explorer.exe går ned

prøv at hoppe over i Virus-kategorien og lav en Hijack-log
Hvis du gør det, lægger du selv et svar her og lukker spørgsmålet.

Hvis du efter at have prøvet hcma catbodys mulighed, ikke har virus, så har du to
andre muligheder: I commandopromten skriver du sfc /scannow og trykker OK. Obs. din
CD skal ligge i drevet. Så scanner windows for manglende filer. Hvis det ikke er
nok, kan du lave en geninstallation, hvor du bevarer dine data:
http://www.hcma.dk/tips1to10.htm#no4

jeg prøvede i første omgang en repair via cd. jeg ved ikke hvad jeg skal skrive når der spørges om hvilken version af windows der skal gå igang ? jeg prøvede at skrive 1 og så spørges der om en adgangs kode til administratoren....hvordan laver men en hijack log ?

"hvordan laver men en hijack log ?" det gør du sådan her:

opret et spørgsmål i virus kategorien http://www.eksperten.dk/spm/Sikkerhed/Virus/ og følg denne procedure:

Download hijackthis herfra og gem det i en folder for sig selv på dit skrivebord

http://www.spywareinfo.com/~merijn/downloads.html

eller et direkte download link herfra www.arlet.dk/hjt.exe

Start programmet, vælg at udføre en scan samt gemme en log fil.
Når hijackthis er færdig med at scanne vil den bede dig om en placering hvor du vil gemme "hijackthis" en tekst fil.
Gem den i samme folder som hijackthis. Når du har sagt okay popper der et nyt vindue frem med notepad med en masse tekst linjer. Marker alle linjerne og kopier dem herind så en log-tyder ka kigge på dem. Du må ikke selv begynde, at fikse noget i hijackthis.

okay jeg har nu en hijack-log, som anbefalet af hcma catbody og gratis.  den ligger nu i sikkerhed og virus.
jeg venter helt vildt spændt.....

http://exp.dk/spm/664490
Luk ovenstående og kopier loggen herind.

jeg håber loggen afslører noget !!!

her er den
Logfile of HijackThis v1.99.1
Scan saved at 18:30:36, on 14-11-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\htpatch.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\RunDll32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\Programmer\Mouse\Mouse Control\Panel.exe
C:\Programmer\Rainlendar\Rainlendar.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\ULTIMA~1\uzip.exe
C:\DOCUME~1\DAVID\LOKALE~1\TEMP\UZ_8518\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://81.211.105.43/search.php?v=5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://81.211.105.43/index.php?v=5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://maxbank.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://81.211.105.43/search.php?v=5
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://81.211.105.43/index.php?v=5
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spks.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = surfer rosa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programmer\Desktop Sidebar\sbhelp.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINNT\winbait.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\AGKNOR~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Documents and Settings\david\Skrivebord\programmer\ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe
O4 - Startup: Rainlendar.lnk = C:\Programmer\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Aktiver Labtec Trådløse Skrivebord.lnk = ?
O4 - Global Startup: Mouse Control.lnk = C:\Programmer\Mouse\Mouse Control\Panel.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Overfør med Star Downloader - C:\Programmer\Star Downloader\sdie.htm
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Programmer\Desktop Sidebar\sbhelp.dll/menuhandler.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programmer\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programmer\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Programmer\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://frbsrv03.udd.sembsc.dk/qp2.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00625BD00042} (Sparekassen Sj‘lland Internet Bank) - https://www.spks.dk/ssparvestibp2500ib100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe