Notifikationer

Markér alle som læst Log ud

peternn Nybegynder

27. oktober 2005 - 19:03 Der er 54 kommentarer og
1 løsning

W32.rdriv

Hej Har store problemer med denne mappe C:\windows\system32\rdriv.sys.
Kan ikke slette den.....
Har installeret Drweb, Ewido, Spybot og Hijackhis, her er log filer fra lidt af det. Håber i kan hjælpe...
Peter.
---------------------------------------------------------
ewido security suite - Scanningsrapport
---------------------------------------------------------

+ Oprettet den: 18:41:02, 27-10-2005
+ Rapport-Checksum: 5B941465

+ Scanningsresultat:
C:\WINDOWS\system32\eraseme_23720.exe -> Backdoor.SdBot.xd : Renset med backup
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\AS22BQ3F\prox[1].exe -> TrojanDownloader.Small.brs : Renset med backup
C:\Documents and Settings\piapeter\Cookies\piapeter@adtech[1].txt -> Spyware.Cookie.Adtech : Renset med backup
C:\Documents and Settings\piapeter\Cookies\piapeter@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Renset med backup
C:\Documents and Settings\piapeter\Cookies\piapeter@atdmt[2].txt -> Spyware.Cookie.Atdmt : Renset med backup
C:\Documents and Settings\piapeter\Cookies\piapeter@com[1].txt -> Spyware.Cookie.Com : Renset med backup
C:\Documents and Settings\piapeter\Cookies\piapeter@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Renset med backup
C:\Documents and Settings\piapeter\Cookies\piapeter@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Renset med backup
C:\sysdll.exe -> TrojanDownloader.Small.brs : Renset med backup

::Rapport sluti kan hjælpe.

Logfile of HijackThis v1.99.1
Scan saved at 18:54:14, on 27-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\HL2\Steam.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
F:\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HTML Help System] hhs.pif
O4 - HKLM\..\RunServices: [HTML Help System] hhs.pif
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\HL2\\Steam.exe -silent
O4 - HKCU\..\Run: [HTML Help System] hhs.pif
O4 - HKCU\..\RunServices: [HTML Help System] hhs.pif
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128962734343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: msprint (printer) - Unknown owner - C:\WINDOWS\sprint32.exe (file missing)
O23 - Service: WindowsSysBoot - Unknown owner - C:\WINDOWS\winsys.exe (file missing)

Synes godt om

screem_brille Novice

27. oktober 2005 - 19:09 #1

har du problemer på flere computere med den fejl siden du opretter det flere gange ? (hvorfor ikke svare i den tråd du allerede har oprettet, istedet for at oprette et nyt spørgsmål)

Synes godt om

peternn Nybegynder

27. oktober 2005 - 19:10 #2

Lidt mere fra Dr.web.
Peter.

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 63993
Infected objects found: 9
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 10
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 475 Kb/s
Scan time: 00:33:21
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 64077
Infected objects found: 10
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 11
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 486 Kb/s
Scan time: 00:33:42
=============================================================================a Dr.web

Synes godt om

peternn Nybegynder

27. oktober 2005 - 19:11 #3

Sorry har ikke prøvet det her før, en fejl. Er ikke så stærk med en computer

Synes godt om

kalp Novice

27. oktober 2005 - 19:16 #4

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.

Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer. Dobbelt tjeck alt kom med!. Klik herefter "Fix checked" i hijackthis:

O4 - HKLM\..\Run: [HTML Help System] hhs.pif
O4 - HKLM\..\RunServices: [HTML Help System] hhs.pif
O4 - HKCU\..\Run: [HTML Help System] hhs.pif
O4 - HKCU\..\RunServices: [HTML Help System] hhs.pif
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: msprint (printer) - Unknown owner - C:\WINDOWS\sprint32.exe (file missing)
O23 - Service: WindowsSysBoot - Unknown owner - C:\WINDOWS\winsys.exe (file missing)

Klik på Start->Kør skriv services.msc og klik OK.

Deaktiver disse services

msprint (printer) - Unknown owner
Microsoft Path Finder Service
WindowsSysBoot - Unknown owner

Genstart normalt og lav en ny hijackthislog som du kopirer herind.
(du skal altså ikke oprette spørgsmålet igen)

Synes godt om

peternn Nybegynder

27. oktober 2005 - 19:37 #5

Sorry igen.....
Her er så ny log....

Logfile of HijackThis v1.99.1
Scan saved at 19:35:11, on 27-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\HL2\Steam.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
F:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HTML Help System] hhs.pif
O4 - HKLM\..\RunServices: [HTML Help System] hhs.pif
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\HL2\\Steam.exe -silent
O4 - HKCU\..\Run: [HTML Help System] hhs.pif
O4 - HKCU\..\RunServices: [HTML Help System] hhs.pif
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128962734343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: msprint (printer) - Unknown owner - C:\WINDOWS\sprint32.exe (file missing)
O23 - Service: WindowsSysBoot - Unknown owner - C:\WINDOWS\winsys.exe (file missing)

Synes godt om

kalp Novice

27. oktober 2005 - 19:39 #6

lad os prøve noget brugervenligt først.

hent regcleaner
http://www.webmasterfree.com/regcleaner.html

scan og slet alt den finder.

genstart og ny hijackthis log

Synes godt om

johnstigers Seniormester

27. oktober 2005 - 19:41 #7

Kommentar: screem_brille
27/10-2005 19:09:17 - respons?

Synes godt om

screem_brille Novice

27. oktober 2005 - 19:46 #8

john_stigers, ja han har allerede oprettet et spørgsmål med dette, hvor fromsej var igang...

Synes godt om

peternn Nybegynder

27. oktober 2005 - 19:55 #9

Her er saå en mere.... OG SORRY for sidste gang, det var jo en fejl..

Logfile of HijackThis v1.99.1
Scan saved at 19:54:28, on 27-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\HL2\Steam.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Internet Explorer\iexplore.exe
F:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HTML Help System] hhs.pif
O4 - HKLM\..\RunServices: [HTML Help System] hhs.pif
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\HL2\\Steam.exe -silent
O4 - HKCU\..\Run: [HTML Help System] hhs.pif
O4 - HKCU\..\RunServices: [HTML Help System] hhs.pif
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128962734343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: msprint (printer) - Unknown owner - C:\WINDOWS\sprint32.exe (file missing)
O23 - Service: WindowsSysBoot - Unknown owner - C:\WINDOWS\winsys.exe (file missing)

Synes godt om

screem_brille Novice

27. oktober 2005 - 19:57 #10

peternn nu er du ihvertfald tilgivet herfra ;)

Synes godt om

johnstigers Seniormester

27. oktober 2005 - 20:00 #11

ok ;)

Synes godt om

peternn Nybegynder

27. oktober 2005 - 20:01 #12

screem brille: 1000 Tak................

Synes godt om

peternn Nybegynder

27. oktober 2005 - 20:02 #13

Ja tak til alle der har "tilgivet" mig.....

Synes godt om

peternn Nybegynder

27. oktober 2005 - 20:45 #14

Har lige prøvet igen, tror det lykkes. Er det her bedre

Logfile of HijackThis v1.99.1
Scan saved at 20:43:38, on 27-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\HL2\Steam.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
F:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\HL2\\Steam.exe -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128962734343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: msprint (printer) - Unknown owner - C:\WINDOWS\sprint32.exe (file missing)

Synes godt om

peternn Nybegynder

27. oktober 2005 - 21:04 #15

Kan det passe den er væk????????????????
Peternn

Synes godt om

kalp Novice

27. oktober 2005 - 22:05 #16

Du skal lige fikse disse i fejlsikret tilstand (med hijackthis igen)

O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: msprint (printer) - Unknown owner - C:\WINDOWS\sprint32.exe (file missing)

tryk start->kør og skriv "regedit"
Tryk filer->eksporter (laver lige en backup af registry)
Tryk rediger->søg og skriv "ipconfg32.exe"
slet alt den finder.
marker denne computer i regedit vinduet.
Tryk rediger->søg og skriv "mspathfinder"
slet alt den finder.
marker denne computer i regedit vinduet.
Tryk rediger->søg og skriv "sprint32.exe"
slet alt den finder.

Genstart normalt og ny log

Synes godt om

peternn Nybegynder

27. oktober 2005 - 22:12 #17

Jeg prøver :)

Synes godt om

peternn Nybegynder

27. oktober 2005 - 22:35 #18

Hej igen.
Der er 2 i mspathfinder der ikke vil slettes:
Standard Type:Reg_sz
NextInstance Type:Reg_Dword

Ellers her er den:

Logfile of HijackThis v1.99.1
Scan saved at 22:32:41, on 27-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\HL2\Steam.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
F:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\HL2\\Steam.exe -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128962734343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Synes godt om

kalp Novice

27. oktober 2005 - 22:43 #19

læs tilladelser i registry her
http://exp.dk/artikler/683
og slet de sidste.

genstart og ny log.

