Søg
Avatar billede reino Nybegynder
02. juli 2004 - 10:15 Der er 13 kommentarer og
1 løsning

CWS Hijacked

Hejsa

Er stødt på en ny variant af CWS, adware tager den men så snart man starter en ny browser op er den der igen. Har også prøvet at køre spybot search and destroy , den tager den heller ikke.

Nogen der har en ide til hvad man kan gøre, er gået lidt kold..

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ServGate\ServGate VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ServGate\ServGate VPN Client\IPSecMon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\SISTRAY.EXE
C:\Programmer\Mouse\Amoumain.exe
C:\WINDOWS\System32\khooker.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\usrbridg.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\atlcu32.exe
C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
C:\WINDOWS\system32\sysuz.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thomas\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nfhzh.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nfhzh.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nfhzh.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nfhzh.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nfhzh.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nfhzh.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {401249DD-FC9A-788E-2A42-6F9CF15DDAD5} - C:\WINDOWS\apppb32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1601.0\da\msntb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\SISTRAY.EXE
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [atlcu32.exe] C:\WINDOWS\system32\atlcu32.exe
Avatar billede andersenph Nybegynder
02. juli 2004 - 10:19 #1
Nu skal jeg være der :O)

Jeg har en god ide. Giv mig lige et par minutter...
Avatar billede andersenph Nybegynder
02. juli 2004 - 10:23 #2
Jeg mangler toppen af loggen, så jeg kan se dit styresysten og opdateringer.
Send lige en ny _hel_ log ind...
Avatar billede reino Nybegynder
02. juli 2004 - 10:26 #3
Oki, den får du her:

Logfile of HijackThis v1.97.7
Scan saved at 10:26:04, on 02-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ServGate\ServGate VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ServGate\ServGate VPN Client\IPSecMon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\SISTRAY.EXE
C:\Programmer\Mouse\Amoumain.exe
C:\WINDOWS\System32\khooker.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\usrbridg.exe
C:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\atlcu32.exe
C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
C:\WINDOWS\system32\sysuz.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thomas\Skrivebord\HijackThis.exe
C:\Programmer\UltraEdit\uedit32.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thomas\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nfhzh.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nfhzh.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nfhzh.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nfhzh.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nfhzh.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nfhzh.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {401249DD-FC9A-788E-2A42-6F9CF15DDAD5} - C:\WINDOWS\apppb32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1601.0\da\msntb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\SISTRAY.EXE
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [atlcu32.exe] C:\WINDOWS\system32\atlcu32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: ServGate VPN Client.lnk = C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
Avatar billede andersenph Nybegynder
02. juli 2004 - 10:30 #4
Hent dette program:
http://hsremove.bravehost.com/
Du skal trykke F5 når du klikker på linket.
Installer programmet og anvend det. Du skal lige være klar over at din startside bliver ændret til bravehost.com, men den kan du ændre bagefter til hvad du nu plejer at have. Det er ikke en ny hijacker.
Genstart og giv mig en ny log til kontrol
Avatar billede reino Nybegynder
02. juli 2004 - 10:51 #5
Hej igen,

oki, har fulgt dine instrukser men den er der stadigvæk. Hermed 2 logfiler, den 1. logfil er inden jeg startede IE den anden efter jeg havde startet den:

Logfile of HijackThis v1.97.7
Scan saved at 10:48:08, on 02-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ServGate\ServGate VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SISTRAY.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ServGate\ServGate VPN Client\IPSecMon.exe
C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\usrbridg.exe
C:\Documents and Settings\Thomas\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {401249DD-FC9A-788E-2A42-6F9CF15DDAD5} - C:\WINDOWS\apppb32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\SISTRAY.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: ServGate VPN Client.lnk = C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)


Nr. 2:

Logfile of HijackThis v1.97.7
Scan saved at 10:48:56, on 02-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ServGate\ServGate VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SISTRAY.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ServGate\ServGate VPN Client\IPSecMon.exe
C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\system32\mssw32.exe
C:\WINDOWS\system32\ntyq.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thomas\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gxaae.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gxaae.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gxaae.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {401249DD-FC9A-788E-2A42-6F9CF15DDAD5} - C:\WINDOWS\apppb32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\SISTRAY.EXE
O4 - HKLM\..\Run: [ntyq.exe] C:\WINDOWS\system32\ntyq.exe
O4 - HKLM\..\RunOnce: [mssw32.exe] C:\WINDOWS\system32\mssw32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: ServGate VPN Client.lnk = C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
Avatar billede andersenph Nybegynder
02. juli 2004 - 10:52 #6
Godt nok, så gør vi bare noget andet.
2 minutter...
Avatar billede andersenph Nybegynder
02. juli 2004 - 10:55 #7
Det er en ny hijacker vi skal have fjernet.

Hvis ikke du har dem så:
Hent og opdater Ad-Aware: http://www.spywarefri.dk/vaerktoj.htm#adaware
Hent og opdater CWShredder: http://www.spywareinfo.com/~merijn/files/CWShredder.exe

Først opretter du en mappe kun til hijackthis og lægger programmet derover. Så har vi nemlig styr på backup filerne.
Kommer du til at slette noget forkert, kan vi altid komme tilbage og lave en restore. Derfor skal Hijack have sin egen mappe.

Første vigtige punkt er at slå systemgendannelsen fra. Højreklik på Denne Computer på skrivebordet, vælg Egenskaber og fanebladet Systemgendannelse og sæt flueben i Deaktiver systemgendannelse. Klik ok og genstart.
Ellers genskabes alt hvad vi fjerner.

Genstart fejlsikret tilstand. Du trykker f8 nogle gange når Windows starter op.

Derefter skal du åbne Hijackthis.
Du skal vinge disse filer af, jeg har beskrevet nedenunder.
Når du har gjort det så lukker du alle andre vinduer ned.

Fix disse med Hijackthis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gxaae.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gxaae.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gxaae.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [ntyq.exe] C:\WINDOWS\system32\ntyq.exe
O4 - HKLM\..\RunOnce: [mssw32.exe] C:\WINDOWS\system32\mssw32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?

Åbn en tilfældig mappe, klik på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Søg og slet:
C:\WINDOWS\system32\mssw32.exe
C:\WINDOWS\system32\ntyq.exe
C:\WINDOWS\gxaae.dll

Nu kører du en scanning med Ad-Aware og CWShredder og fjerner, hvad de finder.

Angående CWShredder:
Pak zipfilen ud i en mappe.
Kør programmet, tjek for updates, afbryd din internetforbindelse fysisk (stikket ud), luk alle vinduer undtaget CWShredder, klik på Fix, den scanner nu, når den er færdigt klik på Next, klik på Exit.

Genstart og ny log til kontrol.
Avatar billede reino Nybegynder
02. juli 2004 - 12:07 #8
Hej igen, har nu gjort som du har beskrevet, dog uden held. Hermed logs som sidste + fra adware. Iøvrigt, disse filer kunne ikke findes på computeren:C:\WINDOWS\system32\ntyq.exe C:\WINDOWS\gxaae.dll:

Hijackthis før start af IE:

Logfile of HijackThis v1.97.7
Scan saved at 11:56:19, on 02-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ServGate\ServGate VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ServGate\ServGate VPN Client\IPSecMon.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SISTRAY.EXE
C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
C:\hijackthis\CWShredder.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {401249DD-FC9A-788E-2A42-6F9CF15DDAD5} - C:\WINDOWS\apppb32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\SISTRAY.EXE
O4 - Global Startup: ServGate VPN Client.lnk = C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)

Efter start af IE:

Logfile of HijackThis v1.97.7
Scan saved at 12:05:26, on 02-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ServGate\ServGate VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ServGate\ServGate VPN Client\IPSecMon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\SISTRAY.EXE
C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
C:\WINDOWS\system32\ntyq.exe
C:\WINDOWS\sdkvr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gxaae.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gxaae.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gxaae.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {401249DD-FC9A-788E-2A42-6F9CF15DDAD5} - C:\WINDOWS\apppb32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\SISTRAY.EXE
O4 - HKLM\..\Run: [ntyq.exe] C:\WINDOWS\system32\ntyq.exe
O4 - HKLM\..\RunOnce: [sdkvr.exe] C:\WINDOWS\sdkvr.exe
O4 - Global Startup: ServGate VPN Client.lnk = C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)

Og log fra ad aware:


Lavasoft Ad-aware Personal Build 6.181
Logfile created on  :2. juli 2004 11:26:45
Created with Ad-aware Personal, free for private use.
Using reference-file :01R326 01.07.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


02-07-2004 11:26:45 - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
    FilePath          : \SystemRoot\System32\
    ThreadCreationTime : 02-07-2004 09:17:25
    BasePriority      : Normal


#:2 [winlogon.exe]
    FilePath          : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 02-07-2004 09:17:41
    BasePriority      : High


#:3 [services.exe]
    FilePath          : C:\WINDOWS\system32\
    ThreadCreationTime : 02-07-2004 09:17:48
    BasePriority      : Normal
    FileSize          : 99 KB
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion    : 5.1.2600.0
    CompanyName        : Microsoft Corporation
    FileDescription    : Tjenester og controllerprogrammer
    InternalName      : services.exe
    OriginalFilename  : services.exe
    ProductName        : Microsoft
    Created on        : 09-07-2002 00:03:04
    Last accessed      : 02-07-2004 09:17:48
    Last modified      : 09-10-2001 12:00:00

#:4 [lsass.exe]
    FilePath          : C:\WINDOWS\system32\
    ThreadCreationTime : 02-07-2004 09:17:48
    BasePriority      : Normal
    FileSize          : 11 KB
    FileVersion        : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion    : 5.1.2600.1106
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName      : lsass.exe
    OriginalFilename  : lsass.exe
    ProductName        : Microsoft
    Created on        : 09-07-2002 00:02:00
    Last accessed      : 02-07-2004 09:17:48
    Last modified      : 09-09-2002 21:13:40

#:5 [svchost.exe]
    FilePath          : C:\WINDOWS\system32\
    ThreadCreationTime : 02-07-2004 09:17:52
    BasePriority      : Normal
    FileSize          : 12 KB
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion    : 5.1.2600.0
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName      : svchost.exe
    OriginalFilename  : svchost.exe
    ProductName        : Microsoft
    Created on        : 09-07-2002 00:03:14
    Last accessed      : 02-07-2004 09:17:52
    Last modified      : 09-10-2001 12:00:00

#:6 [svchost.exe]
    FilePath          : C:\WINDOWS\system32\
    ThreadCreationTime : 02-07-2004 09:17:52
    BasePriority      : Normal
    FileSize          : 12 KB
    FileVersion        : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion    : 5.1.2600.0
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName      : svchost.exe
    OriginalFilename  : svchost.exe
    ProductName        : Microsoft
    Created on        : 09-07-2002 00:03:14
    Last accessed      : 02-07-2004 09:17:52
    Last modified      : 09-10-2001 12:00:00

#:7 [explorer.exe]
    FilePath          : C:\WINDOWS\
    ThreadCreationTime : 02-07-2004 09:19:36
    BasePriority      : Normal
    FileSize          : 974 KB
    FileVersion        : 6.00.2800.1221 (xpsp2.030511-1403)
    ProductVersion    : 6.00.2800.1221
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Stifinder
    InternalName      : explorer
    OriginalFilename  : EXPLORER.EXE
    ProductName        : Microsoft
    Created on        : 29-05-2003 09:51:08
    Last accessed      : 02-07-2004 09:19:38
    Last modified      : 29-05-2003 09:51:08

#:8 [uedit32.exe]
    FilePath          : C:\Programmer\UltraEdit\
    ThreadCreationTime : 02-07-2004 09:20:35
    BasePriority      : Normal
    FileSize          : 2096 KB
    FileVersion        : 10.10.3
    ProductVersion    : 10.10.3
    Copyright          : IDM Computer Solutions, Inc.
    CompanyName        : IDM Computer Solutions, Inc.
    FileDescription    : UltraEdit-32 Professional Text/Hex Editor
    InternalName      : UltraEdit-32
    OriginalFilename  : UEDIT32.EXE
    ProductName        : UltraEdit-32
    Created on        : 03-02-2004 08:10:04
    Last accessed      : 02-07-2004 09:20:35
    Last modified      : 03-02-2004 08:10:04

#:9 [ad-aware.exe]
    FilePath          : C:\Programmer\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 02-07-2004 09:26:37
    BasePriority      : Normal
    FileSize          : 668 KB
    FileVersion        : 6.0.1.181
    ProductVersion    : 6.0.0.0
    Copyright          : Copyright 
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-aware 6 core application
    InternalName      : Ad-aware.exe
    OriginalFilename  : Ad-aware.exe
    ProductName        : Lavasoft Ad-aware Plus
    Created on        : 25-06-2003 06:22:04
    Last accessed      : 02-07-2004 09:26:37
    Last modified      : 12-07-2003 20:00:20

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
    Type              : RegData
    Data              : "about:blank"
    Rootkey            : HKEY_CURRENT_USER
    Object            : Software\Microsoft\Internet Explorer\Main
    Value              : Start Page
    Data              : "about:blank"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
    Type              : RegData
    Data              : "about:blank"
    Rootkey            : HKEY_LOCAL_MACHINE
    Object            : Software\Microsoft\Internet Explorer\Main
    Value              : Start Page
    Data              : "about:blank"


