U slettelig Startside

download hijackthis fra http://www.spywarefri.dk/vaerktoj.htm
og smid en log fil her ned.. slet ikke noget selv!

kør den her scanner.. den burde klare det
http://cwshredder.net/bin/CWShredder.exe

Hej kvadrat

Den fandt ikke noget

Her en mit Hijack extract.

Logfile of HijackThis v1.99.0
Scan saved at 08:31:52, on 27-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\NavNT\vptray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\Michael Andersson.MA\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\RunOnce: [AAW] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe
O4 - Global Startup: Acrobat-assistenten.lnk = C:\Programmer\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DPROGRAM\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBC72BF-60B6-45F1-B16B-DC1A66B35607}: NameServer = 212.54.64.170,212.54.64.171
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmer\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: hpdj - Unknown - C:\DOCUME~1\MICHAE~1.MA\LOKALE~1\Temp\hpdj.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

fjern alt kazaa og andet p2p med denne : http://www.arlet.dk/kazaabegone.exe

genstart og ny log

Forkert link*S*

Her er det rigtige: www.arlet.dk/kazaabegone.zip

Tak for forsøget arlet

Men kazaa (med tilbehør) vil ikke VÆK, jeg har forsøgt alt (næsten)

Logfile of HijackThis v1.99.0
Scan saved at 09:34:01, on 27-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Programmer\NavNT\vptray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
K:\ibmdata\Skrivebord 27122004\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\RunOnce: [AAW] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe
O4 - Global Startup: Acrobat-assistenten.lnk = C:\Programmer\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DPROGRAM\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBC72BF-60B6-45F1-B16B-DC1A66B35607}: NameServer = 212.54.64.170,212.54.64.171
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmer\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: hpdj - Unknown - C:\DOCUME~1\MICHAE~1.MA\LOKALE~1\Temp\hpdj.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hej muffe17

Jeg har lige en lille indskydelse.
Sæt dit mailprogram til at kontrolere om der er nye mails en gang i minutet. Det vil fremskynde processen her meget.
Hvis du bruger OE skal du i programmet gå i <Funktioner> - <Indstillinger> og på fanebladet "Generelt" sætte den til at søge efter post hvert minut.

Sørg for at holde din postmodtager åben hele tiden *S*

Jeg er ikke helt sikker på hvor du vil hen med dette victor-1, men hvis du er bekymret for mine svartider, har jeg allerede en mailklient der henter mails hver 2. minut samtidig med at denne browser kører hele tiden(på min laptop, så genstart og des lign ikke forlænger svartiden)

Ja, jeg har været på farten hele dagen, derfor det meget sene svar..

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O23 - Service: hpdj - Unknown - C:\DOCUME~1\MICHAE~1.MA\LOKALE~1\Temp\hpdj.exe (file missing)



--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

--------------------------------------------------------------------

Find og slet manuelt i fejlsikret(f8 ved opstart):


C:\PROGRA~1\DAP <-hele mappen
C:\WINDOWS\system32\P2P Networking<-hele mappen
c:\program files\altnet<-hele mappen
C:\Programmer\Kazaa<-hele mappen
C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe


------------------------------------------------

Hent og kør ad-aware herfra: http://www.arlet.dk/spywarescanner.htm
scan hele computeren og slet alt hvad den finder

----------------------------------------------------------

Hent og kør denne scanner fra Kaspersky : http://www.spywareinfo.dk/download/mwav.exe
Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files
Og så trykker du på Scan Clean

----------------------------------------------------------

Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.

Hej Arlet

Her er den nye log fil.

Jeg har fulgt din fremgangsmåde, pånær at:

Slette: P2P mappen, Kazaa og mama.exe - da de ikke fandtes på pc'en
MWav: Kunne jeg ikke køre Scan Clean, men kun Scan ??? - jeg slettede de 3 hit den havde.

Men som du kan se er der ikke rigtig nogen forskel på log filen ??


