---

hej nogen der lige kan hjælpe lidt


min pc ter sig under ligt min mus låser sig heletiden fast så kan man bruge en logfil til at se hvad der måtte vare galt ???


og vil så gerne lige ha et link et log program og så lige et sted hvor man kan sende den hen

---

Det var dælemig et kryptisk stillet spørgsmål.

Men jeg vil tro at du har snavs på din pcer

Prøv at scanne her

http://www.spywarefri.dk/

under onlineværktøjer

---

og når man så har scannet sin pc og den så har funde noget spyware hvordan fjerner man så det
??

---

hvordan fjerner jeg min spyware når den har fundet det efter jeg har brugt panda active scan ??

---

nogen der kan hjælpe med at finde ud af hvad der er galt ???





Ad-Aware SE Build 1.06r1
Logfile Created on:17. juni 2006 12:15:13
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):15 total references
Tracking Cookie(TAC index:3):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


17-06-2006 12:15:13 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 436
ThreadCreationTime : 17-06-2006 09:43:09
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 17-06-2006 09:43:09
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 520
ThreadCreationTime : 17-06-2006 09:43:11
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 17-06-2006 09:43:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 17-06-2006 09:43:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 17-06-2006 09:43:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 816
ThreadCreationTime : 17-06-2006 09:43:12
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 936
ThreadCreationTime : 17-06-2006 09:43:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [logonui.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 17-06-2006 09:43:13
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Logon UI
InternalName : LOGONUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : LOGONUI.EXE

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 996
ThreadCreationTime : 17-06-2006 09:43:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1108
ThreadCreationTime : 17-06-2006 09:43:13
BasePriority : Normal
FileVersion : 1.00.37
ProductVersion : 1.00.37
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1244
ThreadCreationTime : 17-06-2006 09:43:14
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1372
ThreadCreationTime : 17-06-2006 09:43:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [htpatch.exe]
FilePath : C:\WINDOWS\
ProcessID : 1468
ThreadCreationTime : 17-06-2006 09:43:15
BasePriority : Normal


#:15 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1512
ThreadCreationTime : 17-06-2006 09:43:15
BasePriority : Normal
FileVersion : 1.00.104
ProductVersion : 1.00.104
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:16 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_07\bin\
ProcessID : 1832
ThreadCreationTime : 17-06-2006 09:43:16
BasePriority : Normal


#:17 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1840
ThreadCreationTime : 17-06-2006 09:43:16
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:18 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1848
ThreadCreationTime : 17-06-2006 09:43:16
BasePriority : Normal
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:19 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2032
ThreadCreationTime : 17-06-2006 09:43:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:20 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 188
ThreadCreationTime : 17-06-2006 09:43:21
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:21 [nprotect.exe]
FilePath : C:\Program Files\Norton AntiVirus\AdvTools\
ProcessID : 208
ThreadCreationTime : 17-06-2006 09:43:21
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright (C) 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:22 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 232
ThreadCreationTime : 17-06-2006 09:43:21
BasePriority : Normal
FileVersion : 6.13.10.4104
ProductVersion : 6.13.10.4104
ProductName : NVIDIA Driver Helper Service, Version 41.04
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 41.04
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:23 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2376
ThreadCreationTime : 17-06-2006 09:44:43
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:24 [wpabaln.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2544
ThreadCreationTime : 17-06-2006 09:45:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows WPA Balloon Reminder
InternalName : WPABALN.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WPABALN.EXE

#:25 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3128
ThreadCreationTime : 17-06-2006 10:11:36
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@atdmt.com/
Expires : 15-06-2011 02:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@adtech.de/
Expires : 13-06-2016 23:22:02
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:administrator@2o7.net/
Expires : 16-06-2011 00:21:02
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@instadia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:administrator@instadia.net/
Expires : 16-06-2008 10:34:12
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:administrator@imrworldwide.com/cgi-bin
Expires : 14-06-2016 00:25:30
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrator@doubleclick.net/
Expires : 16-06-2009 00:12:24
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@adserver.banneradministration[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:administrator@adserver.banneradministration.com/
Expires : 12-06-2007 00:12:16
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:administrator@mediaplex.com/
Expires : 22-06-2009 02:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 8



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Disk Scan Result for C:\WINDOWS\System32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Disk Scan Result for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 8



MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1708537768-1677128483-725345543-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1708537768-1677128483-725345543-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1708537768-1677128483-725345543-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1708537768-1677128483-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1708537768-1677128483-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1708537768-1677128483-725345543-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1708537768-1677128483-725345543-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

12:15:27 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:14.0
Objects scanned:70776
Objects identified:8
Objects ignored:0
New critical objects:8

---

Hent Hijackthis her http://www.spywarefri.dk/downloads1/hijackthis.exe

Klik "do a systemscan and save af logfile". Kopier loggen her ind i tråden, så kigger jeg på den

---

Logfile of HijackThis v1.99.1
Scan saved at 13:15:24, on 17-06-2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

---

sådan nu er du i gode hænder hos stl_s

---

Der er ikke noget snavs i loggen, men det kan gemme sig. Prøv at scanne med disse to scannere:

Hent denne scanner ned til skrivebordet ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Vent med at aktivere den.


Hent denne scanner http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Installer, og opdater scanneren manuelt. OBS, ved installationen bliver det foreslået at du registrerer med din email. Det behøver du ikke at gøre.


Start op i fejlsikret tilstand (tast f8 flere gange under opstart). Hvis du ikke kan det, så se her
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1


Dobbeltklik på drweb-cureit.exe. Den vil køre en expressscan, og det siger du ja til.

Når den skriver "Select object for scanning" nederst til venstre, skal du klikke på Options->Change settings.

Skift til fanebladet SCAN, og fjern fluebenet ved "Heuristic analysis".

Skift til fanebladet Actions. Under ADWARE indstiller du til DELETE. Alle andre punkter under MALWARE sættes til MOVE. Fjern fluebenet ved PROMPT ON ACTION. Klik ANVEND og OK.

Klik på det de drev du vil have scannet. Der kommer en rød prik, som viser at de er valgt.

Klik på den grønne pil ovre til højre på siden, for at starte scanningen.


Når scanningen er færdig, så find mappen Dr Web som ligger på dit hoveddrev, typisk C drevet, og find CUREIT.LOG. Scroll helt ned i bunden af loggen, hvor der står SCAN PATH og SCAN STATISTICS (KUN de nederste) og kopier det her ind.


Start SuperAntiSpyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

Genstart til normal tilstand (scanneren tilbyder måske at gøre det).

Åbn scanneren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden, sammen med CUREIT loggen.

Btw, jeg kan se at du ikke har servicepacks og kritiske opdateringer på maskinen, og det gør at maskinen er pivåben overfor virus og andre infektioner. Faktisk er det lidt af et mirakel at du ikke er hårdere angrebet end du er. Jeg kan se at du bliver promptet for aktivering af dit Windows, hvilket kan skyldes at det måske er en kopi. Hvis det er tilfældet, så syntes jeg du burde investere i et legalt, så du kan opdatere. Ellers vil du få store problemer.

---

stls... dødt link igen til dr web

undskylder lige på forhånd men hent den her da
http://fromsej.dk/Vejledninger/html/drweb.html

---

og så et ps.... du skal kun hente dr web på det link jeg satte ind - følg stl_s anvisninger gennem forløbet

---

Åh ja. Det sædvanlige problem med Kandu og ftp links. Havde da lige svedt det ud . Tak miritdk

---

og hvordan fjerner man så der der er de vil ikke fjernes heller ikke efter disse scanninger

---

Hvad er det for filer, helt præcist, der ikke bliver slettet ?

Hvis du har de to logs fra scannerne, så prøv lige at kopiere dem her ind

Dette spørgsmål er blevet annulleret, det er derfor ikke muligt for at tilføje flere kommentarer.