exe" -service (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - c:\WINNT\Debug\UserMode\taskman.exe (file missing)
O23 - Service: Microsoft Debugging Machine (xmdm) - Unknown owner - C:\WINNT\system32\xmdm.exe (file missing)

Synes godt om

tonnybrandt Nybegynder

05. maj 2005 - 15:23 #1

Hent denne Kaspersky scanner.
http://www.spywareinfo.dk/download/mwav.exe - Virusscanner.

Genstart i fejlsikret tilstand, log ind med dit normale brugernavn og kør en fuld scanning med virus-scanneren.

Vi kan lige så godt lade den nappe det den kan før vi går til loggen.

Genstart normal og læg så en ny HiJackThis log ind.

Synes godt om

Slettet bruger

05. maj 2005 - 16:46 #2

så er den kørt

Logfile of HijackThis v1.99.1
Scan saved at 16:45:08, on 05-05-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmer\Symantec\LiveUpdate\AUpdate.exe
C:\WINNT\system32\Grxp4exe.exe
C:\Documents and Settings\Mads Ahm\Skrivebord\hijackthis.exe
C:\Programmer\Creative\ShareDLL\CtNotify.exe
C:\Programmer\DU Meter\DUMeter.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\PestPatrol\PPControl.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\rundll32.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ExplorerTask] C:\WINNT\Fonts\explorer.exe
O4 - HKLM\..\Run: [explore] C:\winnt\web\printers\images\explore.exe
O4 - HKLM\..\Run: [messnger] C:\WINNT\system32\Dvldr32.exe
O4 - HKLM\..\Run: [msmanager32] c:\winnt\system32\clients\faxclient\drivers\msmngr32.exe
O4 - HKLM\..\Run: [task] c:\program files\real\realplayer\other\skinz.exe
O4 - HKLM\..\Run: [MSN Loader] msgner.exe
O4 - HKLM\..\Run: [registry1] c:\winnt\system32\systeem\klsys.exe
O4 - HKLM\..\Run: [lsass] c:\winnt\config\system\emm32\dosboot\windows\startup\lsass.exe
O4 - HKLM\..\Run: [Iamnacho On Irc.MusIrc.com Is a Homosexual!] XBox64.exe
O4 - HKLM\..\Run: [xghfgdr] vqz.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Casdvqwa] bgdw.exe
O4 - HKLM\..\Run: [djdsdvqwa] vjdhdg.exe
O4 - HKLM\..\Run: [fqqza] feqzw.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Programmer\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programmer\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PestPatrolRegistration] C:\Programmer\PestPatrol\Register.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmer\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [Microsoft Internet] windows32.exe
O4 - HKLM\..\RunServices: [xghfgdr] vqz.exe
O4 - HKLM\..\RunServices: [djdsdvqwa] vjdhdg.exe
O4 - HKLM\..\RunServices: [DumpFaultCheck] C:\WINNT\system32\drivers\csrss.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1015.dll,InstantAccess
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O18 - Filter: text/html - {45B039C6-BED4-4A1A-A6AC-7F1064B320AF} - C:\WINNT\system32\djane.dll
O18 - Filter: text/plain - {45B039C6-BED4-4A1A-A6AC-7F1064B320AF} - C:\WINNT\system32\djane.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Client Runtime Server Subsystem (crss) - Unknown owner - crss.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Windows Communicator (S+D_31a) - Unknown owner - C:\WINNT\system32\wincom.exe" -service (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - c:\WINNT\Debug\UserMode\taskman.exe (file missing)
O23 - Service: Microsoft Debugging Machine (xmdm) - Unknown owner - C:\WINNT\system32\xmdm.exe (file missing)

Synes godt om

tonnybrandt Nybegynder

05. maj 2005 - 17:08 #3

Den nappede ikke meget, så du får en procedure lige om lidt ..

Synes godt om

tonnybrandt Nybegynder

05. maj 2005 - 17:22 #4

Vi venter lige med at slette de tjenester der skal slettes til senere ...

Hent SpSeHjfix her:
http://www.derbilk.de/SpSeHjfix110.zip
Udpak den til sin egen mappe på skrivebordet.

Under dette fix, må du ikke have Internet Explorer åben, så det bedste er at printe instruktionen ud - næstbedst at kopiere den over i Notepad, så du kan læse den derfra.

1. For at kunne se alle filer:

Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

2. Genstart i Fejlsikret tilstand (uden netværk) ved at taste F8 under opstart.

3. Kør HijackThis, scan og sæt et flueben ud for denne linie - luk øvrige programvinduer - klik "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [ExplorerTask] C:\WINNT\Fonts\explorer.exe
O4 - HKLM\..\Run: [explore] C:\winnt\web\printers\images\explore.exe
O4 - HKLM\..\Run: [messnger] C:\WINNT\system32\Dvldr32.exe
O4 - HKLM\..\Run: [msmanager32] c:\winnt\system32\clients\faxclient\drivers\msmngr32.exe
O4 - HKLM\..\Run: [task] c:\program files\real\realplayer\other\skinz.exe
O4 - HKLM\..\Run: [MSN Loader] msgner.exe
O4 - HKLM\..\Run: [registry1] c:\winnt\system32\systeem\klsys.exe
O4 - HKLM\..\Run: [lsass] c:\winnt\config\system\emm32\dosboot\windows\startup\lsass.exe
O4 - HKLM\..\Run: [Iamnacho On Irc.MusIrc.com Is a Homosexual!] XBox64.exe
O4 - HKLM\..\Run: [xghfgdr] vqz.exe
O4 - HKLM\..\Run: [Casdvqwa] bgdw.exe
O4 - HKLM\..\Run: [djdsdvqwa] vjdhdg.exe
O4 - HKLM\..\Run: [fqqza] feqzw.exe
O4 - HKLM\..\RunServices: [Microsoft Internet] windows32.exe
O4 - HKLM\..\RunServices: [xghfgdr] vqz.exe
O4 - HKLM\..\RunServices: [djdsdvqwa] vjdhdg.exe
O4 - HKLM\..\RunServices: [DumpFaultCheck] C:\WINNT\system32\drivers\csrss.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1015.dll,InstantAccess
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O18 - Filter: text/html - {45B039C6-BED4-4A1A-A6AC-7F1064B320AF} - C:\WINNT\system32\djane.dll
O18 - Filter: text/plain - {45B039C6-BED4-4A1A-A6AC-7F1064B320AF} - C:\WINNT\system32\djane.dll
O23 - Service: Client Runtime Server Subsystem (crss) - Unknown owner - crss.exe (file missing)
O23 - Service: Windows Communicator (S+D_31a) - Unknown owner - C:\WINNT\system32\wincom.exe" -service (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - c:\WINNT\Debug\UserMode\taskman.exe (file missing)
O23 - Service: Microsoft Debugging Machine (xmdm) - Unknown owner - C:\WINNT\system32\xmdm.exe (file missing)

4. Find og slet:
C:\WINNT\Fonts\explorer.exe
C:\winnt\web\printers\images\explore.exe
C:\WINNT\system32\Dvldr32.exe
C:\WINNT\system32\msgner.exe
C:\WINNT\system32\XBox64.exe
C:\WINNT\system32\vqz.exe
C:\WINNT\system32\bgdw.exe
C:\WINNT\system32\vjdhdg.exe
C:\WINNT\system32\feqzw.exe
C:\WINNT\system32\windows32.exe
C:\WINNT\system32\drivers\csrss.exe
C:\WINNT\system32\p2esocks_1015.dll
C:\WINNT\system32\djane.dll
C:\WINNT\system32\crss.exe
C:\WINNT\system32\wincom.exe
c:\WINNT\Debug\UserMode\taskman.exe
C:\WINNT\system32\xmdm.exe

Samt folderne:
c:\winnt\system32\clients
c:\program files\real
c:\winnt\system32\systeem
c:\winnt\config\system
c:\freescan

5. Kør SpSeHjFix - klik på Start Disinfektion, programmet scanner, fjerner og genstarter - lad programmet starte i Normal tilstand. Gem den log, som programmet laver.

6. Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Genstart i Normal tilstand, kør HijackThis, scan og læg en frisk log herind sammen med log'en fra SpSeHjFix.

Synes godt om

Slettet bruger

05. maj 2005 - 18:13 #5

sådan

(5-5-05 18:06:15) SPSeHjFix started v1.1.2
(5-5-05 18:06:15) OS: Win2000 Service Pack 4 (5.0.2195)
(5-5-05 18:06:15) Language: dansk
(5-5-05 18:06:15) Win-Path: C:\WINNT
(5-5-05 18:06:15) System-Path: C:\WINNT\system32
(5-5-05 18:06:15) Temp-Path: C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\
(5-5-05 18:06:23) Disinfection started
(5-5-05 18:06:23) Bad-Dll(IEP): (not found)
(5-5-05 18:06:23) Bad-Dll(IEP) in BHO: (not found)
(5-5-05 18:06:23) UBF: 7 - UBB: 3 - UBR: 18
(5-5-05 18:06:23) UBF: 7 - UBB: 3 - UBR: 18
(5-5-05 18:06:23) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
(5-5-05 18:06:27) Stealth-String not found
(5-5-05 18:06:27) Not infected->END

