Avatar billede larsen612 Nybegynder
01. maj 2006 - 15:12 Der er 13 kommentarer og
1 løsning

Min computer er infesteret af virus.

Jeg har fået virus på min computer. ER der nogle der gider kaste et blik på min dr.web logfil og evt. en hijack this fil???
Avatar billede TRoXa Novice
01. maj 2006 - 15:13 #1
smid logfilerne herind så er der sikkert en der kan svare ud fra det :)
Avatar billede larsen612 Nybegynder
01. maj 2006 - 15:30 #2
jeg har så lige lavet en dum lille fejl. Jeg har kørt drweb virus scanner fra dens placering på nettet, istedet for at gemme den på computeren, så nu kan jeg ikke finde logfilen. Jeg er nødt til at lave en ny scanning. Men jeg kan ikke vende tilbage før onsdag formiddag. smider lige en hijackthis fil ind. Håber der er responderet på den på onsdag :-)
Avatar billede larsen612 Nybegynder
01. maj 2006 - 15:32 #3
Her er en frisk hijackthis fil. er der noget der ikke bør være der?
Avatar billede larsen612 Nybegynder
01. maj 2006 - 15:32 #4
ups. her er filen.
Logfile of HijackThis v1.99.1
Scan saved at 15:32:50, on 01-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Microsoft Office\Office\FINDFAST.EXE
C:\Programmer\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dennis Larsen\Dokumenter\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Hurtig søgning.lnk = C:\Programmer\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office-start.lnk = C:\Programmer\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
Avatar billede tonnybrandt Nybegynder
01. maj 2006 - 15:48 #5
Du skal fixe disse to linier i HiJackThis:

O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe

Genstart og kom med en ny log.
Avatar billede larsen612 Nybegynder
02. maj 2006 - 11:59 #6
Ok. tak. jeg kigger på det imorgen formiddag og smider en ny log ind dér.
Avatar billede larsen612 Nybegynder
03. maj 2006 - 08:13 #7
så har jeg fixet de to linier du anbefalede. Her er en frisk Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 08:13:11, on 03-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Microsoft Office\Office\FINDFAST.EXE
C:\Programmer\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dennis Larsen\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=explorer.exe                                                                                                    "
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Hurtig søgning.lnk = C:\Programmer\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office-start.lnk = C:\Programmer\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
Avatar billede tonnybrandt Nybegynder
03. maj 2006 - 08:43 #8
Så er loggen ren.

Du bør stærkt overveje at få noget beskyttelse på den pc, da der ikke er nogen beskyttelsesprogrammer på, overhoveder.

Kig her for mere info, samt link til diverse programmer:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Avatar billede larsen612 Nybegynder
03. maj 2006 - 10:05 #9
Nu har jeg lige installeret avast antivirus og den har fundet et par vira og nogle trojanske heste og diverse andre ting. Jeg har lige to spørgsmål mere. Den ene er at jeg ikke kan finde en scan log når jeg har kørt drweb scanneren - hvad kan det skyldes?
Spørgsmål 2: Når jeg klikker på firewalls i kontrolpanel, får jeg en meddelelse om at windows ikke kan vise indstillingerne for firewalls af en ukendt årsag. hvad kan der være galt?
Jeg kan se at der er et eller andet der automatisk slår min firewall fra...

Håber du kan hjælpe...
Avatar billede tonnybrandt Nybegynder
03. maj 2006 - 17:46 #10
Klik start | kør, kopier denne kommando ind i tekstfeltet og tryk enter:
rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf

Genstart computeren.

Når den er genstartet, klikker du start | kør, skriv cmd og tryk enter.
I det sorte billede skriver du:
netsh winsock reset
og trykker enter.

Se om firewall'en nu virker.

Mht drweb, så er den nu begyndt at lægge loggen et andet sted end normalt.
Prøv at se om denne vejledning (Jeg ved ikke om den er opdateret) kan hjælpe med til at finde loggen:
http://fromsej.dk/Vejledninger/html/drweb.html
Avatar billede larsen612 Nybegynder
04. maj 2006 - 10:13 #11
Det med firewall'en virkede fint. tak for det. Mht. dr.web scanneren, så er er her en scanstatistic. Gider du kigge på den? jeg forstår ikke helt at den bliver ved med at finde en masse, men det er altsammen noget som den har sat i karantæne. sker der noget ved at slette dem? Hvorfor sletter scanneren dem ikke automatisk??