Synes godt om

peternn Nybegynder

28. oktober 2005 - 10:58 #20

Hej igen.
Den finder indet ved sprint32.exe og ipconfig32.exe. Ved mspathfinder vil den stadig ikke slette:standard Type:Reg_sz

Ny log:

Logfile of HijackThis v1.99.1
Scan saved at 10:57:37, on 28-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\HL2\Steam.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
F:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\HL2\\Steam.exe -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128962734343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Synes godt om

kalp Novice

28. oktober 2005 - 11:17 #21

Kommentar: kalp
27/10-2005 22:05:32

beder jeg deaktivere services, men fik du gjort det?

Synes godt om

peternn Nybegynder

28. oktober 2005 - 11:33 #22

Hvor sker det....

Synes godt om

kalp Novice

28. oktober 2005 - 15:21 #23

det her

tryk start->kør og skriv "regedit"
Tryk filer->eksporter (laver lige en backup af registry)
Tryk rediger->søg og skriv "ipconfg32.exe"
slet alt den finder.
marker denne computer i regedit vinduet.
Tryk rediger->søg og skriv "mspathfinder"
slet alt den finder.
marker denne computer i regedit vinduet.
Tryk rediger->søg og skriv "sprint32.exe"
slet alt den finder.

Synes godt om

kalp Novice

28. oktober 2005 - 15:22 #24

sorry

det her

Klik på Start->Kør skriv services.msc og klik OK.

Deaktiver disse services

msprint (printer) - Unknown owner
Microsoft Path Finder Service
WindowsSysBoot - Unknown owner

Synes godt om

peternn Nybegynder

29. oktober 2005 - 10:23 #25

Microsoft path finder og windowsSysBoot service er deaktiveret.
Kan ikke finde msprint derinde.!!

skal du bruge en ny log?

Synes godt om

kalp Novice

29. oktober 2005 - 10:28 #26

yes ny log nu:)

Synes godt om

peternn Nybegynder

29. oktober 2005 - 10:31 #27

her er den så...

Logfile of HijackThis v1.99.1
Scan saved at 10:29:52, on 29-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\HL2\Steam.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\iexplore.exe
F:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\HL2\\Steam.exe -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128962734343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Synes godt om

kalp Novice

29. oktober 2005 - 10:47 #28

okay så besværlige burde de ikke være.

har du scannet med denne scanner?
http://www.spywareinfo.dk/download/mwav.exe

hvis ikke så genstart i fejlsikret tilstand og scan med det. Slå den fulde opsætning til så den scanner alt.

Synes godt om

peternn Nybegynder

29. oktober 2005 - 10:52 #29

OK Jeg prøver :)

Synes godt om

peternn Nybegynder

29. oktober 2005 - 18:11 #30

Her er så hva' den siger:

Sat Oct 29 17:50:21 2005 => ***** Scanning complete. *****

Sat Oct 29 17:50:22 2005 => Total Number of Files Scanned: 43856
Sat Oct 29 17:50:22 2005 => Total Number of Virus(es) Found: 3
Sat Oct 29 17:50:22 2005 => Total Number of Disinfected Files: 0
Sat Oct 29 17:50:22 2005 => Total Number of Files Renamed: 0
Sat Oct 29 17:50:23 2005 => Total Number of Deleted Files: 1
Sat Oct 29 17:50:23 2005 => Total Number of Errors: 3
Sat Oct 29 17:50:23 2005 => Time Elapsed: 00:43:46
Sat Oct 29 17:50:23 2005 => Virus Database Date: 2005/10/25
Sat Oct 29 17:50:24 2005 => Virus Database Count: 156130

Sat Oct 29 17:50:24 2005 => Scan Completed.

Sat Oct 29 17:52:49 2005 => Virus Database Date: 2005/10/25
Sat Oct 29 17:52:49 2005 => Virus Database Count: 156130
Sat Oct 29 17:53:16 2005 => AV Library Unloaded (3)...

Synes godt om

peternn Nybegynder

29. oktober 2005 - 18:49 #31

Og hvis det skal bruges, en ny log... :)

Logfile of HijackThis v1.99.1
Scan saved at 18:48:51, on 29-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\HL2\Steam.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programmer\Internet Explorer\iexplore.exe
F:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\RunOnce: [RemoveTempFiles] C:\PROGRA~1\MUSICM~1\MUSICM~1\rundll32.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\mminstall.dll,_ExportRemDirAndContents@16 C:\WINDOWS\temp\mmjb_temp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\HL2\\Steam.exe -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128962734343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Synes godt om

kalp Novice

29. oktober 2005 - 20:28 #32

så nu prøver vi igen

tryk start->kør og skriv "regedit"
Tryk filer->eksporter (laver lige en backup af registry)
Tryk rediger->søg og skriv "ipconfg32.exe"
slet alt den finder.
marker denne computer i regedit vinduet.
Tryk rediger->søg og skriv "mspathfinder"
slet alt den finder.
marker denne computer i regedit vinduet.
Tryk rediger->søg og skriv "sprint32.exe"
slet alt den finder.

hvis ikke det virker denne gang så finder jeg lige en anden som evt. kan se hvorfor de ikke gider forsvinde.

husk det med tilladelser i registry

Synes godt om

peternn Nybegynder

29. oktober 2005 - 21:23 #33

Hey kalp, er ked af at det tager så lang tid, men 1000 tak for at du gider blive ved...(Skylder STORT.)

ipconfg32.exe:Intet..
mspathfinder:(standard) Reg_sz
sprint32.exe:Intet..

Ny log Måske!!!

Logfile of HijackThis v1.99.1
Scan saved at 21:22:56, on 29-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\HL2\Steam.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Internet Explorer\iexplore.exe
F:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\HL2\\Steam.exe -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128962734343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Synes godt om

kalp Novice

30. oktober 2005 - 10:56 #34

Det ser faktisk bedre ud nu.

Vi mangler kun

findes filen C:\WINDOWS\mspathfinder.exe ?

hvis ikke så må jeg jo lige finde ud af hvordan vi får slettet denne i registry.

mspathfinder:(standard) Reg_sz

Synes godt om

peternn Nybegynder

30. oktober 2005 - 11:12 #35

Nej den findes ikke, sorry

Synes godt om

johnstigers Seniormester

30. oktober 2005 - 11:21 #36

Undskyld jeg blander mig, men har du sat visning af skjulte filer til?

Synes godt om

kalp Novice

30. oktober 2005 - 11:22 #37

tryk start->kør og skriv "REGEDIT" og tryk så enter.
naviger hent til følgende punkt
HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services
i venstre side slet alt der hedder "mspathfinder"

Synes godt om

johnstigers Seniormester

30. oktober 2005 - 11:25 #38

http://ee.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=2&VName=WORM_SDBOT.CMJ

Synes godt om

peternn Nybegynder

30. oktober 2005 - 11:33 #39

Ja det har jeg, det med skjulte filer

Synes godt om

johnstigers Seniormester

30. oktober 2005 - 11:37 #40

ok - det er kommet et forslag, er det afprøvet????

Synes godt om

peternn Nybegynder

30. oktober 2005 - 11:38 #41

Hvordan ser det ud nu...

Logfile of HijackThis v1.99.1
Scan saved at 11:37:40, on 30-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Norman\bin\ZLH.EXE
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
D:\HL2\Steam.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Outlook Express\msimn.exe
F:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] "C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] D:\HL2\\Steam.exe -silent
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128962734343
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Synes godt om

peternn Nybegynder

30. oktober 2005 - 11:39 #42

Jeg prøver det nu....Er den der endnu

Synes godt om

johnstigers Seniormester

30. oktober 2005 - 11:41 #43

C:\WINDOWS\mspathfinder.exe er ikke i loggen - loggen ser ok ud, men gør som kalp siger :)

Synes godt om

kalp Novice

30. oktober 2005 - 11:43 #44

wow.. den var besværlig:P

men endelig lykkedes det!! Din log er fin nu:)

scan en enkelt gang med denne online scanner
http://housecall.trendmicro.com/housecall/start_corp.asp

slå systemgendannelse fra.. genstart og slå systemgendannelse til igen.

så er du færdig:)

Synes godt om

peternn Nybegynder

30. oktober 2005 - 11:44 #45

Der bliv slettet en mspathfinder i venstre side af REGEDIT, som du beskrev.

Synes godt om

peternn Nybegynder

30. oktober 2005 - 11:45 #46

Hvad med de der point, hvordan giver jeg dem.....

