CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

sbarfoed Nybegynder

02. december 2003 - 19:41 Der er 25 kommentarer og
1 løsning

Blaster Virus

Hej alle. Jeg fik at vide, jeg skulle oprette mit eget spørgsmål, i stedet for at "koble" mig på et andet. Beklager, er helt ny med det her. Nå, jeg har altså samme problem som mange andre med den lede Blaster, og har fulgt instrykserne fra de andre. Så her er listen fra HiJack this:
Logfile of HijackThis v1.97.7
Scan saved at 19:12:12, on 02-12-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svcinit.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~2\PESTPA~1\PPMemCheck.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchos1.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Protector Plus\PPServ.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Sidsel\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:///
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ultralinks.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\System32\DReplace.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~2\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~2\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [PP2000 Taskbar Control] C:\PROGRA~2\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [PP2000 InstaUpdate] C:\PROGRA~2\PROTEC~1\PPInupdt.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Configuration Loading] svchos1.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\RunServices: [Configuration Loading] svchos1.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab

Hvad skal jeg fjerne? Jeg har prøvet at fjerne svchost.ece som anvist i det andet spørgsmål, men jeg kan se, den stadig optager enormt meget plads i Running Processes under Task Manager, og systemet kører p.t. som en yoyo. Jeg beder alle om hjælp til dette, for jeg er bestemt ikke en computer-ekspert. På forhånd tak. Mvh. Sidsel

Synes godt om

fromsej Praktikant

02. december 2003 - 19:42 #1

Jeg går i gang med det samme.

Synes godt om

fromsej Praktikant

02. december 2003 - 20:00 #2

Hej Sidsel, det var godt du ikke fik slettet Svchost.exe, den er nemlig legal.
Den fil der optræder i den anden log som skal slettes hedder sCvhost.exe.

Deaktiver systemgendannelse:
http://www.spywarefri.dk/virus.htm#alle

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk <F8> når du genstarter)
slet filerne listet nederst.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ultralinks.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\System32\DReplace.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Configuration Loading] svchos1.exe
O4 - HKLM\..\RunServices: [Configuration Loading] svchos1.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

---------------------------------------
Slettes i fejlsikret.
C:\WINDOWS\System32\svcinit.exe
C:\WINDOWS\System32\svchos1.exe

Hvis du ikke kan finde dem så åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

---------------------------------------
Find win.ini, brug evt. Start=>Søg, åbn den i Notepad og slet linien:
run=C:\WINDOWS\System32\svcinit.exe

Genstart og kom med en ny logfil, så vi kan se om alt er med.

Synes godt om

sbarfoed Nybegynder

02. december 2003 - 20:30 #3

Jeg kan ikke finde win.ini! Har ellers slettet de to svc-filer som anvist, alt kører allerede bedre. Tak!

Synes godt om

fromsej Praktikant

02. december 2003 - 20:33 #4

Velbekomme, og tak for point. *S*
Hvis du ikke får en fejlmelding på "svcinit.exe" er der ingen grund til at rode i win.ini

For at holde skidtet ude af din PC, kan du hente flg. programmer:
Spywareblaster, Spywareguard, IE-Spyad og Empty Temp Folders, dem finder du, sammen med danske vejledninger her:
http://www.spywarefri.dk/vaerktoj.htm
Læs især om IE-Spyad, så du får det fulde udbytte af dette lille geniale program.
Hent Dcombobulator, og få lukket et sikkerhedshul mere, den finder du her sammen med en dansk brugervejledning.
http://www.spywarefri.dk/tipsogtricks.htm#DCom

Mvh:
Fromsej/Team Spywarefri.

