pop up og jobliste

    Pop Up


    Har fået virus :/ Er jeg næsten sikker på.. en gang i mellem kommer der et pop up vindue om med reklamere, og AVG free 8.. kan ikk finde noget .. hvordan fjerner jeg det??


    Jobliste..


    Kan ikk få min jobliste frem, når jeg trykker ctrl+alt+del siger den bare "Jobliste er blevet deaktiveret af din administrator" WTF ?? Jeg er administratoren ?


    På forhånd tak ;)

    Prøv "Spybot destroy" programmet...
    og vedr jobliste som er deaktiveret... prøv at google...


    Regn med at bruge nogle timer på det... Der nemlig mange forskellige af den slags... og er ret sikker på at spybot destroy ikke er nok...

    Joblisten er nok blevet deaktiveret af det spyware eller virus der er på pcen


    Hvis jeg var dig ville jeg tage backup og formatere


    Det er sku umuligt at fjerne skidtet når det først er inde

    Bundkort: MSI P35-NEO-F, Intel P35, LGA775
    CPU: Intel Core 2 Duo E6550, BOX, LGA775
    Grafikkort: ASUS Radeon HD 5830 1GB GDDR5
    Harddisk: Seagate 7200.10 160GB, 8MB

    Gå ind i Kør (START -> Kør) og skriv:
    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f


    så ka du få din Jobliste frem igen :)


    men ellers ka du os prøve en "Advanced" udgave af joblisten nemlig Process Explorer fra microsoft af.


    [Blocked Image: http://i.technet.microsoft.com…plorer(en-us,MSDN.10).jpg]


    [Blocked Image: http://i.technet.microsoft.com…lorer1(en-us,MSDN.10).jpg]


    http://technet.microsoft.com/da-dk/sysinternals/bb896653(en-us).aspx

    1000- tak for hjælpen (;


    Her er report:


    SDFix: Version 1.208
    Run by Ejer on 26-07-2008 at 22:23


    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\Ejer\SKRIVE~1\SDFix


    Checking Services :


    Name :
    protect


    Path :
    \??\C:\DOCUME~1\Ejer\LOKALE~1\Temp\Rar$EX03.562\Dont Rip Aequitas\protect.sys


    protect - Deleted




    Restoring Default Security Values
    Restoring Default Hosts File


    Rebooting



    Checking Files :


    Trojan Files Found:


    C:\Documents and Settings\Ejer\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http://www.redtube.com\settings.sol - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080723204921218.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080723234633593.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080724102703968.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080724132820421.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080724172300218.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080725115055609.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080725133329328.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080725165235031.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080725210859312.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080726100010890.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080726112518125.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080726183524156.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080726183926031.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080726220548578.log - Deleted
    C:\DOCUME~1\Ejer\LOKALE~1\Temp\tmpfile0.bat - Deleted




    Folder C:\Documents and Settings\Ejer\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#http://www.redtube.com - Removed
    Folder C:\Documents and Settings\All Users\Application Data\SoftLand Ltd - Removed



    Removing Temp Files


    ADS Check :



    Final Check :


    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-26 22:32:06
    Windows 5.1.2600 Service Pack 2 NTFS


    scanning hidden processes ...


    scanning hidden services & system hive ...


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000002


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:9e,de,29,9a,c3,c3,24,42,50,9b,3c,f2,f1,ce,01,30,a4,34,61,8c,63,..
    "p0"="C:\Programmer\Alcohol Soft\Alcohol 120\"


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Programmer\DAEMON Tools\"
    "h0"=dword:00000001
    "khjeh"=hex:3b,f7,6f,8f,ff,c7,c7,ae,d6,1e,96,3e,9c,10,26,94,f9,5b,54,59,e1,..


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,dd,71,45,10,ba,45,da,b9,e5,7e,fd,08,cb,38,eb,e5,23,..
    "khjeh"=hex:e1,b4,15,81,1e,65,9e,e5,24,6e,14,b8,44,1a,dd,ef,ee,53,61,9f,c8,..


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:6b,7d,e6,a6,39,cc,bb,d6,d9,58,2e,bf,b4,75,05,7c,31,01,39,70,e6,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:9e,de,29,9a,c3,c3,24,42,50,9b,3c,f2,f1,ce,01,30,a4,34,61,8c,63,..
    "p0"="C:\Programmer\Alcohol Soft\Alcohol 120\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Programmer\DAEMON Tools\"
    "h0"=dword:00000001
    "khjeh"=hex:3b,f7,6f,8f,ff,c7,c7,ae,d6,1e,96,3e,9c,10,26,94,f9,5b,54,59,e1,..