Logfile of HijackThis v1.99.1
Scan saved at 18:13:15, on 05-05-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Grxp4exe.exe
C:\Programmer\Creative\ShareDLL\CtNotify.exe
C:\Programmer\DU Meter\DUMeter.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programmer\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\P2P Networking\P2P Networking.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\DOCUME~1\MADSAH~1\LOKALE~1\Temp\SpSeHjfix112.exe
C:\WINNT\System32\cleanmgr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mads Ahm\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [STOPzilla] "C:\Programmer\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programmer\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [PestPatrolRegistration] C:\Programmer\PestPatrol\Register.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmer\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise/products/housecall_pre.php (file missing)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Client Runtime Server Subsystem (crss) - Unknown owner - crss.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Windows Communicator (S+D_31a) - Unknown owner - C:\WINNT\system32\wincom.exe" -service (file missing)
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - c:\WINNT\Debug\UserMode\taskman.exe (file missing)
O23 - Service: Microsoft Debugging Machine (xmdm) - Unknown owner - C:\WINNT\system32\xmdm.exe (file missing)

Synes godt om

tonnybrandt Nybegynder

06. maj 2005 - 01:09 #6

Så må vi lige have dig en tur i regedit og slette det sidste manuelt.

Genstart i fejlsikret tilstand.

Klik start | kør, skriv regedt32 og tryk enter.
Find denne nøgle i registreringsdatabasen og udvid den så du kan se de underliggende objekter.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Udvid den så du kan se de underliggende nøgler.
Højreklik disse nøgler og vælg slet:

Client Runtime Server Subsystem (crss)
Windows Communicator (S+D_31a)
Serv-U FTP Server (Serv-U)
Microsoft Debugging Machine (xmdm)

Genstart normalt og kom med en ny log.

Synes godt om

tonnybrandt Nybegynder

13. maj 2005 - 07:37 #7

Fik du udført det sidste ?

Synes godt om

Slettet bruger

13. maj 2005 - 22:09 #8

nej det fik jeg ikke den brød totalt sammen hun har ikke kunne bruge den til noget siden tror hendes bruger profil er død

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

01/05

Test: Kan danske Jabra egentlig hamle op med tech-giganterne med sin nye topmodel? Svaret er ja

01/05

Efter mange års tilbagegang i Danmark - nu vokser CGI's omsætning igen

01/05

Nørgaard: En marxistisk analyse af milliardærskat i dagens anledning - fik Marx egentlig ikke ret?

01/05

Rykker tættere på fælles it-drift: 19 kommuner siger ja til hinanden - Aarhus får central rolle

01/05

Den danske datacenter-branche efter kritik: Der skal bygges meget mere. Det haster

01/05

Emagine buldrer frem: Sætter ny omsætningsrekord og har vild vækst på jobfronten

01/05

En særlig ting får vores samfund til at fungere

01/05

It-selskab fra Fyn rejser 261 millioner kroner og gør klar til at købe op i Danmark

01/05

Netcompany bliver eneejer af kæmpe lufthavns-satsning: Københavns Lufthavn forlader ejerkredsen

01/05

Danske Bank satser stort på AI og forventer produktivitets-gevinster i milliardklassen: Her er planerne

01/05

Prosas 1. maj-tale: Den næste store arbejderkamp handler om AI

Vis flere artikler

IT-JOB

Netcompany A/S

Test Consultant

Politiets Efterretningstjeneste

Kan du drive succesfulde strategiske IT projekter i PET?

Statens IT

Medarbejder til Event Management i Statens Its overvågning

TV2

Identity Provider Specialist til IAM-teamet

Politiets Efterretningstjeneste

CNE-specialist til PET`s indhentningsafdeling

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 19:09	Download Win 11 - 25H2 Af ErikHg i Windows
30/0410:42	Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
29/0419:37	Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
29/0412:23	Facebook Af hkv i Sociale medier
29/0411:38	JAVASCRIPT omdan ekstern variabel til søjleværdi .. Af snestrup2000 i Programmeringsværktøjer

White papers

E-fakturering bliver et krav – er din forretning klar?
Tabellae
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Erfaringer fra frontlinjen: Sådan ændrer trusselsbilledet sig
Arctic Wolf
Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf

Flere white papers »