Virus hjælp!!

skriv i kør shutdown -a

shutdown -a, - fungerer det også på XP?

Ja det virker i dit XP, bagefter går du ind på windows update og henter sikkerheds opdateringerne, det er temlig sikkert "MS Blaster" (mener jeg den hedder) virus'sen du har fået .. updaten skulle fikse det. :)

shutdown -a
JA ...

Da du nu har virus/'snavs' på din putter så er der følgende procedure for at få det _helt_ væk...

Indtil en HiJackThis expert kommer så rul disse

Hent denne scanner:
http://www.spywareinfo.dk/download/mwav.exe
Inde i opsætningen sætter du den til at scanne alt
Kør scanneren.

Download Ewido (Trial version)
http://shop.element5.com/product.html?productid=531168
Scan alt...

Download hijackthis herfra og gem det i en folder for sig selv på dit skrivebord
http://www.downloadportal.dk/viewinfo.asp?rid=1658
Eller
http://www.arlet.dk/hjt.exe
evt. instruktion: http://www.spywarefri.dk/hjtanv.htm

Start programmet og vælge, at udføre en scan samt gemme en log fil.
Når hijackthis er færdig med, at scanne vil den bede dig om en placering hvor du vil gemme "hijackthis" en tekst fil.
Gem den i samme folder som hijackthis. Når du har sagt okay hopper der et nyt vindue frem nemlig notepad med en masse tekst linjer. Marker alle linjerne og kopir dem herind så 'nogen' kan kigge på dem. Du må ikke selv begynde, at fikse noget i hijackthis.

Ikke nødvendigvis mig der følger op...

ser gerne på loggen

Hermed logfilen fra hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 17:14:24, on 07-09-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\Terroristen\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.babel.dk/help
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CA79DF4A-E7DD-4175-A88A-7B72533A4130} (Sky Software FolderView ActiveX Control 6.0) - http://www.billedbutikken.dk/upload/digiupload.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: bw+0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

Download Ewido (Trial version) (Vi skal bruge den senere)
http://shop.element5.com/product.html?productid=531168

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.

Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer. Dobbelt tjeck alt kom med!. Klik herefter "Fix checked" i hijackthis:

O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp02.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab

Alle 018 linjerne... dvs disse:
O18 - Protocol: bw+0 - {43C16CD4-0D5A-4E22-A650-375AEFA43D59} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Højreklik på windows start knappen (helt nede i venstre hjørne af din skærm) og vælge "Stifinder", klik på Funktioner->Mappeindstillinger->Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Find og slet (Kig godt efter!!.. Det du ikke finder har hijackthis muligvis selv kunne slette!)

Filerne

C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Installer Ewido nu... og scan herefter

Genstart normalt og kopir en ny hijackthis log herind så jeg kan se om vi fik fjernet det hele eller om noget skulle være blevet overset:)

ok, det tog sin tid...
ny fil:

Logfile of HijackThis v1.99.1
Scan saved at 19:04:00, on 07-09-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Terroristen\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.babel.dk/help
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CA79DF4A-E7DD-4175-A88A-7B72533A4130} (Sky Software FolderView ActiveX Control 6.0) - http://www.billedbutikken.dk/upload/digiupload.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

du skal lige gentage processen på denne linje

O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

og slet filen

C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

der er faktisk ikke mere.. fandt ewido noget?

damn!! nu lukker systemet!!!

fandt ewido noget? og tænkte at på du mener med at systemet lukker ned... du skal udbyde lidt

der dukker en dialogboks op hvor der står at systemet (pc'en) slukkes om 30 sekunder...

ewido filen:+ Created on:            19:01:33, 07-09-2005
+ Report-Checksum:        7FBB223A

+ Scan result:

    :mozilla.39:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Itrack : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.58:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.59:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.64:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.65:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.66:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.123:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.124:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.172:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.201:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.202:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.203:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.233:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.234:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.269:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.270:C:\Documents and Settings\Terroristen\Application Data\Mozilla\Firefox\Profiles\5zsxcau9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup


::Report End

Jeg gentog processen med disse filer, som du foreslog:

O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

og slet filen

C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

christoffero: det hjalp ikke at bruge windows opdate...

prøv at trykke start -> kør og skriv "shutdown -a"

mener nok at det er sådan man skriver det

ups...
det er skrevet før... men prøv at gøre det igen nu, efter at vi har fjernet snavs :)

ok, prøvede med "shutdown -a"...

nu er det bare at vente med spænding...

jeg bruger for øvrigt eTrust antivirus samt sygate personal firewall...jeg burdte måske udskifte eTrust med et andet program? noget freeware der kan anbefales?

øv bøv...systemet lukkede ned igen... :-(
nu nåede jeg at læse lidt af teksten på dialogboksen:

"der er nu 30 sekunder til at systemet lukkes ned,
alt arbejde bliver ikke gemt"

powered by NT Authority system....

jeg kunne ikke engang få lov til at udføre en Prt Scr.

Teksten på dialogboksen:

"systemet er ved at lukke.
gem al igangværende arbejde og log af.
Ændringer som ikke er gemt vil gå tabt.
lukningen er iværksat af NT AUTHORITY\SYSTEM

tid tilbage før der lukkes: 00:00:30

Meddelelse:

Terroristen tienes 30 segundos pa parame...
te lo puse muy facilito...que cagada no?
Todo es culpa del YV239P!

fik du nogensinde scannet med Mwav? majsmarken linker til det

Den blev aldrig færdig med scanningen,- meddelelsen dukkede op midt i det hele og, ja, så lukkede systemet efter 30 sekunder...

men den er i gang lige nu...

scanner du i fejlsikret tilstand? det kan gøre en stor forskel:)

det gør jeg nu :-)

Mwav har lige scannet færdig,-den fandt intet. :-(
Jeg må indrømme at jeg p.t. er ved at miste troen på at den kan reddes...

Det lykkedes mig dog at tage backup af vigtige filer :-),så måske skal den bare formateres, så jeg kan starte fra bunden af...

Det lyder som fejl i windows.. ville nok prøve med en repair først

hov! jeg fandt måske noget!

+ Created on:            11:55:59, 08-09-2005
+ Report-Checksum:        E00CC569

      0: System Process
      4: System Process
    452: \SystemRoot\System32\smss.exe
    508: \??\C:\WINDOWS\system32\csrss.exe
    532: \??\C:\WINDOWS\system32\winlogon.exe
    580: C:\WINDOWS\system32\services.exe
    592: C:\WINDOWS\system32\lsass.exe
    748: C:\WINDOWS\system32\svchost.exe
    796: C:\WINDOWS\system32\svchost.exe
    880: C:\WINDOWS\system32\svchost.exe
    912: C:\WINDOWS\system32\svchost.exe
    1036: C:\WINDOWS\system32\svchost.exe
    1476: C:\WINDOWS\Explorer.EXE
    1544: C:\WINDOWS\system32\ctfmon.exe
    1736: C:\Programmer\ewido\security suite\SecuritySuite.exe


592: C:\WINDOWS\system32\lsass.exe,- er det ikke en sasser??

ups.. jeg så ikke at den fil også figurerede før, på HijackThis loggen...

Den er blot en del af windows desværre:=)

så er der ikke så meget andet at gøre vel?

Jeg ville som sagt prøv en repair før en format.

Det hjalp desværre ikke at udføre en repair, så nu sidder jeg på en nyformateret maskine og det fungerer fint nu.

både dig, kalp og majsmarken kom med gode råd. tak for gennemgang af loggen.

kan i ikke dele point? og hvordan gør jeg det for øvrigt?

Afvent svar fra Majsmarken og så kan du markere begge vores navne i den lille boks helt nede i venstre hjørne.. på bunden af siden næsten. og tryk herefter på accepter svar:)

Desværre er der visse problemer som ikke umiddelbart er til, at løse uden man selv sidder ved maskinen og kan prøve sig frem:)

En lille sjat til mig - resten til <kalp>

Har du så evt. checket de elementer som er nævnt tidl. ?

... Samt WindowUpdate...

Kan iøvrigt også anbefale -> Microsoft® Windows AntiSpyware ->
http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

Safe Surfing...

Del lige over... det er lettere:)

jeg deler hermed point...
Jeg har installeret ewido, Avast samt sygate personal firewall ind til videre.

igen, mange tak for gode råd.