HJÆLP de vil ik gå væk

Hent en hijackthis : http://www.arlet.dk/hjt.htm

så finder vi en firewall og andre sikkerhedsprogrammer til dig bagefter

tak men hvad skal jeg slette inde i hijackthis det ser farligt ud

Det gør vi for dig. Du skal bare kopiere loggen herind...

Logfile of HijackThis v1.97.7
Scan saved at 20:32:14, on 30-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmer\FSI\F-Prot\F-StopW.EXE
C:\Programmer\FSI\F-Prot\F-Sched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\Programmer\Cryptainer LE\cryptainerle.exe
C:\PROGRA~1\FLLESF~1\EACCEL~1\EANTHO~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wisptis.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lise\Skrivebord\hjt.exe
C:\Programmer\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3213
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jp.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_1_4.dll
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {0E3B09F5-5416-2C51-F42F-3553C141B54A} - C:\WINDOWS\System32\gkelfysa.dll
O2 - BHO: (no name) - {0EF6CE2F-3A32-701E-025C-1272244C3832} - C:\WINDOWS\System32\ymhzyccy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B7CBC3FF-E699-D146-1C28-B06985DF7B2F} - C:\WINDOWS\System32\yntgiphm.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_1_4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1629.0\da\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [www.hidro.4t.com  ] enbiei.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Dimension4] C:\Documents and Settings\Knud\Skrivebord\d4time43\D4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [cupdate] C:\DOCUME~1\Lise\LOKALE~1\Temp\SFX2F.tmp\cupdate.exe
O4 - HKLM\..\Run: [F-StopW] C:\Programmer\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [bcray] C:\DOCUME~1\Lise\LOKALE~1\Temp\SFX2F.tmp\1002\bcray.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmer\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\spydoctor.exe" /Q
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: i-Nav Hjælp (HKLM)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp (HKLM)
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/cabs/1786015.cab
O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} - http://www.mrketing.biz/IE_plugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Start med at gå i kontrolpanel -> tilføj/fjern programmer og slet myway/bar
Den burde du kunne slette den vej
Genstart og kom med ny log.

er gået i gang med loggen

hmm den siger at den angivende modul ikke bliv fundet en eller anden dll fil? men den er der ikke siger den

Ok -> arlet gør denne log færdig :O)

Flyt først filen Hijackthis til en mappe oprettet kun til den.

Du skal nu til at i gang med at fixe:

Deaktiver systemgendannelse:
http://www.arlet.dk/systemgendannelsen.htm

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=3213
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=3213
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*

R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_1_4.dll

O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com

O2 - BHO: (no name) - {0E3B09F5-5416-2C51-F42F-3553C141B54A} - C:\WINDOWS\System32\gkelfysa.dll
O2 - BHO: (no name) - {0EF6CE2F-3A32-701E-025C-1272244C3832} - C:\WINDOWS\System32\ymhzyccy.dll
O2 - BHO: (no name) - {B7CBC3FF-E699-D146-1C28-B06985DF7B2F} - C:\WINDOWS\System32\yntgiphm.dll

O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [www.hidro.4t.com  ] enbiei.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [cupdate] C:\DOCUME~1\Lise\LOKALE~1\Temp\SFX2F.tmp\cupdate.exe
O4 - HKLM\..\Run: [bcray] C:\DOCUME~1\Lise\LOKALE~1\Temp\SFX2F.tmp\1002\bcray.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab



--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

--------------------------------------------------------------------

Find og slet i fejlsikret(f8 ved opstart):


C:\WINDOWS\system32\ssoftsrv.exe
C:\PROGRA~1\FLLESF~1\EACCEL~1\EANTHO~1.EXE



Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må du aktiver din systemgendannelse igen.

pssst
C:\PROGRA~1\MyWay\bar\2.bin\mwsoemon.exe

ja*S* troede han havde fået den væk i tilføj/fjern, men ser nu hans kommentar..

hmm forstår ikke helt det med den tilfældige mappe og det bag efter

hov tror jeg er med nu prøver lige

Logfile of HijackThis v1.97.7
Scan saved at 21:09:00, on 30-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmer\FSI\F-Prot\F-StopW.EXE
C:\Programmer\FSI\F-Prot\F-Sched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Lise\Skrivebord\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jp.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_1_4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_1_4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1629.0\da\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Dimension4] C:\Documents and Settings\Knud\Skrivebord\d4time43\D4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [F-StopW] C:\Programmer\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmer\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\spydoctor.exe" /Q
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: i-Nav Hjælp (HKLM)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp (HKLM)
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/cabs/1786015.cab
O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} - http://www.mrketing.biz/IE_plugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

fix i hijackthis:
R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_1_4.dll

genstart og ny log

Logfile of HijackThis v1.97.7
Scan saved at 21:36:49, on 30-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmer\FSI\F-Prot\F-StopW.EXE
C:\Programmer\FSI\F-Prot\F-Sched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\Lise\Skrivebord\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jp.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_1_4.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_1_4.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1629.0\da\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Dimension4] C:\Documents and Settings\Knud\Skrivebord\d4time43\D4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [F-StopW] C:\Programmer\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmer\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\spydoctor.exe" /Q
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: i-Nav Hjælp (HKLM)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp (HKLM)
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/cabs/1786015.cab
O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} - http://www.mrketing.biz/IE_plugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_1_4.dll (file missing)
Skal også fixes
Så er du ved at være der ;O)

mener du at jeg ikke skulle slætte den C:\Programmer\VeriSign\i-Nav\i-nav_4_1_4.dll ups

jo, den skal også slettes

Jo den skal væk :O)

Og denne:
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/cabs/1786015.cab
Skal også væk :O)

Logfile of HijackThis v1.97.7
Scan saved at 21:55:18, on 30-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmer\FSI\F-Prot\F-StopW.EXE
C:\Programmer\FSI\F-Prot\F-Sched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Spyware Doctor\spydoctor.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lise\Skrivebord\hjt.exe
C:\Programmer\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jp.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar\01.01.1629.0\da\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\270KDS~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Dimension4] C:\Documents and Settings\Knud\Skrivebord\d4time43\D4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [F-StopW] C:\Programmer\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programmer\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\spydoctor.exe" /Q
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: i-Nav Hjælp (HKLM)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp (HKLM)
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Trashcan (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan (HKCU)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {12B574CE-A702-E7AD-358C-597D3BCEA9FA} - http://www.mrketing.biz/IE_plugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Så er du ren og kan aktiver din systemgendannelse igen

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

Godt så går du kontrolpanelet ->tilføj/fjern programmer og sletter verisign.
Det er fyldt med spyware.
Du behøver ikke komme med ny log
Den er ren og du kan godt slå systemgendannelsen til igen

http://www.webattack.com/freeware/security/fwfirewall.shtml
Her kan du hente en gratis firewall.

http://www.webattack.com/freeware/security/fwvirus.shtml
Her der en gratis antivirus

Hent og installer følgende programmer, så kan det ikke gå helt galt:

http://www.spywarefri.dk/vaerktoj.htm#spywareguard
http://www.spywarefri.dk/vaerktoj.htm#spywareblaster
http://www.spywarefri.dk/vaerktoj.htm#ieprivacy
http://www.spywarefri.dk/vaerktoj.htm#adaware

Husk at opdatere dem med det samme :O)

hey tak, det var dejligt at få hjælp af nogen der ved hvad de laver.
tak... til jer begge to

Det var så lidt.
Pas nu godt på din pc :O)