Logfile of HijackThis v1.99.0
Scan saved at 17:33:34, on 27-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\NavNT\vptray.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
K:\ibmdata\Skrivebord 27122004\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\RunOnce: [AAW] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DPROGRAM\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBC72BF-60B6-45F1-B16B-DC1A66B35607}: NameServer = 212.54.64.170,212.54.64.171
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmer\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O23 - Service: hpdj - Unknown - C:\DOCUME~1\MICHAE~1.MA\LOKALE~1\Temp\hpdj.exe (file missing)

Dette har du vist ikke gjort, ellers prøv det igen


Genstart og ny log

Jo, det har jeg ellers prøvet. Fordi nedenstående er væk fra Log filen.

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O23 - Service: hpdj - Unknown - C:\DOCUME~1\MICHAE~1.MA\LOKALE~1\Temp\hpdj.exe (file missing)

men de andre er der stadig ??

Og lige en ny log-fil.

Logfile of HijackThis v1.99.0
Scan saved at 18:05:16, on 27-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmer\NavNT\vptray.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
K:\ibmdata\Skrivebord 27122004\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunOnce: [AAW] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DPROGRAM\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBC72BF-60B6-45F1-B16B-DC1A66B35607}: NameServer = 212.54.64.170,212.54.64.171
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmer\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Kan man have for meget/mange typer Virus,spam,Spyware fjernere installeret, kan disse være årsag til at der sker noget uforussætteligt ? Har p.t. Norton, Adaware SE, Spyhunter og har i løbet af dagen kørt måske 5-6 andre typer.

Jeg har fulgt en del af de andre tråde fra arlet, og lige meget hvilken jeg vælger støder jeg på en problem.

SpyBot: Crasher ved DPO depoits (er det ikke sådan det hedder)
Spyhunter: Kommer mindt i scanningen med en hukommelsesfejl
MWAv: Kan kun scanne og ikke scan/fix
HiJackThis: Retter kun nogle af de ændringer, jeg vælger.

Jeg har også købt en license til Giant: Virkede kun i 3 dage, så blev koden defekt(dvs. at licenseperioden var expired), Leverandøren er helt forvirret, da licens koden expire til dec. 2005

Kunne det være en ide at afinstallere alle virus, spy, spam ware's og installere dem en af gange efter de respective scanninger ? Hvis, ja i hvilken rækkefølge ville være bedst

Start op i fejlsikret(f8 ved opstart)

gå i hijackthis og fix:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe

genstart og ny log..

Det andet tager vi bagefter..

Ok, nu ved jeg hvad der sker !!!!

Jeg startede i fejlsikret tilstand, og slettede overstående. Genstartede

Og så kom AD-Watch og viste 5 reg editations ved opstart, og gæt hvilke 6 de var !

Log fil:

Logfile of HijackThis v1.99.0
Scan saved at 19:35:59, on 27-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
K:\ibmdata\Skrivebord 27122004\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunOnce: [AAW] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DPROGRAM\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBC72BF-60B6-45F1-B16B-DC1A66B35607}: NameServer = 212.54.64.170,212.54.64.171
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmer\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Dvs. at disse kom tilbage igen:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe

også hvis du sletter som nævnt disse:

Find og slet manuelt i fejlsikret(f8 ved opstart):

C:\PROGRA~1\DAP <-hele mappen
C:\WINDOWS\system32\P2P Networking<-hele mappen
c:\program files\altnet<-hele mappen
C:\Programmer\Kazaa<-hele mappen
C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe

... i fejlsikker tilstand i samme omgang som ovenstående FIX!!!

Jeg tester lige dette igen, men ja.

Jeg har kigget lidt rundt omkring og hentet Spy Sweeper, den finder faktisk 12 entry af spyware og lign. Når den så har fjernet dem, er alt som det skal være, indtil næste re-boot. Hmmm jeg tror at problemet ligger i: "Web--search Hijacker" men jeg kan ikke finde nogen hjælp til denne nogen steder andet end "Cool Web search" og det er ikke den.

Jeg prøver lige overstående en-gang-til for sikkerheden skyld (om 5. min - Spy Sweeper kører lige igen)

Gider du lige at kigge på denne Spy Swweper log (begge scanninger er med)

10:27 :  |···  Start of Session, 27. december 2004  ···|
10:27 :  Spy Sweeper 3.5.0  (Build 189) started
10:27 :  Updating spyware definitions
10:27 :  There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
10:28 :  Sweep initiated using definitions version 421
10:28 :  Sweeping memory for threats.
10:28 :  Memory sweep has completed.  Elapsed time 00:00:18
10:28 :  Registry sweep initiated.
10:28 :    Found: 5 Altnet registry traces.
10:28 :    Found: 4 CWS_NS3 registry traces.
10:28 :    Found: 1 Web--search Hijacker registry traces.
10:28 :    Found: 84 Cydoor registry traces.
10:28 :    Found: 20 IstBar registry traces.
10:28 :    Found: 1 PowerScan registry traces.
10:28 :    Found: 4 Roings Search Enhancment registry traces.
10:28 :  Registry sweep completed.  Elapsed time 00:00:31
10:28 :  Full sweep on all local drives initiated.
10:28 :    Now sweeping drive C:
10:29 :      Found Cookie: Mircx Cookie, version 1, c:\documents and settings\manderss\cookies\manderss@pop.mircx[1].txt
10:31 :      Found: IwantSearch, version Version
10:31 :      Found: Gator (GAIN), version 4.054
10:33 :      Found Adware: Altnet, version 1, c:\documents and settings\michael andersson.ma\menuen start\programs\altnet\peer points manager.lnk
10:46 :      Found Adware: CoolWebSearch (CWS), version 1, c:\windows\downloaded program files\webdlg32.inf
10:51 :      Found Adware: Bullguard Popup Ad, version 3.3, c:\windows\temp\bullguard\bulldownload.exe
10:51 :    Found: 30 file traces.
10:51 :  Full Sweep has completed.  Elapsed time 00:23:48
            96.089 files swept
            89 item traces located
10:52 :  Removal process initiated
10:52 :    Quarantining: Altnet
10:52 :      Registry: HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}
10:52 :      Registry: HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run||altnetpointsmanager
10:52 :      Registry: HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}||(-default-)
10:52 :      Registry: HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}||(-default-)
10:52 :      File: c:\documents and settings\michael andersson.ma\menuen start\programs\altnet\peer points manager.lnk
10:52 :    Quarantining: Bullguard Popup Ad
10:52 :      File: c:\windows\temp\bullguard\bulldownload.exe
10:52 :    Quarantining: CoolWebSearch (CWS)
10:52 :      File: c:\windows\downloaded program files\webdlg32.inf
10:52 :    Quarantining: CWS_NS3
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/webdlg32.dll
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls||c:\windows\downloaded program files\webdlg32.dll
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/webdlg32.dll||.owner
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/webdlg32.dll||{0e1230f8-ea50-42a9-983c-d22abc2eed3b}
10:52 :    Quarantining: Web--search Hijacker
10:52 :      Registry: HKEY_CURRENT_USER\software\microsoft\internet explorer\main||start page
10:52 :    Quarantining: Cydoor
10:52 :      Registry: HKEY_CURRENT_USER\software\cydoor
10:52 :      Registry: HKEY_CURRENT_USER\software\cydoor services
10:52 :      Registry: HKEY_USERS\WRSS_Profile_Default User\software\cydoor services
10:52 :      Registry: HKEY_USERS\WRSS_Profile_Default User.WINDOWS\software\cydoor services
10:52 :      Registry: HKEY_USERS\WRSS_Profile_LocalService\software\cydoor services
10:52 :      Registry: HKEY_USERS\WRSS_Profile_man\software\cydoor services
10:52 :      Registry: HKEY_USERS\WRSS_Profile_manderss\software\cydoor services
10:52 :      Registry: HKEY_USERS\WRSS_Profile_NetworkService\software\cydoor services
10:52 :      Registry: HKEY_USERS\WRSS_Profile_Default User\software\cydoor
10:52 :      Registry: HKEY_USERS\WRSS_Profile_Default User.WINDOWS\software\cydoor
10:52 :      Registry: HKEY_USERS\WRSS_Profile_LocalService\software\cydoor
10:52 :      Registry: HKEY_USERS\WRSS_Profile_man\software\cydoor
10:52 :      Registry: HKEY_USERS\WRSS_Profile_manderss\software\cydoor
10:52 :      Registry: HKEY_USERS\WRSS_Profile_NetworkService\software\cydoor
10:52 :    Quarantining: Gator (GAIN)
10:52 :      Folder: c:\documents and settings\michael andersson.ma\lokale indstillinger\temp\fsg_tmp\accum
10:52 :      Folder: c:\documents and settings\michael andersson.ma\lokale indstillinger\temp\fsg_tmp\accum\trickler
10:52 :      Folder: c:\documents and settings\michael andersson.ma\lokale indstillinger\temp\fsg_tmp
10:52 :    Quarantining: IstBar
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}
10:52 :      Registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}