Synes godt om

sbarfoed Nybegynder

02. december 2003 - 20:38 #5

Hej! Jeg var vist for tidligt ude.... Du får lige sidste nye version fra hijackthis:
Logfile of HijackThis v1.97.7
Scan saved at 20:38:35, on 02-12-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~2\PESTPA~1\PPMemCheck.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~2\PROTEC~1\PPTbc.EXE
C:\PROGRA~2\PROTEC~1\PPInupdt.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Protector Plus\PPServ.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Norton AntiVirus\NAVW32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sidsel\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:///
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ultralinks.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\System32\DReplace.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~2\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~2\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [PP2000 Taskbar Control] C:\PROGRA~2\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [PP2000 InstaUpdate] C:\PROGRA~2\PROTEC~1\PPInupdt.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Configuration Loading] svchos1.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\RunServices: [Configuration Loading] svchos1.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab

Mvh Sidsel

Synes godt om

fromsej Praktikant

02. december 2003 - 20:47 #6

Hmm, huskede du at deaktivere systemgendannelse, alle linierne er der endnu, fix dem igen, genstart og kom med en logfil mere.

Synes godt om

sbarfoed Nybegynder

02. december 2003 - 21:34 #7

Hej! Jeg er ved at fortvivle! Jeg har fjernet system-gendannelse, har tilladt vis skjulte filer, er gået ud af XP, ind på safe mode via F8, har vha Dr.Delete prøvet at slette scvhost.exe, men den siger noget om en NT Platform, og at det bliver fjernet ved reboot...Hvad gør jeg nu?!

Synes godt om

fromsej Praktikant

02. december 2003 - 22:45 #8

Du skal IKKE slette svchost.exe, det er en af de vigtigste filer overhovedet i windows, det er kun svcinit.exe og svchos1.exe du skal slette, og de er vist væk.

Synes godt om

velociware Nybegynder

03. december 2003 - 01:17 #9

Hejsa

Her er lidt yderligt info

Name : Svchost
File : Svchost.exe

Windows 2000/XP only. SVCHOST is a generic process which acts as a host for other processes running from DLLs. Depending on the configuration of your system there may be more than one instance of SVCHOST showing in the Task List.

Recommendation :
An integral part of the operating system, leave alone. If you experience SVCHOST errors, the problem is most likely not with SVCHOST but with the DLLs it is hosting.

Der er en yderlig som er lavet af nogle gutter fra realtime-spy.com

Name : Srv32Win (2)
File : Svchost.exe

Realtime-Spy keylogger (monitoring program

http://www.realtime-spy.com/

Også er der en snyder, den hedder bare SCVhost.exe men ligger samme sted som den rigtige SVChost.exe

Name : Config Loader (3)
File : scvhost.exe

POSSIBLE SPYWARE
Added as a result of the GAOBOT.AE VIRUS! Note - this is not the valid svchost.exe

Synes godt om

sbarfoed Nybegynder

03. december 2003 - 06:32 #10

Hej! Jeg har lige fået mail fra vores netværks-administrator, det ser ud til , at Blaster er væk, jubiii! Jeg er dog stadig forsigtig optimist, for jeg har haft denne Blaster i to måneder nu. Men foreløbig tusind tak for hjælpen!

Synes godt om

arlet Juniormester

03. december 2003 - 08:57 #11

Hvis du har gjort som fromsej har sagt og skrevet, behøver du ikke være forsigtig optimist, for så er den væk.

Hvis du lige smider en ny log herind, så vi kan se at alt er væk.

Synes godt om

sbarfoed Nybegynder

03. december 2003 - 20:29 #12

Hej igen.
Her er den nyeste log. Det ser ud som om, flere programmer er blevet påvirket, så jeg ikke kan åbne dem. Har jeg været for "heftig" med at fjerne filer?
Logfile of HijackThis v1.97.7
Scan saved at 20:27:41, on 03-12-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~2\PESTPA~1\PPMemCheck.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~2\PROTEC~1\PPTbc.EXE
C:\PROGRA~2\PROTEC~1\PPInupdt.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Protector Plus\PPServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Sidsel\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:///
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ultralinks.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~2\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~2\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [PP2000 Taskbar Control] C:\PROGRA~2\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [PP2000 InstaUpdate] C:\PROGRA~2\PROTEC~1\PPInupdt.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab

Synes godt om

fromsej Praktikant

04. december 2003 - 16:24 #13

Deaktiver systemgendannelse:
http://www.spywarefri.dk/virus.htm#alle

Find og fjern P2P networking med Tilføj/Fjern programmer.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret(Tryk <F8> under opstart) og slet filerne listet nederst.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ultralinks.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
---------------------------------------
Genstart og kom med en ny logfil, så vi kan se om alt er med.

Inden du kommer med logfilen, vil jeg gerne have dig til at onlinescanne for virus her:
http://www.pandasoftware.com/activescan/com/default.asp?language=2&Country=63&Partner=1&Ref=PR-AS-107

Synes godt om

fromsej Praktikant

04. december 2003 - 16:26 #14

Se lige bort fra genstart i fejlsikret, gør i stedet det at du genstarter i fejlsiket inden du starter Hijackthis igen, og fix linierne derfra.

Synes godt om

sbarfoed Nybegynder

04. december 2003 - 22:19 #15

Hej fromsej.
Er det også virus? Det er bare fordi nogle af linjerne ser ud til at være fra nogle helt andre programmer, vi har. Jeg kan desværre ikke nå at gøre noget ved det i aften. Mvh. S. Barfoed

Synes godt om

fromsej Praktikant

05. december 2003 - 10:24 #16

Det er spyware og mulige browserhijackere, altså et program der ændrer din startside, og sender dig andre steder hen end du selv ønsker, samt sender oplysninger om din færden til reklamefirmaer.

Synes godt om

sbarfoed Nybegynder

06. december 2003 - 12:27 #17

Hej Fromsej.
Så har jeg fjernet de sidste filer du skrev om. Endnu en gang tak for hjælpen!
Logfile of HijackThis v1.97.7
Scan saved at 12:25:24, on 06-12-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~2\PESTPA~1\PPMemCheck.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~2\PROTEC~1\PPTbc.EXE
C:\PROGRA~2\PROTEC~1\PPInupdt.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Protector Plus\PPServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Documents and Settings\Sidsel\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
F1 - win.ini: run=C:\WINDOWS\system32\ .bat;C:\WINDOWS\system32\ .exe;C:\WINDOWS\system32\ .com;C:\WINDOWS\system32\ .scr;C:\WINDOWS\system32\ .vbs;C:\WINDOWS\ .bat;C:\WINDOWS\ .exe;C:\WINDOWS\ .com;C:\WINDOWS\ .scr;C:\WINDOWS\ .vbs;C:\WINDOWS\System32\Wbem\ .bat;C:\WINDO
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~2\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~2\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [PP2000 Taskbar Control] C:\PROGRA~2\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [PP2000 InstaUpdate] C:\PROGRA~2\PROTEC~1\PPInupdt.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab

Synes godt om

fromsej Praktikant

06. december 2003 - 13:25 #18

Den linie her kan jeg altså ikke lide:
F1 - win.ini: run=C:\WINDOWS\system32\ .bat;C:\WINDOWS\system32\ .exe;C:\WINDOWS\system32\ .com;C:\WINDOWS\system32\ .scr;C:\WINDOWS\system32\ .vbs;C:\WINDOWS\ .bat;C:\WINDOWS\ .exe;C:\WINDOWS\ .com;C:\WINDOWS\ .scr;C:\WINDOWS\ .vbs;C:\WINDOWS\System32\Wbem\ .bat;C:\WINDO

I er nødt til at tjekke Win.ini, for der må være noget galt med den, kopiér den evt. herind.

For at holde skidtet ude af din PC, kan du hente flg. programmer:
Spywareblaster, Spywareguard, IE-Spyad og Empty Temp Folders, dem finder du, sammen med danske vejledninger her:
http://www.spywarefri.dk/vaerktoj.htm
Læs især om IE-Spyad, så du får det fulde udbytte af dette lille geniale program.
Hent Dcombobulator, og få lukket et sikkerhedshul mere, den finder du her sammen med en dansk brugervejledning.
http://www.spywarefri.dk/tipsogtricks.htm#DCom

Mvh:
Fromsej/Team Spywarefri.

Synes godt om

sbarfoed Nybegynder

08. december 2003 - 18:17 #19

Jeg tror, jeg har to ini-filer, én som hedder SBWIN og én som hedder WIN. Hvordan kopierer jeg dem hertil, er det bare teksten? Desuden kan jeg ikke se, nogen af dem ligner de linjer som står i HiJackThis... Mvh. S. Barfoed

Synes godt om

fromsej Praktikant

08. december 2003 - 18:19 #20

Bare teksten fra Win.ini.*S*

Synes godt om

sbarfoed Nybegynder

08. december 2003 - 21:42 #21

Her er den, jeg håber, det er den rigtige. Mvh. S. Barfoed

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMC=1
CMCDLLNAME=mapi.dll
CMCDLLNAME32=mapi32.dll
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
ivf=MPEGVideo2
m1v=MPEGVideo
m3u=MPEGVideo2
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo2
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo2
wm=MPEGVideo2
wma=MPEGVideo2
wmp=MPEGVideo2
wmv=MPEGVideo2
wmx=MPEGVideo2
wvx=MPEGVideo2
wpl=MPEGVideo
[IRIS_IPE]
menu=1
[Readiris]
Scanner32=Twaino38,22

Synes godt om

fromsej Praktikant

09. december 2003 - 07:09 #22

Det var den rigtige.
Fix den her linie, genstart og ny logfil.
F1 - win.ini: run=C:\WINDOWS\system32\ .bat;C:\WINDOWS\system32\ .exe;C:\WINDOWS\system32\ .com;C:\WINDOWS\system32\ .scr;C:\WINDOWS\system32\ .vbs;C:\WINDOWS\ .bat;C:\WINDOWS\ .exe;C:\WINDOWS\ .com;C:\WINDOWS\ .scr;C:\WINDOWS\ .vbs;C:\WINDOWS\System32\Wbem\ .bat;C:\WINDO

Synes godt om

sbarfoed Nybegynder

09. december 2003 - 07:57 #23

Ej forstået, skal jeg fjerne den, eller tilføje den i Win.ini?

Synes godt om

fromsej Praktikant

09. december 2003 - 12:03 #24

Du skal fjerne den med Hijackthis.*S*

Synes godt om

sbarfoed Nybegynder

09. december 2003 - 18:34 #25

Hermed den nyeste HiJackThis-log:
Logfile of HijackThis v1.97.7
Scan saved at 18:33:43, on 09-12-2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~2\PESTPA~1\PPMemCheck.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~2\PROTEC~1\PPTbc.EXE
C:\PROGRA~2\PROTEC~1\PPInupdt.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Protector Plus\PPServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Documents and Settings\Sidsel\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~2\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~2\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [PP2000 Taskbar Control] C:\PROGRA~2\PROTEC~1\PPTbc.EXE
O4 - HKLM\..\Run: [PP2000 InstaUpdate] C:\PROGRA~2\PROTEC~1\PPInupdt.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab

Mvh S. Barfoed

Synes godt om

fromsej Praktikant

09. december 2003 - 20:16 #26

Fix lige de to her med Hijackthis, når de er væk er du ren.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = C:\WINDOWS\system32\searchbar.html
O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - (no file)

For at holde skidtet ude af din PC, kan du hente flg. programmer:
Spywareblaster, Spywareguard, IE-Spyad og Empty Temp Folders, dem finder du, sammen med danske vejledninger her:
http://www.spywarefri.dk/vaerktoj.htm
Læs især om IE-Spyad, så du får det fulde udbytte af dette lille geniale program.
Hent Dcombobulator, og få lukket et sikkerhedshul mere, den finder du her sammen med en dansk brugervejledning.
http://www.spywarefri.dk/tipsogtricks.htm#DCom

Mvh:
Fromsej/Team Spywarefri.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
pop up black friday Af Malm i Virus	10	22/11/202420:49	23/11/202410:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS