sikkerhed: virus

hvis du har en firewall så skal du blokkere alt trafik med firewallen. Derefter skal du i tilføj og fjern programmer  og fjerne programmet. Når det er gjort så bør du køøre en antivirus scan og en adaware scan (http://www.lavasoftusa.com/) det kan man fjerne mange problemer med :-)

du kan også efter at have fjernet programmet lave en online virus scan (www.virus112.dk) som normalt er det sikreste da de er lidt foran mht til virus opdateringer, samt den på virus 112 fjerne alt (det her jeg i hvertfald haft gode erfainger med)

jeg har fjernet programmet men meddelsen blinker stadig på proceslinien, og når jeg klikker på den, kommer jeg ind på hjemmesiden og derbliver installeret et program igen nede på proceslinien,også videre

ok, du kan trykke ctrl+alt+delete og klikke fanebladet processer. Derinde kan du finde en process der hedder noget i stil med det programmet hedder (det er ikke altid de hedder det samme som programmet). Hvis du finder den fil som får programmet til at køre skal du skulle processen. Når den er "dræbt" kan du gå i C:\Programmer og finde den mappe som indeholder programmet og slette mappen. der vil nok komme en boks med en advarsel, men den skal man sige ok til. når mappen er væk så burde der ikke installere mere da man fjerner det lille program der henter internet oplysninger

Det virker desværre ikke

kan man lukke programmet i process linien ? ( neders til højre på processbaren) hvis man kan det, så prøv evt at køre en adaware scan for at checke den fjerner de programmer der måtte hente noget fra internettet. prøv evt at scanne med den online virus scanner jeg linkede til.

prøv dette:

hent her http://www.xblock.com/download/xclean_micro.exe

hent her http://download.ewido.net/ewido-setup.exe

hent her http://www.sitecenter.dk/secure/nss-folder/mappe/downloads/FixFalcon.exe

og til sidst smid logfilen fra hjt herind
hent her http://www.merijn.org/files/hijackthis.zip

dette kan du også prøve inden du smider hjt logfilen :-)
http://www.ccleaner.com/ccdownload.asp

skal vi ikke tage denne her med også :-)
http://www.sitecenter.dk/secure/nss-folder/mappe/downloads/SpyF.exe

copyright -> No offense, men malware som Spyfalcon skal helst fjernes efter en særlig procedure, for at være effektiv. Fix og scannere skal f,eks helst køres i en bestemt rækkefølge (long story).

kamillevej -> Jeg foreslår, at du henter HijackThis her http://www.spywarefri.dk/downloads1/hijackthis.exe
Do a system scan, and save a logfile. Kopier loggen her ind i tråden. Vent med at gøre noget noget, før du har fået en korrekt vejledning.

e of HijackThis v1.99.1
Scan saved at 12:59:08, on 03/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\Lavasoft\Personal Firewall\lpfw.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programmer\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Programmer\Messenger\msmsgs.exe
C:\valve\steam\steam.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\jesper\Lokale indstillinger\Temporary Internet Files\Content.IE5\DJSD5PWK\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oemji.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oemji.com/side_search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hpAED4.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [mwavscan] "C:\DOCUME~1\jesper\LOKALE~1\Temp\mwavscan.com" /s
O4 - HKLM\..\Run: [AdwareAlert] C:\Programmer\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Personal Firewall] C:\Programmer\Lavasoft\Personal Firewall\lpfw.exe /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm799YYDK
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Lavasoft\PERSON~1\wl_hook.dll
O20 - Winlogon Notify: sstqo - C:\WINDOWS\System32\sstqo.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Lavasoft Personal Firewall Service (LavasoftFirewall) - Agnitum Ltd. - C:\Programmer\Lavasoft\Personal Firewall\lpfw.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: MpService - Canon Inc. - C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Hvad skal jeg nu gøre???

Jeg hjælper dig.. :)

1. Hent og dobbeltklik på smitRem.exe

http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

Programmet pakker sig ud til mappen smitRem.

2. Hent Ewido, hvis du ikke har den i forvejen:
http://www.spywarefri.dk/downloads1/ewido-setup.exe

Installer og kør Ewido - Opdater straks efter installationen programmet (men lad være med at scanne endnu).