    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,dd,71,45,10,ba,45,da,b9,e5,7e,fd,08,cb,38,eb,e5,23,..
    "khjeh"=hex:e1,b4,15,81,1e,65,9e,e5,24,6e,14,b8,44,1a,dd,ef,ee,53,61,9f,c8,..


    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:6b,7d,e6,a6,39,cc,bb,d6,d9,58,2e,bf,b4,75,05,7c,31,01,39,70,e6,..


    scanning hidden registry entries ...


    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0



    Remaining Services :





    Authorized Application Key Export:


    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmer\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Programmer\\Valve\\Steam\\SteamApps\\naarh1992\\counter-strike\\hl.exe"="C:\\Programmer\\Valve\\Steam\\SteamApps\\naarh1992\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Programmer\\LimeWire\\LimeWire.exe"="C:\\Programmer\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Programmer\\AVG\\AVG8\\avgupd.exe"="C:\\Programmer\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\\Programmer\\AVG\\AVG8\\avgemc.exe"="C:\\Programmer\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Programmer\\Messenger\\msmsgs.exe"="C:\\Programmer\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Programmer\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"="C:\\Programmer\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1"
    "C:\\Programmer\\Wyzo\\wyzo.exe"="C:\\Programmer\\Wyzo\\wyzo.exe:*:Enabled:Wyzo"
    "C:\\Programmer\\Counter-Strike Source\\hl2.exe"="C:\\Programmer\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
    "C:\\Programmer\\Bonjour\\mDNSResponder.exe"="C:\\Programmer\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Programmer\\HLSW\\hlsw.exe"="C:\\Programmer\\HLSW\\hlsw.exe:*:Enabled:HLSW"
    "C:\\Programmer\\DNA\\btdna.exe"="C:\\Programmer\\DNA\\btdna.exe:*:Enabled:DNA"
    "C:\\Programmer\\BitTorrent\\bittorrent.exe"="C:\\Programmer\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\WINDOWS\\system32\\lxcrcoms.exe"="C:\\WINDOWS\\system32\\lxcrcoms.exe:*:Enabled:Lexmark Communications System"
    "C:\\Programmer\\F‘lles filer\\Nero\\Nero Web\\SetupX.exe"="C:\\Programmer\\F‘lles filer\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
    "C:\\Documents and Settings\\Ejer\\Lokale indstillinger\\Temp\\OnlineUpdate8\\SetupXu.exe"="C:\\Documents and Settings\\Ejer\\Lokale indstillinger\\Temp\\OnlineUpdate8\\SetupXu.exe:*:Enabled:Nero ControlCenter"
    "C:\\Programmer\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="C:\\Programmer\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
    "C:\\Programmer\\Counter-Strike 1.6\\hl.exe"="C:\\Programmer\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Programmer\\Valve\\Steam\\SteamApps\\naarh1992\\condition zero\\hl.exe"="C:\\Programmer\\Valve\\Steam\\SteamApps\\naarh1992\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Programmer\\Valve\\Steam\\SteamApps\\naarh1992\\counter-strike source\\hl2.exe"="C:\\Programmer\\Valve\\Steam\\SteamApps\\naarh1992\\counter-strike source\\hl2.exe:*:Enabled:hl2"
    "C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:FTP (filoverf›rselsprogram)"
    "C:\\Documents and Settings\\Ejer\\Lokale indstillinger\\Temp\\Rar$EX09.203\\Team Fortress 2\\hl2.exe"="C:\\Documents and Settings\\Ejer\\Lokale indstillinger\\Temp\\Rar$EX09.203\\Team Fortress 2\\hl2.exe:*:Enabled:hl2"
    "C:\\Programmer\\Warcraft III\\Frozen Throne.exe"="C:\\Programmer\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"


    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"="C:\\Programmer\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


    Remaining Files :



    Files with Hidden Attributes :


    Mon 23 Jun 2008 1,208,320 ..SH. --- "C:\F42.exe"
    Wed 11 Jun 2008 6,104,632 A..H. --- "C:\Programmer\Picasa2\setup.exe"
    Mon 7 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Thu 29 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3.tmp"
    Wed 16 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d744c18ba04d5b8404e940448bc0cd6d\BIT45.tmp"

    Quote

    Oprindeligt indlæg af Naarh
    virke Process Explorer på xp med sp2 pakke ?


    ja har selv kørt med den i SP2 det var da jeg lærte og kende den, men nu køre jeg med SP3.


    hvorfor updater du ik din XP med SP3?