Avatar billede rammy Nybegynder
17. maj 2010 - 21:31 Der er 13 kommentarer og
1 løsning

Inficeret Explorer? HiJackThis logfil.

Hej,

Håber i kan hjælpe. Mit problem består i at Internet Explore ( uden af jeg har åbnet det ) popper op med en eller flere reklamer og det er helt spontant. Jeg frygter det er noget malware :(

Jeg har kørt fuldt system-scan med "Comodo Internet Security Free" og den gratis version af "AD-ware". Der kom et par hits og de er hermed sat i quarantine. Mit system er Windows 7.

Håber virkelig der er nogle der kan hjælpe så jeg ikke skal igang med en fuldstændig re-install af OS for at være sikker :/

HiJackThis logfil:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:20, on 17-05-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\Clisia.exe
C:\Users\ADMINI~1\AppData\Local\Temp\Csx.exe
C:\Users\Administrator\AppData\Local\Temp\khvcol.exe
D:\Program Files\SpeedFan\speedfan.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Administrator\Desktop\HiJackThis.exe
c:\lsass.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [22123] C:\Users\Administrator\AppData\Local\Temp\khvcol.exe
O4 - HKLM\..\Policies\Explorer\Run: [rf4qy] C:\Users\ADMINI~1\AppData\Local\Temp\b8n8nse.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SpeedFan.lnk = D:\Program Files\SpeedFan\speedfan.exe
O4 - Startup: svchost.exe
O4 - Global Startup: COMODO Internet Security.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193 (idsvc) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5505 bytes
Avatar billede johnstigers Seniormester
17. maj 2010 - 21:40 #1
Hent Ccleaner her > Klik ude til højre på "Download Latest Version".
http://www.filehippo.com/download_ccleaner/
Der er en manual her > http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Der er en lille forskel "Problemer" er udskiftet med "Register".
Sæt de flueben som vist i manualen punkt 11 inden du kører "Renser".
PS.: Dette program vil  jeg anbefale dig at beholde, det er fremragende til at rydde op med.

Under installationen får du tilbudt [Yahoo Toolbar]. Sig "Nej"  til den.
Lad programmer foretage en oprydning i Renser og Register, og lad den slette det den finder.
Jeg skal ikke se log fra Ccleaner.



Hent Malwarebytes Anti-Malware herfra:
http://www.malwarebytes.org/mbam-download.php
Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Manual for HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

Hent Hijackthis her: http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

PS: Vistabrugere skal klikke med højre-musetast på filen og vælge (Kør som administrator)
Avatar billede rammy Nybegynder
17. maj 2010 - 21:50 #2
Ok. Jeg går igang med det samme og vender poster igen så snart den er færdig med de forskellige scans.
Avatar billede rammy Nybegynder
17. maj 2010 - 23:51 #3
Så har jeg gjort som du har sagt og her er resultatet.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4110

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17-05-2010 23:45:54
mbam-log-2010-05-17 (23-45-54).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|H:\|)
Objekter skannet: 607463
Tid gået: 1 time(e), 43 minut(ter), 48 sekund(er)

Hukommelses Processorer Inficeret: 2
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 10
Registreringsdatabaseværdier Inficeret: 1
Registreringsdatabasedata Objekter Inficeret: 1
Inficerede Mapper: 0
Inficerede Filer: 30

Hukommelses Processorer Inficeret:
c:\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\AKM Antivirus 2010 Pro (Rogue.AKMAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Rogue.APManager) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\Users\Administrator\apikndss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\owcsaxnmer.exe (Rogue.APManager.Gen) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Local\Temp\Csv.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Program Files\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Windows\System32\apikndss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\cooper.mine (Worm.Pinit) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\yrrjv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\nmklo.dll (Trojan.Agent) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\b8n8nse.exe (Trojan.Agent) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\download.exe (Trojan.FraudTool) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\fwelcx[1].htm (Trojan.Downloader) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\gotnewupdate000[1].exe (Malware.Packer.Gen) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\imiyus.exe (Trojan.Agent) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\imwaic[1].htm (Trojan.Agent) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\vbmqttjtssd.exe (Rogue.AntispywareSoft) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\wgvyd.exe (Rogue.AntispywareSoft) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\xv4[1].txt (Trojan.Agent) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\yptozgozmu[1].htm (Rogue.AntispywareSoft) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\nscrewmxao.exe (Trojan.Downloader) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\regedit.exe (Trojan.Agent) -> Delete on reboot.
D:\Program Files\COMODO\COMODO Internet Security\Quarantine\rvqxfn[1].htm (Trojan.Downloader) -> Delete on reboot.
H:\ISO\Programs\Alcohol 120% v1.9.5.3105\7824\keygen.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\System32\h7t.wt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\hgtd.ruy (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Administrator\AppData\Roaming\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:46, on 17-05-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Administrator\AppData\Local\Temp\khvcol.exe
D:\Program Files\COMODO\COMODO Internet Security\cfp.exe
D:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
D:\Program Files\HiJackThis\HiJackThis.exe
c:\lsass.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [13330] C:\Users\Administrator\AppData\Local\Temp\khvcol.exe
O4 - HKLM\..\Policies\Explorer\Run: [rf4qy] C:\Users\ADMINI~1\AppData\Local\Temp\b8n8nse.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SpeedFan.lnk = D:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: COMODO Internet Security.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193 (idsvc) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5039 bytes
Avatar billede f-arn Guru
18. maj 2010 - 00:21 #4
Bortset fra en masse andet kan jeg ikke li'
c:\lsass.exe
18. maj 2010 - 00:28 #5
Samt ->

O4 - HKLM\..\Run: [13330] C:\Users\Administrator\AppData\Local\Temp\khvcol.exe
O4 - HKLM\..\Policies\Explorer\Run: [rf4qy] C:\Users\ADMINI~1\AppData\Local\Temp\b8n8nse.exe

???

Du/I fortsætter bare ...
Avatar billede f-arn Guru
18. maj 2010 - 00:33 #6
Jeg stopper her. Dette er jo john_stigers tråd.
Avatar billede rammy Nybegynder
18. maj 2010 - 00:53 #7
Kom endelig med input?
Avatar billede rammy Nybegynder
18. maj 2010 - 00:54 #8
Jeg kan ikke få lov til at slette khvcol.exe
Avatar billede rammy Nybegynder
18. maj 2010 - 01:23 #9
Nu fik jeg da khvcol.exe væk med RegRun...
Avatar billede rammy Nybegynder
18. maj 2010 - 08:21 #10
Jeg tager en re-install af windows.  Nu er jeg nemlig også begyndt at få BSOFD ( acpi.sys )...
Avatar billede johnstigers Seniormester
18. maj 2010 - 18:57 #11
Har du reinstalleret?
Hvis ja, så gider jeg ikke skrive mere :)
Avatar billede rammy Nybegynder
18. maj 2010 - 20:57 #12
Ja, det har jeg for det blev for uoverskueligt. Men tak for din hjælp og kan du ikke poste et indlæg som et svar så du dak få point?
Avatar billede johnstigers Seniormester
18. maj 2010 - 21:26 #13
Kom jo egentlig ikke i gang med at rense din pc for snavs, så vi kan vel bare dele :)
Avatar billede rammy Nybegynder
18. maj 2010 - 21:55 #14
Nej, men det er ok.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester