Søg
Avatar billede martin181 Nybegynder
31. oktober 2005 - 12:56 Der er 30 kommentarer og
2 løsninger

Maskine, der har fået virus - hjælp!

Hejsa!

Jeg har en maskine, der har fået virus...

Jeg kan ikke starte nogle exe-filer op - prøver jeg det, så kommer den op med "Open with..." dialogen... og spørger fx. hvilket program jeg vil åbne iexplore.exe med....

Jeg har, via en genvej til en internetside jeg havde på skrivebordet, fået startet en online-scanning hos panda-antivirus... den scanner på livet løs... men den lader ikke til at finde noget... (den har nu scannet lidt over 3/4 af maskinen...)

Min virusscanner, normalt, er Symantec Antivirus version 9.0.0.338 - den er sat til at opdatere sig hver nat på serveren, og maskinerne får de nyeste definitioner ud, når de kobler sig på nettet... men den har altså ikke fanget den virus der giver mig kvaler... og der er ikke andre maskiner i firmaet, der har fået denne virus...

Er der nogen af jer, der har gode ideer til hvad jeg kan gøre?

Jeg skal nok melde tilbage når den er helt færdig med at scanne... (bare kald mig utålmodig når jeg nu ikke kan vente på at scanningen bliver færdig...)
Avatar billede kalp Novice
31. oktober 2005 - 13:01 #1
download hijackthis herfra www.arlet.dk/hjt.exe

scan og kopir den log der bliver produceret herind
Avatar billede martin181 Nybegynder
31. oktober 2005 - 13:04 #2
jeg kan ikke køre filen på maskinen, den kommer op med "Open with..." når jeg vil åbne hijackthis...

jeg prøver i fejlsikret tilstand, når scanningen er færdig...
Avatar billede martin181 Nybegynder
31. oktober 2005 - 13:07 #3
nu blev min scanning færdig... den fandt ingen vira... den fandt en enkelt spyware entry - c:\windows\downloaded program files\cssweb.dll - det siger at den er af typen: adware: Adware/CssWeb...

jeg prøver at starte maskinen op i fejlsikret tilstand og se om jeg derindefra kan køre hijackthis... og så smider jeg en log herind hvis det lykkedes mig...
Avatar billede martin181 Nybegynder
31. oktober 2005 - 13:18 #4
i fejlsikret tilstand kan jeg heller ikke få lov til at køre hijackthis - den kommer igen op med "open with..."-dialogen...

andre gode forslag?
Avatar billede kalp Novice
31. oktober 2005 - 13:22 #5
hent http://www.silentrunners.org/Silent%20Runners.vbs

dobbeltklik på filen... vent i ca. 1 min før du åbner loggen den opretter (ligger i samme mappe)... men vent 1 min før du åbner den! husk det
Avatar billede martin181 Nybegynder
31. oktober 2005 - 13:31 #6
jeg prøver lige at "lege" hijackthis selv.... på min processliste har jeg flg. processer kørende, når jeg er normalt logget ind - tænkte at det måske kunne give nogle af jer en ide om hvad der sker...

alg.exe
ati2evxx.exe
csrss.exe
defwatch.exe
explorer.exe
lsass.exe (eller Isass.exe)
rtvscan.exe
services.exe
smagent.exe
smss.exe
spoolsv.exe
sr_gui.exe
sr_service.exe
sr_watchdog.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
system idle process
taskmgr.exe
winlogon.exe
wuaudt.exe

Giver det noget?
Avatar billede kalp Novice
31. oktober 2005 - 13:34 #7
har du mulighed for systemgendannelse?
Avatar billede martin181 Nybegynder
31. oktober 2005 - 13:36 #8
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"AutoLogon" = (empty string)
"eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]
"vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"]
"PaperPort PTD" = "c:\progra~1\scansoft\paperp~1\pptd40nt.exe" ["Scansoft Inc."]
"InstantAccess" = "C:\PROGRA~1\TEXTBR~1.0BU\Bin\INSTAN~1.EXE /h" [null data]
"RegisterDropHandler" = "C:\PROGRA~1\TEXTBR~1.0BU\Bin\REGIST~1.EXE" [empty string]
"Client Access Service" = ""C:\Program Files\IBM\Client Access\cwbsvstr.exe"" ["IBM Corporation"]
"Client Access Help Update" = ""C:\Program Files\IBM\Client Access\cwbinhlp.exe"" ["IBM Corporation"]
"Client Access Check Version" = ""C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN" ["IBM Corporation"]
"Client Access Express Welcome" = ""C:\Program Files\IBM\Client Access\cwbwlwiz.exe"" ["IBM Corporation"]
"CamMonitor" = "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [empty string]
"Share-to-Web Namespace Daemon" = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"zBrowser Launcher" = "C:\Program Files\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"StopSignStatus" = "Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus" [MS]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{EEB5B6C2-E405-11d0-9318-0004AC946C18}" = "AS/400 Shell Extensions - AS/400 IPL"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\IBM\Client Access\Shared\cwbunas4.dll" ["IBM Corporation"]
"{38482e00-0ad5-11cf-bc9d-0004ac325a18}" = "AS/400 Network"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\IBM\Client Access\Shared\cwbunshf.dll" ["IBM Corporation"]
"{DCA251A0-38AC-11d0-82BD-08005AA74F5C}" = "AS/400 Shell Extensions - AS/400 Network"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\IBM\Client Access\Shared\cwbunshf.dll" ["IBM Corporation"]
"{8CA2EBC1-40C7-4451-AD01-7DEEB4690358}" = "AS/400 Related Tasks"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\IBM\Client Access\Shared\cwbunshf.dll" ["IBM Corporation"]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Share-to-Web Upload Folder"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "GinaDLL" = "ckpginashim.dll" ["Check Point Software Technologies"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! ckpNotify\DLLName = "ckpNotify.dll" ["Check Point Software Technologies"]
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Default executables:
--------------------

