Søg
Avatar billede jne Nybegynder
11. september 2005 - 10:59 Der er 13 kommentarer og
1 løsning

HijackThis log

Hej Eksperter

Er der en der vil kontrollere denne log... Alt tyder vist på der er lidt virus...

Logfile of HijackThis v1.99.1
Scan saved at 10:58:16, on 11-09-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\r_server.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\stisvc.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\Programmer\RealVNC\WinVNC\WinVNC.exe
C:\winnt\system32\svchost.exe
C:\winnt\Explorer.EXE
C:\Programmer\Trust\Ami Mouse Single Scroll\Amoumain.exe
C:\Programmer\FSI\F-Prot\F-Sched.exe
C:\winnt\system32\wirs.exe
C:\winnt\system32\winspec.exe
C:\win.exe
C:\winnt\system32\tskmgr.exe
C:\winnt\system32\msdriver.exe
C:\winnt\system32\msdriver.exe
C:\winnt\system32\rldrv.exe
C:\Programmer\Fælles filer\CMEII\CMESys.exe
C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE
C:\winnt\system32\tcpip32.exe
C:\winnt\system32\wirs.exe
C:\winnt\system32\winspec.exe
C:\winnt\system32\tskmgr.exe
C:\winnt\system32\msdriver.exe
C:\winnt\system32\rldrv.exe
C:\winnt\system32\msdriver.exe
C:\winnt\system32\clipservr.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\RALINK\RT2500 Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe
C:\Programmer\Fælles filer\GMT\GMT.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINNT\system32\HPZipm12.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\FSI\F-Prot\F-StopW.exe
C:\Documents and Settings\Administrator\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=29905&t=0&ce=DI&m=NTY4NDQ2MTc5&ver=3.0.1.8&lang=en
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youbettersearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.opasia.dk/start
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af TDC Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Programmer\DashBar\DashBar30.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [F-StopW] C:\Programmer\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmer\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programmer\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] wirs.exe
O4 - HKLM\..\Run: [Windows DNS] wind.exe
O4 - HKLM\..\Run: [IPC Spool Manager] winspec.exe
O4 - HKLM\..\Run: [WINSDFG] C:\win.exe
O4 - HKLM\..\Run: [Ms Task Manager] tskmgr.exe
O4 - HKLM\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\Run: [rldrv] rldrv.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programmer\Fælles filer\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [tcpip32] tcpip32.exe
O4 - HKLM\..\Run: [ErrorGuard] E:\Dokumenter\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] wirs.exe
O4 - HKLM\..\RunServices: [Windows DNS] wind.exe
O4 - HKLM\..\RunServices: [IPC Spool Manager] winspec.exe
O4 - HKLM\..\RunServices: [Ms Task Manager] tskmgr.exe
O4 - HKLM\..\RunServices: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\RunServices: [rldrv] rldrv.exe
O4 - HKLM\..\RunServices: [ClipSrv] clipservr.exe
O4 - HKLM\..\RunServices: [tcpip32] tcpip32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] wirs.exe
O4 - HKCU\..\Run: [IPC Spool Manager] winspec.exe
O4 - HKCU\..\Run: [Ms Task Manager] tskmgr.exe
O4 - HKCU\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKCU\..\Run: [rldrv] rldrv.exe
O4 - HKCU\..\Run: [ClipSrv] clipservr.exe
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Programmer\RALINK\RT2500 Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe
O4 - Global Startup: VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.opasia.dk/start
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: PDEngine - Unknown owner - C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Unknown owner - C:\Programmer\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\winnt\system32\r_server.exe" /service (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmer\RealVNC\WinVNC\WinVNC.exe" -service (file missing)



Venligst
JNE
Avatar billede johnstigers Seniormester
11. september 2005 - 11:05 #1
Download og kør denne engangsantivirusscanner fra Kaspersky: http://www.spywareinfo.dk/download/mwav.exe Den skal ikke installeres, men kan køres direkte. Dobbeltklik på mwav.exe. Tryk ”UnZip” -> Tryk ”OK” og programmet starter efter udpakningen. Sæt flueben i følgende:
”Memory”, ”Starup Folders”, ”Drive”, ”Registry”, ”System Folders” og ”Services”
Sæt prik i følgende: ”All Local Drives” og ”Scan All Files”
Klik nu på knappen ”Scan”

Det kan tage et par timer, men den er grundig. Derefter genstarter du og smider en ny log ind til tjek.

Jeg har ikke mulighed for at følge op på dette spørgsmål før i aften, så andre er velkomne til at overtage til da :)
Avatar billede jne Nybegynder
11. september 2005 - 11:08 #2
okay... tak skal du have for hjælpen... Håber der er et rart menneske der vil fortsætte... Jeg går i gang med scanning!
Avatar billede kalp Novice
11. september 2005 - 11:46 #3
Jeg kan muligvis:)
Avatar billede johnstigers Seniormester
11. september 2005 - 11:54 #4
:)
Avatar billede jne Nybegynder
11. september 2005 - 19:39 #5
Så har jeg scannet computeren med mwav.exe

og min log fil ser sådan ud:

Logfile of HijackThis v1.99.1
Scan saved at 19:33:26, on 11-09-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\r_server.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\stisvc.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\Programmer\RealVNC\WinVNC\WinVNC.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\Explorer.EXE
C:\Programmer\FSI\F-Prot\F-StopW.EXE
C:\Programmer\FSI\F-Prot\F-Sched.exe
C:\win.exe
C:\Programmer\Fælles filer\CMEII\CMESys.exe
C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE
C:\winnt\system32\clipservr.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\RALINK\RT2500 Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe
C:\Programmer\Fælles filer\GMT\GMT.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Administrator\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=29905&t=0&ce=DI&m=NTY4NDQ2MTc5&ver=3.0.1.8&lang=en
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youbettersearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.opasia.dk/start
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af TDC Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Programmer\DashBar\DashBar30.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-StopW] C:\Programmer\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmer\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programmer\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [IPC Spool Manager] winspec.exe
O4 - HKLM\..\Run: [WINSDFG] C:\win.exe
O4 - HKLM\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programmer\Fælles filer\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ErrorGuard] E:\Dokumenter\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\RunServices: [IPC Spool Manager] winspec.exe
O4 - HKLM\..\RunServices: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\RunServices: [ClipSrv] clipservr.exe
O4 - HKCU\..\Run: [Ms Task Manager] tskmgr.exe
O4 - HKCU\..\Run: [rldrv] rldrv.exe
O4 - HKCU\..\Run: [ClipSrv] clipservr.exe
O4 - Global Startup: GStartup.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Programmer\RALINK\RT2500 Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe
O4 - Global Startup: VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.opasia.dk/start
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: PDEngine - Unknown owner - C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Unknown owner - C:\Programmer\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\winnt\system32\r_server.exe" /service (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmer\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
Avatar billede johnstigers Seniormester
11. september 2005 - 19:41 #6
Og jeg er også lige kommet tilbage, så jeg tjekker den :)
Avatar billede jne Nybegynder
11. september 2005 - 19:42 #7
tak for det
Avatar billede johnstigers Seniormester
11. september 2005 - 19:44 #8
Kan se du stadigvæk har virus, som mwav ikke snuppede - vejledning er på vej.
Avatar billede jne Nybegynder
11. september 2005 - 19:47 #9
super duper...

Jeg har åbentbart også fået lidt snavs på min bærbar... jeg har gjort hvad der er blevet beskrævet i dette spørgsmål: http://www.eksperten.dk/spm/647160

Men er gået lidt i stå nu... Tror du, du vil kontrollere denne log også?
Avatar billede johnstigers Seniormester
11. september 2005 - 20:03 #10
Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=29905&t=0&ce=DI&m=NTY4NDQ2MTc5&ver=3.0.1.8&lang=en
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youbettersearch.com/
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Programmer\DashBar\DashBar30.dll
O4 - HKLM\..\Run: [WINSDFG] C:\win.exe
O4 - HKLM\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programmer\Fælles filer\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [ErrorGuard] E:\Dokumenter\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\RunServices: [IPC Spool Manager] winspec.exe
O4 - HKLM\..\RunServices: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\RunServices: [ClipSrv] clipservr.exe
O4 - HKCU\..\Run: [Ms Task Manager] tskmgr.exe
O4 - HKCU\..\Run: [rldrv] rldrv.exe
O4 - HKCU\..\Run: [ClipSrv] clipservr.exe
O4 - Global Startup: GStartup.lnk = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c18.cab



--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)
Find og slet manuelt :

Filen C:\win.exe (win.exe)
Mappen C:\Programmer\DashBar (mappen Dashbar)
Mappen C:\Programmer\Fælles filer\CMEII (mappen CMEII)
Mappen E:\Dokumenter\ErrorGuard (mappen ErrorGuard)
Mappen C:\winnt\web (mappen web)


-------------------------------

Så genstarter du computeren normalt og laver en ny hijackthis log, som du lægger herind.
Avatar billede jne Nybegynder
11. september 2005 - 20:27 #11
Her er den nye logfil:

Logfile of HijackThis v1.99.1
Scan saved at 20:25:18, on 11-09-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\r_server.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\stisvc.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\Programmer\RealVNC\WinVNC\WinVNC.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\Explorer.EXE
C:\Programmer\FSI\F-Prot\F-StopW.EXE
C:\Programmer\FSI\F-Prot\F-Sched.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\RALINK\RT2500 Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Administrator\Skrivebord\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.opasia.dk/start
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af TDC Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-StopW] C:\Programmer\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmer\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programmer\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [IPC Spool Manager] winspec.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Programmer\RALINK\RT2500 Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe
O4 - Global Startup: VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.opasia.dk/start
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: PDEngine - Unknown owner - C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Unknown owner - C:\Programmer\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\winnt\system32\r_server.exe" /service (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmer\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
Avatar billede johnstigers Seniormester
11. september 2005 - 21:25 #12
Fix denne i fejlsikker tilstand og ny log - men tror den så er ren: O4 - HKLM\..\Run: [IPC Spool Manager] winspec.exe
Avatar billede jne Nybegynder
11. september 2005 - 22:07 #13
Så er der en ny log:

Logfile of HijackThis v1.99.1
Scan saved at 22:04:47, on 11-09-2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\r_server.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\stisvc.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\Programmer\RealVNC\WinVNC\WinVNC.exe
C:\winnt\system32\svchost.exe
C:\winnt\System32\svchost.exe
C:\winnt\Explorer.EXE
C:\Programmer\FSI\F-Prot\F-StopW.EXE
C:\Programmer\FSI\F-Prot\F-Sched.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\RALINK\RT2500 Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Administrator\Skrivebord\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.opasia.dk/start
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer leveret af TDC Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-StopW] C:\Programmer\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmer\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programmer\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Programmer\RALINK\RT2500 Wireless LAN Card\Installer\WIN2K\RaConfig2500.exe
O4 - Global Startup: VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.opasia.dk/start
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: PDEngine - Unknown owner - C:\Programmer\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Unknown owner - C:\Programmer\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\winnt\system32\r_server.exe" /service (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmer\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
Avatar billede johnstigers Seniormester
11. september 2005 - 23:36 #14
Tillykke - den er ren ;)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 19:37 Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
I dag 12:23 Facebook Af hkv i Sociale medier
I dag 11:38 JAVASCRIPT omdan ekstern variabel til søjleværdi .. Af snestrup2000 i Programmeringsværktøjer
I dag 09:50 jeg mangler hjælp til opsætning af shop og Google ADS Af Hightech i Webhotel
I dag 09:42 udstyr til udespa Af Hightech i Andet programmering
White papers
Flere white papers »