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 2
Objects found so far: 2


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
    Type              : File
    Data              : thomas@adtech[2].txt
    Object            : C:\Documents and Settings\Thomas\Cookies\

    Created on        : 02-07-2004 08:02:18
    Last accessed      : 02-07-2004 09:29:51
    Last modified      : 02-07-2004 08:02:18



Tracking Cookie Object recognized!
    Type              : File
    Data              : thomas@cgi-bin[1].txt
    Object            : C:\Documents and Settings\Thomas\Cookies\

    Created on        : 02-07-2004 07:33:42
    Last accessed      : 02-07-2004 08:33:50
    Last modified      : 02-07-2004 07:33:42


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
    Type              : File
    Data              : mssw32.exe
    Object            : C:\WINDOWS\System32\
    FileSize          : 9 KB
    Created on        : 19-06-2004 02:44:25
    Last accessed      : 02-07-2004 08:48:23
    Last modified      : 19-06-2004 02:44:25




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
    Type              : RegKey
    Data              :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object            : SYSTEM\CurrentControlSet\Services\__NS_Service_3


CoolWebSearch Object recognized!
    Type              : RegKey
    Data              :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object            : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA


CoolWebSearch Object recognized!
    Type              : RegKey
    Data              :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object            : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE


CoolWebSearch Object recognized!
    Type              : RegKey
    Data              :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object            : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW


Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 4
Objects found so far: 9


11:31:27 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:04:40:243
Objects scanned :51208
Objects identified :9
Objects ignored :0
New objects :9
Avatar billede reino Nybegynder
02. juli 2004 - 12:10 #9
ok, øjeblik, oversete lige en ting, prøver lige igen
Avatar billede reino Nybegynder
02. juli 2004 - 12:47 #10
nej, virkede ikke...seneste log...øvøv

Logfile of HijackThis v1.97.7
Scan saved at 12:47:11, on 02-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ServGate\ServGate VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ServGate\ServGate VPN Client\IPSecMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\SYSTEM32\SISTRAY.EXE
C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\netzy.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gxaae.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gxaae.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gxaae.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {401249DD-FC9A-788E-2A42-6F9CF15DDAD5} - C:\WINDOWS\apppb32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM32\SISTRAY.EXE
O4 - HKLM\..\RunOnce: [netzy.exe] C:\WINDOWS\system32\netzy.exe
O4 - Global Startup: ServGate VPN Client.lnk = C:\Programmer\ServGate\ServGate VPN Client\SafeCfg.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html
O9 - Extra button: Opslag (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
Avatar billede andersenph Nybegynder
02. juli 2004 - 12:56 #11
Vi prøver bare igen.
Den skal nok forsvinde...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gxaae.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gxaae.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gxaae.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gxaae.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gxaae.dll/sp.html#96676
O2 - BHO: (no name) - {401249DD-FC9A-788E-2A42-6F9CF15DDAD5} - C:\WINDOWS\apppb32.dll
O4 - HKLM\..\RunOnce: [netzy.exe] C:\WINDOWS\system32\netzy.exe
Skal fixes i fejlsikret

Find og slet:
C:\WINDOWS\apppb32.dll
C:\WINDOWS\system32\netzy.exe
C:\WINDOWS\gxaae.dll

Det er vigtigt at du får fundet og slettet de filer jeg nævner, ellers starter den bare op i nyt navn, som en bedre konkursrytter :O)
Avatar billede reino Nybegynder
02. juli 2004 - 13:49 #12
Så lykkedes det, det var godt nok en s....'s en :)

Kanontak for hjælpen, smid lige et svar :)
Avatar billede andersenph Nybegynder
02. juli 2004 - 13:51 #13
Det var så lidt ;O)
Og ja den kan godt være svær at komme af med, men der er endnu ikke nogen der har overlevet mig ;O)

God weekend
Avatar billede reino Nybegynder
02. juli 2004 - 13:56 #14
*GG* kanon, takker og bukker og god weekend til dig :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 23:24 Google sheets beregning udfra dato Af rickiegrayholm i Office & Kontorpakker
I går 18:09 Outlook Classic, lukker ikke Af mort1 i E-mail programmer
13/0520:48 Bred buet skærm vs. 2 skærme Af Nanarsi i Skærme
13/0518:07 Tilslut printer til netværk med WPS - hvis WPS slukkes på Router mistes forbindelse. Af Uvanga i Wifi
11/0521:05 Questyle M15i lydforstærker Af valby i Diverse
White papers
Flere white papers »