10:52 :      Registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1
10:52 :      Registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0
10:52 :      Registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\flags
10:52 :      Registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\helpdir
10:52 :      Registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0\win32
10:52 :      Registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1||(-default-)
10:52 :      Registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\flags||(-default-)
10:52 :      Registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\helpdir||(-default-)
10:52 :      Registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0\win32||(-default-)
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\flags
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\helpdir
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0\win32
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1||(-default-)
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\flags||(-default-)
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\helpdir||(-default-)
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0\win32||(-default-)
10:52 :    Quarantining: IwantSearch
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\barlinks.ini
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\dating.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\dating1.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\desk.ini
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\finance.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\gambling.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\home.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\hot.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\kliksrch.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\links.ini
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\mortgages.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\pharmaci.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\pharmacy.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\poker.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\privacy1.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\realest.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\search.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\sport.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\spyware.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\switch.ico
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\toolbar.ini
10:52 :      File: c:\documents and settings\michael andersson.ma\application data\sbsoft\travel1.ico
10:52 :      Folder: c:\documents and settings\michael andersson.ma\application data\sbsoft
10:52 :    Quarantining: Mircx Cookie
10:52 :      Cookie: c:\documents and settings\manderss\cookies\manderss@pop.mircx[1].txt
10:52 :    Quarantining: PowerScan
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main||bandrest
10:52 :    Quarantining: Roings Search Enhancment
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm21.ocx
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls||c:\windows\downloaded program files\mm21.ocx
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm21.ocx||.owner
10:52 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm21.ocx||{e0ce16cb-741c-4b24-8d04-a817856e07f4}
10:52 :    Cleaning Traces
10:52 :      Blasting registry: HKEY_USERS\WRSS_Profile_manderss\software\cydoor services
10:52 :      Blasting registry: HKEY_USERS\WRSS_Profile_manderss\software\cydoor
10:52 :      Removing registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\helpdir
10:52 :      Removing registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\flags
10:52 :      Removing registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0\win32
10:52 :      Removing registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0
10:52 :      Removing registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1
10:52 :      Removing registry: HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}
10:52 :      Removing registry: HKEY_CLASSES_ROOT\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}
10:52 :      Removing registry: HKEY_CLASSES_ROOT\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls|| (c:\windows\downloaded program files\webdlg32.dll)
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls|| (c:\windows\downloaded program files\mm21.ocx)
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|| (altnetpointsmanager)
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/webdlg32.dll
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/webdlg32.dll|| ({0e1230f8-ea50-42a9-983c-d22abc2eed3b})
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/webdlg32.dll|| (.owner)
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm21.ocx
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm21.ocx|| ({e0ce16cb-741c-4b24-8d04-a817856e07f4})
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm21.ocx|| (.owner)
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main|| (bandrest)
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\helpdir
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\flags
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0\win32
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1\0
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\1.1
10:52 :      Removing registry: HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}
10:52 :      Replacing registry: HKEY_CURRENT_USER\software\microsoft\internet explorer\main|| (start page) || (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
10:52 :      Removing file: c:\documents and settings\manderss\cookies\manderss@pop.mircx[1].txt
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\travel1.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\toolbar.ini
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\switch.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\spyware.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\sport.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\search.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\realest.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\privacy1.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\poker.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\pharmacy.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\pharmaci.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\mortgages.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\links.ini
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\kliksrch.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\hot.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\home.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\gambling.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\finance.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\desk.ini
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\dating1.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\dating.ico
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\application data\sbsoft\barlinks.ini
10:52 :      Removing file: c:\windows\downloaded program files\webdlg32.inf
10:52 :      Removing file: c:\windows\temp\bullguard\bulldownload.exe
10:52 :      Removing file: c:\documents and settings\michael andersson.ma\menuen start\programs\altnet\peer points manager.lnk
10:52 :      Folder: c:\documents and settings\michael andersson.ma\lokale indstillinger\temp\fsg_tmp\accum\trickler
10:52 :      Folder: c:\documents and settings\michael andersson.ma\lokale indstillinger\temp\fsg_tmp\accum
10:52 :      Folder: c:\documents and settings\michael andersson.ma\lokale indstillinger\temp\fsg_tmp
10:52 :      Folder: c:\documents and settings\michael andersson.ma\application data\sbsoft
10:53 :  Removal process completed.  Elapsed time 00:00:38
          12 items (79 traces) quarantined.
10:57 :  Internet Explorer Home Page has been re11:02 :  |···  Start of Session, 27. december 2004  ···|
11:02 :  Spy Sweeper 3.5.0  (Build 189) started
11:07 :  Sweep initiated using definitions version 421
11:07 :  Sweeping memory for threats.
11:07 :  Memory sweep has completed.  Elapsed time 00:00:08
11:07 :  Registry sweep initiated.
11:08 :    Found: 1 Altnet registry traces.
11:08 :    Found: 1 Web--search Hijacker registry traces.
11:08 :  Registry sweep completed.  Elapsed time 00:00:20
11:08 :  Full sweep on all local drives initiated.
11:08 :    Now sweeping drive C:
11:23 :    Found: 0 file traces.
11:23 :  Full Sweep has completed.  Elapsed time 00:15:23
            95.824 files swept
            2 item traces located
11:23 :  Removal process initiated
11:23 :    Quarantining: Altnet
11:23 :      Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run||altnetpointsmanager
11:23 :    Quarantining: Web--search Hijacker
11:23 :      Registry: HKEY_CURRENT_USER\software\microsoft\internet explorer\main||start page
11:23 :    Cleaning Traces
11:23 :      Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|| (altnetpointsmanager)
11:23 :      Replacing registry: HKEY_CURRENT_USER\software\microsoft\internet explorer\main|| (start page) || (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
11:23 :  Removal process completed.  Elapsed time 00:00:01
          2 items (2 traces) quarantined.