Synes godt om

johnstigers Seniormester

30. oktober 2005 - 11:45 #47

kalp> sidder her og undrer mig...
C:\WINDOWS\mspathfinder.exe - hvor har du fra at den findes i systemet?

Den eneste der har nævnt den fil er dig...???

Synes godt om

johnstigers Seniormester

30. oktober 2005 - 11:46 #48

peternn> marker hans navn i boksen til venstre og klik på accepter.

Synes godt om

kalp Novice

30. oktober 2005 - 11:50 #49

john_stigers >>

Den står i loggen som

O23 - Service: Microsoft Path Finder Service (mspathfinder) - Unknown owner - C:\WINDOWS\mspathfinder (file missing)

men ja der står ikke noget om det er en exe fil.. faktisk ligner det en mappe.
men mener aldrig at have set der står file missing ved en mappe:P

peternn >>

du må gerne se om du har en mappe som hedder

C:\WINDOWS\mspathfinder

og så slette den.. just in case

Synes godt om

johnstigers Seniormester

30. oktober 2005 - 11:53 #50

Tak :)

Synes godt om

peternn Nybegynder

30. oktober 2005 - 11:54 #51

ok, jeg checker, fik du de der point... Er SUPER glad for hjælpen 60p. er slet ikke nok......TAKKER OG TAKKER...Peternn

Synes godt om

peternn Nybegynder

30. oktober 2005 - 11:54 #52

Mappen er der ikke............

Synes godt om

kalp Novice

30. oktober 2005 - 11:56 #53

selv tak:)) jammen så er der ingen problemer..

udfør blot det jeg skrev til sidst, men den der online virus scanner
og så er der ikke mere:)

Synes godt om

kalp Novice

30. oktober 2005 - 11:56 #54

og ja jeg har fået point:)

Synes godt om

peternn Nybegynder

30. oktober 2005 - 11:58 #55

Scanner kører og 1000000000000000000000 TAK.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

10/04

Test: Denne mikro-pc er langt mere slagkraftig end den ser ud

10/04

SAS Institute rykker rundt i topledelsen: Her er selskabets nye danske landechef

10/04

Dansk AI-ekspert med ildevarslende spådom: "Vi er alle sammen på vej hen imod en stor sort mur, og vi aner ikke, hvad der findes på den anden side"

10/04

Nørgaard: Jeg er skuffet over Googles Gemini - og jeg har min egen forklaring på, hvorfor det er gået galt for Google

10/04

Først blev Teams smidt på porten – nu vil Frankrig også af med Windows

10/04

Nyt job til Danmarks bedste CISO: Får ansvaret for 64.000 ansatte

10/04

Flere hundredetusinder togrejsende ramt: Stjålne persondata sat til salg efter cyberangreb

10/04

Så meget får de danske it-konsulenter i løn: Næsten alle forventer mere i lønposen ved næsten lønforhandling

10/04

Her er 10 konkrete måder at måle på, om kunstig intelligens skaber værdi for dig

10/04

Microsoft sænker prisen på tre af sine cloud-løsninger med 20 procent

10/04

Kunstig intelligens i praksis – og uden hype

Vis flere artikler

IT-JOB

Qpurpose ApS

Hiring talented and senior software engineers

Det Kongelige Danske Kunstakademis Skoler

IT-konsulent til forskerstøtte søges til Det Kongelige Akademi - Arkitektur, Design, Konservering

Forsvarsministeriets Materiel- og Indkøbsstyrelse

Cyberdivisionen søger IT-Supporter til Svanemøllen

Netcompany A/S

Test Consultant

Jyske Bank

Forretningsudvikler til erhvervsområdet

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

45 min siden	Jeg kan ikke opdatere min iPad til ios 26.4.1. Af Bettina i Apps til iOS
I dag 08:32	Office pakke LTSC vs Retail? Af Don G i Office & Kontorpakker
I går 21:19	Lydindstilling Prosonic TV Af TageArent i Fjernsyn & projektorer
I går 15:37	Sort skærm Af mort1 i Windows
09/0412:32	iPadOS 26.4.1 kan ikke opdatere Af claes57 i Apps til iOS

White papers

Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf
Find den SOC-model, der virker i praksis
SecureDevice
Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf
Erfaringer fra frontlinjen: Sådan ændrer trusselsbilledet sig
Arctic Wolf

Flere white papers »