/
Forside
/
Teknologi
/
Operativsystemer
/
MS Windows
/
Spørgsmål
Login
Glemt dit kodeord?
Brugernavn
*
Kodeord
*
Husk mig
Brugerservice
Kom godt i gang
Bliv medlem
Seneste indlæg
Find en bruger
Stil et spørgsmål
Skriv et tip
Fortæl en ven
Pointsystemet
Kontakt Kandu.dk
Emnevisning
Kategorier
Alfabetisk
Karriere
Interesser
Teknologi
Reklame
Top 10 brugere
MS Windows
#
Navn
Point
1
Klaudi
76474
2
o.v.n.
67550
3
refi
58409
4
tedd
45557
5
Manse9933
45149
6
molokyle
40687
7
miritdk
38357
8
briani
27239
9
BjarneD
26414
10
pallebhan..
24310
Arlet
13-06-04 10:55
: lengberg
13-06-04 11:18
: eddie_skov
13-06-04 12:09
: lengberg
13-06-04 13:08
: eddie_skov
Arlet
Fra :
eddie_skov
Vist : 475 gange
100 point
Dato :
13-06-04 10:02
Hej Arlet vil du have ulejlighed med at tjekke den her
Logfile of HijackThis v1.97.7
Scan saved at 09:53:22, on 13-06-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\winrun.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\NoAds\NoAds.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL =
http://www.hotsearchbox.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Programmer\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Programmer\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [winrun] winrun.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ad Arrest] C:\Programmer\Ad Arrest IE Popup Killer\adarrest.exe
O4 - HKCU\..\Run: [NoAds] "C:\Programmer\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1084958687624
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8602608F-EECD-471F-9D3E-7638F332154E} -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1103.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37876.185
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) -
http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) -
http://81.19.245.211/speedtest/SpeedTest_2.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) -
https://online.danskebank.dk/netbank/activex/DanskeSikker.cab
Accepteret svar
Fra :
lengberg
Modtaget 110 point
Dato :
13-06-04 10:55
Jeg vil foreslå, du tager en onlinscan her:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WINUR.C
For den her er trojaner: winrun.exe
Og bliv opdateret:
http://v4.windowsupdate.microsoft.com/da/default.asp
Og hvis du ikke har kørt Spybot Og Adware, er det en god ide, og så lægge en frisk logfil her:
Spybot:
http://www.majorgeeks.com/download2471.html
Install, update, immunize and run. Fix all, marked with red
Adware:
http://www.lavasoftusa.com/support/download/#free
Go to Start > Programs > Lavasoft and click on AdAware 6 to open the program
Look at the icons on the top right of the page and click on the ‘world’ and let AdAware update the spyware reference list
Once the update is finished click on the ‘Gear’ icon (second from the left) to access the preferences/settings window
In the "General" window make sure the following are selected:
Automatically save log-file
Automatically quarantine objects prior to removal
Safe Mode (always request confirmation)
Click on the "Scanning" button on the left and select :
Scan Within Archives
Scan Active Processes
Scan Registry
Deep Scan Registry
Scan my IE favorites for banned URL’s
Scan my Hosts file
Under ‘Click here to select drives + folders, choose:
All of your hard drives
Click on the "Advanced" button on the left and select:
Include additional process information
Include additional file information
Include environment information
Include additional object details
Click the "Tweak" button and select:
Under the "Scanning Engine":
Unload recognized processes during scanning
Include basic Ad-aware settings in logfile
Include additional Ad-aware settings in logfile
Under the ‘Cleaning Engine’:
Let Windows remove files in use at next reboot
Click on "Proceed" to save the settings.
Click -Start- and on the next screen choose "Activate in-depth Scan" at the bottom of the page and then choose:
Use Custom Scanning Options
Click -Next- and AdAware will scan your hard drive(s) with the options you have selected.
After scan,put a checkmark to all what it find, then click "finish"
REBOOT
Godkendelse af svar
Fra :
eddie_skov
Dato :
13-06-04 11:18
Tak for svaret lengberg.
har fået fjernet C:\WINDOWS\System32\winrun.exe
Kommentar
Fra :
lengberg
Dato :
13-06-04 12:09
Fint
og takker. Var det den der drillede?
Kommentar
Fra :
eddie_skov
Dato :
13-06-04 13:08
Der var som ikke rigtig noget der drillede - var mere for at vide om der var noget på min maskine som ikke skulle være der *s*
Du har følgende muligheder
Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.
Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.
Søg
Alle emner
Teknologi
Operativsystemer
MS Windows
Indstillinger
Spørgsmål
Tips
Usenet
Reklame
Statistik
Spørgsmål :
177560
Tips :
31968
Nyheder :
719565
Indlæg :
6408952
Brugere :
218888
Månedens bedste
Årets bedste
Sidste års bedste
Copyright © 2000-2024 kandu.dk. Alle rettigheder forbeholdes.