Hvorfor finder Adaware ikke disse mere ? det plejer da ikke være noget problem at finde Cydoor,Gain og IStbar ??

Nyeste HiJackThis Log skal med - den kender jeg mest...
(Indtil <arlet> dukker tilbage...)

PS - Generelt:
Slet alle filer/mapper i følgende mapper (IKKE hele mappen, KUN alle filer/mapper i mappen)

C:\Windows\Temp\
C:\Documents and Settings\<Din bruger>\Lokale indstillinger\Temp\
C:\Documents and Settings\<Alle andre brugere>\Lokale indstillinger\Temp\
C:\Documents and Settings\<Din bruger>\Lokale indstillinger\Temporary Internet Files\
C:\Documents and Settings\<Alle andre brugere>\Lokale indstillinger\Temporary Internet Files\
Tøm din "Papirkurv"

Muligvis dette først:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Prøv da at lægge "Adaware" ind igen - opdater - rul den...
http://www.spywarefri.dk/vaerktoj.htm#adaware

Alle disse er slettet:

C:\PROGRA~1\DAP <-hele mappen
C:\WINDOWS\system32\P2P Networking<-hele mappen
c:\program files\altnet<-hele mappen
C:\Programmer\Kazaa<-hele mappen
C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe

velkommen til majsmarken

Den nyeste HiJack er identisk med den sidste du kan finde længere oppe, da min pc gen-installere disse entries efter re-boot. Men her er den igen:

Logfile of HijackThis v1.99.0
Scan saved at 23:40:28, on 27-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
K:\ibmdata\Skrivebord 27122004\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web--search.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunOnce: [AAW] "C:\Programmer\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DPROGRAM\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBC72BF-60B6-45F1-B16B-DC1A66B35607}: NameServer = 212.54.64.170,212.54.64.171
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmer\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hvordan f***** kommer HELE disse tilsyneladende ind igen ?
Jeg bliver nødt til at lukke nu - vil lade <arlet> rulle resten...

<arlet>: Hvad gør disse - ser lidt 'mistænkelige' ud...

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm

O4 - HKCU\..\Run: [Cear] C:\Documents and Settings\Michael Andersson.MA\Application Data\mama.exe

<arlet>: Jeg tror at jeg nu har fået styr på det, med hjælp fra Spy Sweeper, og de råd fra dig. Jeg gjorde følgende:

1.) Enablede Spy Sweeper Spy Installation Shield (velvidende at hverken browseren eller HiJ virker derefter)
2.) Bootede op i genstart, kørte HiJ, slettede referencer
3.) Bootede op normalt (og fik rigtig mange konfliker i Spy Sweeper)
4.) Definerede de forskellige shields (favorites, homepage, search ....)
5.) Genstartede og deaktiverede Spy Installation Shield og så .....

fik jeg denne log fil i HiJ.

Logfile of HijackThis v1.99.0
Scan saved at 00:59:04, on 28-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\SYSTEM32\MsgSys.EXE
C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmer\NavNT\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
K:\ibmdata\Skrivebord 27122004\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.jubii.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jubii.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmer\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Spy Sweeper.lnk = C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DPROGRAM\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DBC72BF-60B6-45F1-B16B-DC1A66B35607}: NameServer = 212.54.64.170,212.54.64.171
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmer\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

God morgen...

Ja, jeg var desværre ikke ved computeren resten af dagen igår...

Først er det et pænt arbejde dig og majsmarken har lavet...

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse (http://www.arlet.dk/systemgendannelsen.htm) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

God morgen

Deaktivering af systemgendannelse var faktisk det alle første jo gjorde igår, inden alt dette startede, så den vil jeg senere i dag aktivere igen.

Og tak, jeg kigger lige på din sikkerhedspakke (jeg har sikkert allerede gennemgået den flere gange igår. måske ?? jeg prøvede så mange ting i går, at jeg ikke længere kan huske hvad jeg har forsøgt mig med.

Så jeg skal bare have en af jer til at komme med et svar, så i kan lidt point, det var jo ikke ret meget jeg satte på højkant, men jeg var ikke helt opmærksom på at sagen ville udvikle sig i den grad. Men jeg ved ikke hvordan i normalt gør, jeg er ihverfald glad for at det nu er væk. Så sig til hvad jeg skal gøre her !

Jeg syntes at du skulle bede majsmarken om et svar, så han kan få pointene..

Jeg kunne desværre ikke følge dig til døren, men det hjalp majsmarken dig med, så derfor pointene til ham..

Pling...

(Vi ka' da dele i porten...)

Det er desværre gået virus i min "svar" knap, så jeg kan kun trykke "kommentar"*S*

Derfor pointene til dig*S*

hei majs...

Tak for hjælpen i går, selvom jeg ikke rigtig hvad der hjalp. Jeg udførte bare det hele som du kan se. Og det hjalp det var det vigtigste.

Her har du lidt point. med hensyn til arlet - skal jeg nok sørge for at der kommer lidt point til ham også, da jeg har nogle spørgsmål endnu.

muffe17 -> De spørgsmål kommer du bare med her.

Nu er vi samlet 2 "eksperter"her i tråden, så mon ikke vi kan besvare dine spørgsmål..

Skyd....

Men en stor tak til jer begge !! fra en meget tilfreds mand, der har brugt en hel dag i dag ved sin pc, uden underlige og andre forskellige pop-up og lign.

... jeg fulgte 'bare' lidt med af "oplærings" årsager (og som mit primære arbejde + famillien ka' tillade...) og da <arlet> ikke dukkede op efter X tid tillod jeg mig at følge lidt op - eller forsøge på det...

Bare på denne tråd ?, OK

Som omtalt længere oppe har jeg for nyligt købt Giant Antispyware. Den 6. Dec 2004, men den 13. Dec 2004 udløb licensen. Giant helpdesk beder mig så om at af-installere Giant og installere en ny version, som jeg henter. Efter installationen af denne kan jeg se at den stadigvæk udløber om en uge.

Spørgsmål: Hvordan fjerner jeg alle referencer til Giant, fordi ved re-installation beder den ikke om koder, som helpdesken skriver at den skulle gøre.

Jeg har forsøgt med Regedit: HKCU & HKLM under Software at slette de keys der hedder Giant, men det er ikke helt nok.

Har du søgt i hele regedit efter giant??

Ja, men jeg har denne gang ikke slettet andre end dem under software, fordi da jeg forsøgte dette i sidste uge, kom jeg til at lære lidt om systemgendannelse, da min browser slet ikke virkede mere, efter sletningen af alle referencer.

Men nu har jeg jo også lært lidt om WinReg her de sidste dage, så jeg kunne prøve igen, måske lidt mere varsomt - det prøver jeg lige og vender tilbage.

Jeg plejer at henvise til denne:
http://www.pcworld.dk/download.asp?Mode=2&ProgramID=559
og/eller
http://personal.inet.fi/business/toniarts/files/EClea2_0.exe

(For en sikkerheds skyld, lav en kopi af regdatabasen, klik på "Denne computer" i det stifindervindue du har fået frem, klik på Registreringsdatabase oppe til venstre, klik på Eksporter registreringsdatabasefil, giv den et nemt navn, F.eks bakreg, gem den i en mappe som du kan huske, skriv det evt. op)

Så kan du rode i regedit uden det "koster"

Men det kunne være fint hvis majsmarken´s programmer napper den..

Regcleaner "opskrift" - med DK sprog valgt:
[Værktøjer][Reg opryd][Kør dem alle]  Working...
Vælg alt hvad den finder - Slet det valgte...

Regcleaner:
På "forsiden" - led efter elementer som du ikke har mere - eksempelvis den der Giant ?  Slet dem...

Hej igen, undskyld denne lidt lange svartid.

Det lykkedes at fjerne alle referencer, ved at bruge regedit, og søge på Giant. Og (det var denne jeg glemte de første gange) søge på giant filsæssigt også, de havde lagt en fil udenfor installationsmappen ?? - Det tror jeg ikke jeg har oplevet siden Windows 3.11. Men ligemeget det virkede ikke at bruge den nye kode heller. Så nu er det op til Giant Company at finde på en løsning, eller give mig pengene tilbage.

Men ihvertfald tak for hjælpen til jer begge.