Scan statistics

Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00


[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\explorer.exe
[Scan path] C:\WINDOWS\system32\ctfmon.exe
[Scan path] C:\WINDOWS\system32\alg.exe
[Scan path] C:\Programmer\Microsoft Office\Office\FINDFAST.EXE
[Scan path] C:\DOCUME~1\DENNIS~1\LOKALE~1\Temp\RarSFX0\_start.exe
[Scan path] C:\DOCUME~1\DENNIS~1\LOKALE~1\Temp\RarSFX0\cureit.exe
[Scan path] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[Scan path] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
[Scan path] C:\Programmer\Messenger\msmsgs.exe
[Scan path] C:\Documents and Settings\Dennis Larsen\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Microsoft Office\Office\OSA.EXE
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\System32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\System32\hticons.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\System32\remotepg.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\WINDOWS\System32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll
[Scan path] C:\WINDOWS\System32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\System32\shmedia.dll
[Scan path] C:\WINDOWS\System32\browseui.dll
[Scan path] C:\WINDOWS\System32\sendmail.dll
[Scan path] C:\WINDOWS\System32\occache.dll
[Scan path] C:\WINDOWS\System32\webcheck.dll
[Scan path] C:\WINDOWS\System32\appwiz.cpl
[Scan path] C:\WINDOWS\System32\shimgvw.dll
[Scan path] C:\WINDOWS\System32\netplwiz.dll
[Scan path] C:\WINDOWS\System32\zipfldr.dll
[Scan path] C:\WINDOWS\System32\cdfview.dll
[Scan path] C:\WINDOWS\System32\msieftp.dll
[Scan path] C:\WINDOWS\System32\docprop2.dll
[Scan path] C:\WINDOWS\System32\dsquery.dll
[Scan path] C:\WINDOWS\System32\dsuiext.dll
[Scan path] C:\WINDOWS\System32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\System32\dfsshlex.dll
[Scan path] C:\WINDOWS\System32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\WINDOWS\System32\twext.dll
[Scan path] C:\WINDOWS\System32\extmgr.dll
[Scan path] C:\Programmer\Microsoft Office\Office\UNBIND.DLL
[Scan path] C:\Programmer\Microsoft Office\Office\olkfstub.dll
[Scan path] C:\Programmer\Alwil Software\Avast4\ashShell.dll
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\System32\stobject.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\System32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\audstub.sys
[Scan path] C:\Programmer\Alwil Software\Avast4\ashServ.exe
[Scan path] C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
[Scan path] C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\System32\dllhost.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\disk.sys
[Scan path] C:\WINDOWS\System32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\flpydisk.sys
[Scan path] C:\WINDOWS\system32\drivers\fltmgr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\System32\imapi.exe
[Scan path] C:\WINDOWS\system32\drivers\ip6fw.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipnat.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys
[Scan path] C:\WINDOWS\System32\mnmsrvc.exe
[Scan path] C:\WINDOWS\system32\drivers\MODEMCSA.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\System32\msdtc.exe
[Scan path] C:\WINDOWS\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\processr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\psched.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\redbook.sys
[Scan path] C:\WINDOWS\System32\locator.exe
[Scan path] C:\WINDOWS\System32\rsvp.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\RTL8139.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\drivers\scsiport.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\System32\tlntsvr.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\System32\DRIVERS\usbuhci.sys
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\viaagp.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\viaide.sys
[Scan path] C:\WINDOWS\system32\drivers\ac97via.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\System32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Speed Launch.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Hurtig søgning.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office-start.lnk

Scan statistics

Objects scanned: 202
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1103 Kb/s
Scan time: 00:00:37


[Scan path] C:\
C:\hiberfil.sys - read error
>C:\hwiraxt0.#xe is adware program Adware.Voghp - renamed
>C:\kowee__0.#xe is adware program Adware.Voghp - renamed
C:\Documents and Settings\Dennis Larsen\NTUSER.DAT - read error
C:\Documents and Settings\Dennis Larsen\NTUSER~1.LOG - read error
>C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\adv470[10.html\Script.0 infected with VBS.Psyme.202
C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\adv470[10.html - archive contains infected objects - moved
>C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\bag[1]_0.html\Script.0 infected with Exploit.CAN2005-1790
C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\bag[1]_0.html - archive contains infected objects - moved
>C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[10.html\JavaScript.0 infected with Exploit.IframeBO
C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[10.html - archive contains infected objects - moved
>C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[11.html\JavaScript.0 infected with Exploit.IframeBO
C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[11.html - archive contains infected objects - moved
>C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[12.html\JavaScript.0 infected with Exploit.IframeBO
C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[12.html - archive contains infected objects - moved
>C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[20.html\JavaScript.0 infected with Exploit.IframeBO
C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[20.html - archive contains infected objects - moved
>C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[21.html\JavaScript.0 infected with Exploit.IframeBO
C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[21.html - archive contains infected objects - moved
>C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[22.html\JavaScript.0 infected with Exploit.IframeBO
C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[22.html - archive contains infected objects - moved
>C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[30.html\JavaScript.0 infected with Exploit.IframeBO
C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[30.html - archive contains infected objects - moved
>C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[31.html\JavaScript.0 infected with Exploit.IframeBO
C:\Documents and Settings\Dennis Larsen\DoctorWeb\Quarantine\fillmemadv470[31.html - archive contains infected objects - moved
C:\Documents and Settings\Dennis Larsen\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Dennis Larsen\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Dennis Larsen\Lokale indstillinger\Temp\~DF2843.tmp - read error
C:\Documents and Settings\Dennis Larsen\Lokale indstillinger\Temp\~DF2873.tmp - read error
C:\Documents and Settings\Dennis Larsen\Lokale indstillinger\Temp\~DF4E1E.tmp - read error
C:\Documents and Settings\Dennis Larsen\Lokale indstillinger\Temp\~DFCB0C.tmp - read error
C:\Documents and Settings\Dennis Larsen\Lokale indstillinger\Temp\~DFEFBC.tmp - read error
C:\Documents and Settings\Dennis Larsen\Lokale indstillinger\Temp\~DFF493.tmp - read error
C:\Documents and Settings\Dennis Larsen\Lokale indstillinger\Temp\~DFF4FA.tmp - read error
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>C:\System Volume Information\_restore{49A88199-BB90-4685-B67B-DB9A8D71E455}\RP12\A0003210.#xe is adware program Adware.Voghp - renamed
>C:\System Volume Information\_restore{49A88199-BB90-4685-B67B-DB9A8D71E455}\RP12\A0003211.#xe is adware program Adware.Voghp - renamed
>C:\System Volume Information\_restore{49A88199-BB90-4685-B67B-DB9A8D71E455}\RP12\A0003221.#xe is adware program Adware.Voghp - renamed
>C:\WINDOWS\s7k7y761.#xe is adware program Adware.Voghp - renamed
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error
C:\WINDOWS\Temp\PERFLI~2.DAT - read error
C:\WINDOWS\Temp\_avast4_\WEBSHL~1.TXT - read error

[Scan path] D:\
[Scan path] E:\
[Scan path] F:\

Scan statistics

Objects scanned: 51741
Infected objects found: 10
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 6
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 6
Objects moved: 10
Objects ignored: 0
Scan speed: 1167 Kb/s
Scan time: 00:42:41
Avatar billede tonnybrandt Nybegynder
04. maj 2006 - 10:38 #12
Du kan roligt slette alt hvad der ligger i Quarentine i drweb.

Mht, hvorfor drweb ikke automatisk sletter alt istedet for at sætte det i Quarentine, så er det faktisk noget du selv sætter op på fanebladet Actions.

At den sætter ting i Quarentine er blot dens "default" indstillinger, men dem kan du som sagt ændre.

I loggen er der en del "read error's" men dette er helt normalt, da windows jo både har reg-basen samt en del tmp filer åbne, og nægter derfor drweb adgang til disse filer.

Du har nogle enkelte adware filer i _restore, og for at fjerne dem helt, kan du enten sætte drweb op til at fjerne adware programmer i drweb og køre en ny scanning, eller også lige deaktivere systemgendannelse, genstarte og herefter aktivere systemgendannelse igen.
(højreklik denne computer, vælg egenskaber, fanebladet Systemgendannelse)
Avatar billede larsen612 Nybegynder
08. maj 2006 - 08:42 #13
Nu ser det ud til at computeren er renset for diverse snavs. Tak for hjælpen.
Avatar billede tonnybrandt Nybegynder
08. maj 2006 - 10:38 #14
Velbekomme og takker for point :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester