CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede dat01x02 Nybegynder
28. december 2004 - 12:21 Der er 10 kommentarer og
1 løsning

Hjælp til HiJackThis LOG fil

Jeg er ret sikker på at have fået virus eller noget Blaster, er der nogen der vil tjekke min HiJackThis log fil?
Tak.

Logfile of HijackThis v1.99.0
Scan saved at 12:17:26, on 28-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\winxsaver.exe
C:\WINDOWS\System32\klsuicbn.exe
C:\WINDOWS\System32\lsass2.exe
C:\WINDOWS\System32\windnsd.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool.exe
C:\WINDOWS\system\lsvchost.exe
C:\WINDOWS\System32\crsss.exe
C:\Programmer\Web_Rebates\WebRebates0.exe
C:\temp\salm.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\mshelp32.exe
C:\WINDOWS\System32\msgrsv32.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\WINDOWS\System32\iexplorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Web_Rebates\WebRebates1.exe
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
C:\PROGRA~1\COMMON~1\tsa\ts2.exe
C:\Programmer\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
C:\WINDOWS\System32\sndloader.exe
C:\Documents and Settings\susanne\Skrivebord\AntiVirus\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=155574
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=155574
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=155574
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://go.compaq.com/2Q00CPT/0406/bF7.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/2Q00CPT/0406/bF7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem302.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Window Screen Saver] winxsaver.exe
O4 - HKLM\..\Run: [Printer Services] spool.exe
O4 - HKLM\..\Run: [.mscdsr] C:\WINDOWS\system\lsvchost.exe
O4 - HKLM\..\Run: [Sound Loader] sndloader.exe
O4 - HKLM\..\Run: [Windows media service] crsss.exe
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [NDIS Adapter] lsass2.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmer\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [kpghkl] C:\WINDOWS\kpghkl.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\smmaihgl.exe
O4 - HKLM\..\Run: [svshost32] C:\WINDOWS\System32\msgrsv32.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Task manager] iexplorer.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\rrezxve.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\RunServices: [Window Screen Saver] winxsaver.exe
O4 - HKLM\..\RunServices: [Printer Services] spool.exe
O4 - HKLM\..\RunServices: [Sound Loader] sndloader.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] lsass2.exe
O4 - HKLM\..\RunServices: [Windows DNS Daemon] windnsd.exe
O4 - HKLM\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\RunServices: [Task manager] iexplorer.exe
O4 - HKLM\..\RunOnce: [Window Screen Saver] winxsaver.exe
O4 - HKLM\..\RunOnce: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] lsass2.exe
O4 - HKLM\..\RunOnce: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Screen Saver] winxsaver.exe
O4 - HKCU\..\Run: [Printer Services] spool.exe
O4 - HKCU\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKCU\..\Run: [NDIS Adapter] lsass2.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKCU\..\Run: [Task manager] iexplorer.exe
O4 - HKCU\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] lsass2.exe
O4 - HKCU\..\RunOnce: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\RunOnce: [WinAC v4] klsuicbn.exe
O4 - HKCU\..\RunOnce: [Window Screen Saver] winxsaver.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Web Rebates - file://C:\Programmer\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=cd2fbe64bf91b4428c08390455b592e94f7eec43abbf0b8d6f2ce3602feaed959657b3f15b6842e0c23d92d15a71da3103fcbc411a1345372ee2843e8165b44272:1cd0efda5339ac97bbda8f616b0d1788
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINDOWS\System32\Jpjoqa32.dll
O23 - Service: CA License Client - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto Protect - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Sound Loader - Unknown - C:\WINDOWS\System32\sndloader.exe
Avatar billede arlet Juniormester
28. december 2004 - 12:25 #1
Hvorfor tror du det*G*

Ja, der er meget snavs..


Hent og kør spybot herfra: http://www.arlet.dk/spywarescanner.htm
scan hele computeren og slet alt hvad den finder

----------------------------------------------------------

Hent og kør denne scanner fra Kaspersky : http://www.spywareinfo.dk/download/mwav.exe
Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files
Og så trykker du på Scan Clean

genstart og ny hijackthis log
Avatar billede dat01x02 Nybegynder
28. december 2004 - 14:34 #2
Har nu kørt spybot, den fandt og slettede 43 emner.
Har også kørt scanneren fra Kaspersky, fandt 123 viruser.
Men når jeg nu har genstartet maskinen, så fryser den og jeg kan ikke komme til at lave en ny HiJackThis log fil.
Hvad gør jeg nu? ;-)
Avatar billede dat01x02 Nybegynder
28. december 2004 - 14:44 #3
Har prøvet at lave en HiJackThis log fil i SAVE mode:

Logfile of HijackThis v1.99.0
Scan saved at 14:40:15, on 28-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\susanne\Skrivebord\AntiVirus\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/0406/bF8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/2Q00CPT/0406/bF7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Printer Services] spool.exe
O4 - HKLM\..\Run: [Sound Loader] sndloader.exe
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmer\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [kpghkl] C:\WINDOWS\kpghkl.exe
O4 - HKLM\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\Run: [svshost32] C:\WINDOWS\System32\msgrsv32.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\RunServices: [Printer Services] spool.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] lsass2.exe
O4 - HKLM\..\RunServices: [Microsoft Help System] mshelp32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=cd2fbe64bf91b4428c08390455b592e94f7eec43abbf0b8d6f2ce3602feaed959657b3f15b6842e0c23d92d15a71da3103fcbc411a1345372ee2843e8165b44272:1cd0efda5339ac97bbda8f616b0d1788
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O23 - Service: CA License Client - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto Protect - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
Avatar billede arlet Juniormester
28. december 2004 - 17:18 #4
Du har både etrust og norton installeret som antivirusprogrammer. Det er ikke godt.

Slet det ene..


Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/0406/bF8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/2Q00CPT/0406/bF7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&ac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks

O4 - HKLM\..\Run: [Printer Services] spool.exe
O4 - HKLM\..\Run: [Sound Loader] sndloader.exe
O4 - HKLM\..\Run: [WinAC v4] klsuicbn.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmer\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [kpghkl] C:\WINDOWS\kpghkl.exe
O4 - HKLM\..\Run: [Microsoft Help System] mshelp32.exe
O4 - HKLM\..\Run: [svshost32] C:\WINDOWS\System32\msgrsv32.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\RunServices: [Printer Services] spool.exe
O4 - HKLM\..\RunServices: [Windows media service] crsss.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] lsass2.exe
O4 - HKLM\..\RunServices: [Microsoft Help System] mshelp32.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=cd2fbe64bf91b4428c08390455b592e94f7eec43abbf0b8d6f2ce3602feaed959657b3f15b6842e0c23d92d15a71da3103fcbc411a1345372ee2843e8165b44272:1cd0efda5339ac97bbda8f616b0d1788
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab



--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

--------------------------------------------------------------------

Find og slet manuelt i fejlsikret(f8 ved opstart):


C:\Programmer\Web_Rebates<-hele mappen
C:\WINDOWS\kpghkl.exe
C:\WINDOWS\System32\msgrsv32.exe
C:\Program Files\Windows ControlAd<-hele mappen

----------------------

c:\temp<- tøm hele mappen

-------------------------

Gå i søg og søg efter:
spool.exe
sndloader.exe
klsuicbn.exe
mshelp32.exe
crsss.exe
lsass2.exe

----------------------------------------------------------

Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Avatar billede dat01x02 Nybegynder
28. december 2004 - 18:21 #5
Så ser HiJackThis log filen sådan ud:
Jeg fandt en fil der hed winspool.exe i c:\windows\system32 skal den også slettes?

Logfile of HijackThis v1.99.0
Scan saved at 18:17:37, on 28-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\susanne\Skrivebord\AntiVirus\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://go.compaq.com/2Q00CPT/0406/bF7.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/2Q00CPT/0406/bF7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Printer Services] spool.exe
O4 - HKCU\..\Run: [NDIS Adapter] lsass2.exe
O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [Task manager] iexplorer.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Web Rebates - file://C:\Programmer\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O23 - Service: CA License Client - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
Avatar billede arlet Juniormester
28. december 2004 - 19:29 #6
Jeg fandt en fil der hed winspool.exe i c:\windows\system32 skal den også slettes? NEJ..

Fix i hijackthis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

O4 - HKCU\..\Run: [Printer Services] spool.exe
O4 - HKCU\..\Run: [NDIS Adapter] lsass2.exe
O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe
O4 - HKCU\..\Run: [Task manager] iexplorer.exe

O8 - Extra context menu item: Web Rebates - file://C:\Programmer\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

genstart og ny log
Avatar billede dat01x02 Nybegynder
28. december 2004 - 19:46 #7
En ny log fil:

Logfile of HijackThis v1.99.0
Scan saved at 19:44:25, on 28-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\susanne\Skrivebord\AntiVirus\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://go.compaq.com/2Q00CPT/0406/bF7.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/2Q00CPT/0406/bF7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Programmer\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O23 - Service: CA License Client - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Programmer\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
Avatar billede arlet Juniormester
28. december 2004 - 19:51 #8
Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse (http://www.arlet.dk/systemgendannelsen.htm) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm
Avatar billede dat01x02 Nybegynder
28. december 2004 - 19:53 #9
Mange tak for hjælpen, håber der går lang tid inden jeg skal sådan en tur igennem igen ;-)
Avatar billede arlet Juniormester
28. december 2004 - 19:56 #10
Hvis du kigger meget grundigt på min sikkerhe3dspakke, så skulle det ikke ske igen.

Men det kræver du installer de programmer jeg anbefaler..
Avatar billede dat01x02 Nybegynder
28. december 2004 - 20:02 #11
Det vil jeg helt sikkert gøre.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 09:49 Indtogs sejlads : OL i Paris : Hvornår kom Danmark ? Af Ikke-ekspert i Fri debat
I dag 03:28 Inkasso som privat? Af lekor adams i Fri debat
I går 23:51 Frossen cursor Af goglov i PC
I går 13:34 har 4 -5 år gammel 4G ruter et eller kinesisk mærke Af Novice-1 i Routere & Switches
I går 10:18 MSI Vector kan ikke installere ny Windows 11 Af Bruno Nissen i PC
White papers
Flere white papers »


Premium
Teaser billede
Nordjyske MapsPeople ruster op til opkøb af konkurrenter: "Vi vil vinde det her kapløb"
Læs mere »
Microsoft tager til genmæle: Vores licenspraksis skaber ikke unfair konkurrence
Færre unge studerende på landets it-uddannelser: "Vi afviser dem der, hvor de har lyst til at læse"
Overblik: Sådan forløb årets største databrud - mindst 165 organisationer ramt
Se alle »
Computerworld
Teaser billede
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Læs mere »
Apples spritnye app til kodeord kommer til iOS 18: Sådan virker den
Med SearchGPT har verden fået en spritny søgemaskine: Kan den true Googles dominans?
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Se alle »
CIO
Teaser billede
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Læs mere »
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Microsoft kaster milliardbeløb efter nye tiltag til partnerprogrammet: Partnerne kan nu tjene endnu flere penge
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Se alle »
White paper
Teaser billede
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
Læs mere »
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Sådan: Sikker, hurtig og fleksibel storage til dine kritiske data
Sådan høster du forretningsfordelene ved Internet of Things
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »