Spyware / explorer problem

Har du prøvet spybot?

Ellers kan du hente den her:
http://www.darkskies.dk/programmer/spybot.exe

Du skriver at du har brugt adaware, mener du ikke Ad-Aware, hvis ikke så har du fået spyware fra adaware, da den installere spyware for at fjerne spyware.

Hvis ikke noget af det hjælper, så prøv HijackThis.

HijackThis:
http://www.darkskies.dk/programmer/hijackthis.zip
Lige lidt hjælp til HijackThis:
Unzip filen og åben exe filen, Klik på Scan, når at den er færdig, så skal du klikke på Save Log, så gemmer du den et sted, logen kan nu åbnes i en tekst program f.eks. Notepad, opret et spørgsmål under "virus" katagorien og indsæt hele loggen, så vil en kigge på den.

Prøv evt. systemgendannelse og kør så en ny tur med den rigtige adware fra lavasoft:)

Undskyld fejl fra min side, jeg brugte noAdware til at fjerne det med, spybot fjernede alt på nær 3 ting, som den ville genstarte for at fjerne... derefter opstod problemet med explorer...

Smid en log fra Hijackthis herind - NoAdware er ikke for godt...: http://www.spywarewarrior.com/rogue_anti-spyware.htm!

Note on NoAdware:  NoAdware was listed on this page because of concerns with false positives and the use of aggressive, deceptive advertising (1, 2, 3) including exploitation of the name "ad-aware" (1). Earlier versions of NoAdware were also the same underlying application as Adware Hitman, Consumer Identity, Protect Your Identity, SpyBan, SpywareAssassin, Spyware C.O.P., SpywareKilla, The Adware Hunter, & TheSpywareKiller. Over the past few months, NoAdware has taken aggressive steps to reign in its affiliates (who were primarily responsible for the unsavory advertising) and released a new version of NoAdware (version 3.0) that addresses our concerns with false positves. Given these changes we can no longer regard NoAdware as "rogue/suspect" anti-spyware.
Domains: no-adware.com, noadware.biz, noadware.net, no-adware.net

(Note: other domains associated with NoAdware include: adware-free-download.com, adawareinfo.com, adwarenomore.net, adware-real-free-scan.com, adware-removal.biz, adwareremoval.net, free-adware-remover.org, free-adware-removal.net, free-adware-remover.org, free-adware-scan.com, free-spyware-check.com, nomorespyware.net, online-spybot-scan.com, spybotfinder.com, spyware-destruction.com, the-spyware-adware-remover.com,  thespywarepros.com) [A: 6-26-04 / U: 11-17-04]

Logfile of HijackThis v1.99.1
Scan saved at 16:25:37, on 02-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\syste

vi prøver igen

Logfile of HijackThis v1.99.1
Scan saved at 16:25:37, on 02-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\JetAudio\jetAudio.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\DOCUME~1\Geronimo\LOKALE~1\Temp\Rar$EX00.822\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rival2025.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [timessquare] c:\windows\timessquare.exe
O4 - HKLM\..\Run: [adtech2006] c:\windows\adtech2006a.exe
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Programmer\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [Shell] "C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
O4 - HKCU\..\Run: [CU1] C:\Programmer\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Programmer\Common Files\VCClient\VCMain.exe
O4 - Startup: husk.txt
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Programmer\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Programmer\ICQ\ICQ.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Programmer\Prime95\prime95.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmer\Fælles filer\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Jo - der er sku' 'gal' -
>10 elementer/linier i loggen 'snavs' (Velkommen i  c:\secure32.html  + tilbehør klubben...)

Jeg vil dog lade en HiJackThis ekspert bedømme resten...

Jeg har lagt svar i den nye tråd, så luk venligst her, ved at lægge et svar selv og acceptere dit eget svar.

... altså her: http://exp.dk/spm/676259 ...

ok :) takker