.EXE: HKLM\SOFTWARE\Classes\exefile\shell\open\command\
INFECTION WARNING! "Default" = "c:\docume~1\alluse~1\startm~1\programs\startup\msupdate.exe "%1 %*""


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\hp.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Image Retriever" -> shortcut to: "C:\Program Files\ScanSoft\PaperPort\xdcla.exe" [null data]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.hp.com

Missing lines (compared with English-language version):
[Strings]: 1 line


HOSTS file
----------

C:\WINDOWS\System32\drivers\etc\HOSTS

maps: 3 domain names to IP addresses,
      2 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Check Point SecuRemote Service, SR_Service, ""C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"" ["Check Point Software Technologies"]
Check Point SecuRemote WatchDog, SR_WatchDog, ""C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe"" ["Check Point Software Technologies"]
DefWatch, DefWatch, ""C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
Symantec AntiVirus Client, Norton AntiVirus Server, ""C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Mobile Port\Driver = "C:\WINDOWS\System32\HPBMOMON.dll" ["Hewlett-Packard Company"]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 40 seconds, including 18 seconds for message boxes)
Avatar billede kalp Novice
31. oktober 2005 - 13:42 #9
et hurtigt kig og jeg kan se du skal slette

c:\docume~1\alluse~1\startm~1\programs\startup\msupdate.exe
Avatar billede martin181 Nybegynder
31. oktober 2005 - 13:44 #10
jeg sletter med det samme
Avatar billede kalp Novice
31. oktober 2005 - 13:50 #11
genstart efterfølgende .. gerne i fejlsikret og se om du kan køre hijackthis.

har du mulighed for systemgendannelse?
Avatar billede martin181 Nybegynder
31. oktober 2005 - 13:54 #12
jeg kan ikke finde filen fysisk via en stifinder og heller ikke via en dosprompt, som jeg iøvrigt først fandt frem til efter at have lavet en kopi af cmd.exe - og omdøbt den til cmd.scr...
Avatar billede kalp Novice
31. oktober 2005 - 13:56 #13
systemgendannelse?
Avatar billede martin181 Nybegynder
31. oktober 2005 - 13:58 #14
jeg overvejer at prøve... skal lige have tjekket at brugeren har aktiveret systemgendannelse...
Avatar billede kalp Novice
31. oktober 2005 - 13:58 #15
så kan det være hijackthis virker der:)
Avatar billede martin181 Nybegynder
31. oktober 2005 - 14:06 #16
min systemgendannelse kunne heller ikke startes... det er jo en exe fil...

men ved at omdøbe hijackthis til en scr-fil, så fik jeg flg log:

Logfile of HijackThis v1.99.1
Scan saved at 14:05:50, on 31-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Copy of hijackthis.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.emarkets.nordea.com/tibco
O1 - Hosts: 129.142.47.224 ntserver
O1 - Hosts: 129.142.47.207 DKPDI400
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [PaperPort PTD] c:\progra~1\scansoft\paperp~1\pptd40nt.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0BU\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0BU\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [StopSignStatus] Rundll32.exe "C:\Program Files\Common Files\eAcceleration\Installer\stopsinfo.dll",VerifyStatus
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0BU\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Image Retriever.lnk = C:\Program Files\ScanSoft\PaperPort\xdcla.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: emarkets - https://www.emarkets.nordea.com/jsp/Toolkit/Trading.cab
O16 - DPF: Nordea Online investering - https://www.onlineinvestering.nordea.dk/oiclient.nsf/files/client/$FILE/oiclient.cab
O16 - DPF: NordeaeMarketsVer2 - https://www.emarkets.nordea.com/applets/lib/marketTCT4.0Signed.cab
O16 - DPF: NordeaeTrading - https://www.emarkets.nordea.com/applets/lib/trading1.0Signed14.cab
O16 - DPF: NordeaeTradingSB - https://www.emarkets.nordea.com/applets/lib/trading1.0Signed14SB.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://lra.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ProDesign.local
O17 - HKLM\Software\..\Telephony: DomainName = ProDesign.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ProDesign.local
O18 - Protocol: bw+0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9126A52A-A66C-424A-A51E-CA34EE6C9F7B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

håber den kan sige noget...
Avatar billede kalp Novice
31. oktober 2005 - 14:16 #17
synes ikke, at jeg kan se noget som er skyld i det problem du beskriver.

hvis ikke du kan køre systemgendannelse så ser det ud til du må ud i en repair af windows-

Vejledning
http://hcma.dk/tips1to10.htm#no4
Avatar billede ejvindh Ekspert
31. oktober 2005 - 14:26 #18
Prøv evt. lige dette først:

Download denne fil til dit skrivebord, og dobbeltklik på den.
http://www.ejvindh.frac.dk/vbsfix.vbs

Giver det dig mulighed for at køre exe-filer?
Avatar billede martin181 Nybegynder
31. oktober 2005 - 14:36 #19
jeg prøver lige...
Avatar billede martin181 Nybegynder
31. oktober 2005 - 14:37 #20
ja, nu kan jeg godt...

flere ideer til at kommer videre?
Avatar billede martin181 Nybegynder
31. oktober 2005 - 14:38 #21
jeg har lige startet min viruschecker op igen og har sat den til at scanne... det er jeg et eller andet sted mest tryg ved...
Avatar billede ejvindh Ekspert
31. oktober 2005 - 14:41 #22
Dejligt!

Udover at det kunne være en god ide at fixe alle O18-linier, er der ikke meget at finde i loggen.

Den msupdate-entry, som lå i Silentrunners er dog typisk en CWS-infektion, så du kan evt. køre en tur med cwshredder, for at se om den finder noget:

Download CWSschredder her:
http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe

Genstart herefter til fejlsikret, og tag netstikket ud af computeren

Luk alle vinduer, kør CWShredder, klik på Fix, den scanner nu, når den er færdigt klik på Next, klik på Exit.

Jeg tror dog mest af alt, at det blot var en rest fra en infektion, som allerede ER slået ned. Ellers havde den ikke været så nem at fjerne :-)
Avatar billede martin181 Nybegynder
31. oktober 2005 - 14:58 #23
jeg har fået fixet, scannet og genstartet... nu ser det ud til at det hele fungerer som det skal... mange tak for hjælpen...

egentlig er det vel mest ejvindh, der gav det der gav udslaget... men du har ikke smidt et svar, kan jeg ikke få dig til at gøre det?
Avatar billede ejvindh Ekspert
31. oktober 2005 - 15:05 #24
Det kan du da. :-)

Da det var Kalp, der satte de indledende undersøgelser i gang, og som også afdækkede problemet, ville det være ok med mig, hvis han også får del i pointene. Men det er op til dig :-)

Du får også lige mine standard-afslutnings-råd:

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Jeg vil anbefale at følgende som minimum bør være installeret: Antivirus, Spywareguard, Spywareblaster, IE-spyad og en firewall. Alle programmer kan du finde links til herfra:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser denne artikel om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
Avatar billede majsmarken Nybegynder
31. oktober 2005 - 15:11 #25
(Sku' vi ikk' lige se den sidste friske log?)
Avatar billede martin181 Nybegynder
31. oktober 2005 - 15:15 #26
jeg ville gerne komme med en afsluttende frisk log - men maskinen er blevet sendt med brugeren videre... han skulle til møde... så jeg håber den arter sig... og så skal jeg nok få smidt de programmer på fra "pakken" når han kommer forbi igen...


Hvis kalp nu også smider et svar, så deler jeg point imellem jer...
Avatar billede kalp Novice
31. oktober 2005 - 16:11 #27
Det får du her:)

ejvindh >> tak for hjælpen:o)
Avatar billede ejvindh Ekspert
31. oktober 2005 - 16:15 #28
Alt i orden, Kalp :-)
Det blev vist kun til en kommentar ;-)
Avatar billede martin181 Nybegynder
02. november 2005 - 10:00 #29
jeg venter lige til kalp får smidt et svar...
Avatar billede kalp Novice
02. november 2005 - 23:21 #30
ops:)
Avatar billede martin181 Nybegynder
03. november 2005 - 09:00 #31
så er point delt imellem jer - mange tak for hjælpen til jer begge to :-)
Avatar billede ejvindh Ekspert
04. november 2005 - 08:49 #32
Takker for point :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:09 problem med download i <a href=" " download> tag i JavaScript Af Peer i JavaScript
I går 18:26 Problemer med Prestashop Af BCP i E-handel
I går 18:10 Google Home Af birdbrain i Apps til iOS
I går 14:46 Microsoft vil "stjæle" mine login oplysninger Af mort1 i Windows
I går 14:35 trådløst tastatur Af ole i Andet hardware
White papers
Flere white papers »