3. Genstart i fejlsikret, ( F8 når windows starter )

4. Åbn mappen smitRem, og dobbeltklik på RunThis.bat (Følg vejledningen i vinduet.)

5. Kør en fuld scanning med Ewido. Programmet laver en lille log, som du skal kopiere herind.

6. Genstart og kom med en frisk Hijackthislog, samt loggen fra Ewido. Find smitfiles.txt via Start/Søg. Kopier også denne log ind.

kamillevej -> Jeg undskylder at jeg ikke fulgte op, men jeg fik ikke mail om dit indlæg.

Jeg har kørt smitrem.exe, og derefter Ewide, men der er ingen virus, og der kommer ingen logfil. Dagen før lykkedes det mig at komme af med spycon, men den er kommet igen. Det eneste jeg kan hensive til er logfilen ovenfor. Hjælp mig videre please

Hent denne gratis scanner http://www.superantispyware.com/

Kør den i fejlsikret, og lad den fjerne det den finder. Lad den genstarte computeren, og så skulle problemet være løst.

Kom der efter med en frisk HijackThis log.

det skal du have mange tusinde tak for, programmet superantispyware fandt spyfalcon + meget mere. så jeg er bare superglad. Programmet er det et man kan blive ved at bruge eller løber der en dato?

Hvad skal jeg gøre for at du får point af mig???

Ja, det er en god scanner :) Gratis versionen kan du beholde så længe du vil. Vil du have aktiv beskyttelse mod spyware, i programmet, bliver du du nødt til at købe PRO versionen.

Vil du ikke lige have tjekket HijackThis loggen ?

jo tak hvordan gør jeg nu lige det?

Do a system scan, and save a logfile, hvis du stadigvæk har indstillet HijackThis til det. Ellers klik Scan, og når den er færdig, Save log, så åbner den i notesblok.

Logfile of HijackThis v1.99.1
Scan saved at 14:18:19, on 03/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Programmer\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\DitExp.exe
C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\valve\steam\steam.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\DOCUME~1\jesper\LOKALE~1\Temp\Rar$EX14.219\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [mwavscan] "C:\DOCUME~1\jesper\LOKALE~1\Temp\mwavscan.com" /s
O4 - HKLM\..\Run: [AdwareAlert] C:\Programmer\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm799YYDK
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: sstqo - C:\WINDOWS\System32\sstqo.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: MpService - Canon Inc. - C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Der er lige et par småtterier der skal væk.

Hent denne fil, højreklik på den, og klik installer http://www.mvps.org/winhelp2002/DelDomains.inf

Kør HijackThis, luk alle vinduer på nær HijackThis. Sæt flueben ved disse linier, og klik "fix checked":

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe (OBS, hvis din maskine kører som server, må du IKKE fixe den)
O4 - HKLM\..\Run: [mwavscan] "C:\DOCUME~1\jesper\LOKALE~1\Temp\mwavscan.com" /s
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm799YYDK
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: sstqo - C:\WINDOWS\System32\sstqo.dll (file missing)


Mht Adwarealert, så har det tidligere stået på denne liste, så med mindre du har den nyeste version, vil jeg foreslå du fjerner det http://www.spywarewarrior.com/rogue_anti-spyware.htm


Genstart, og lad mig lige se en frisk HijackThis log.

forevernewbie > mangler du ikke 015 linierne?

Nix, de forsvinder når DelDomains bliver kørt *S*.

sorry havde ikke set at du ville køre den.. *S* ;)

*S*

Logfile of HijackThis v1.99.1
Scan saved at 10:12:34, on 03/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Dit.exe
C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PRISMSTA.EXE
C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe
C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\DitExp.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\valve\steam\steam.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\DOCUME~1\jesper\LOKALE~1\Temp\Rar$EX00.141\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali A/S - Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [MPTBox] C:\PROGRA~1\Canon\MULTIP~1\mptbox.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmer\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Programmer\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmer\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: MpService - Canon Inc. - C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Du melder ikke om problemer, så jeg går ud fra at alt er ok.

Så er din log ren.


Efter et virus/spyware angreb, er det altid en god ide at rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.


Afsluttende rensning af browser cachen:


1. Klik på Funktioner - Internetindstillinger.

2. Under midlertidige filer, klik på slet cookies.

3. Under midlertidige filer, klik på slet filer – sæt flueben i slet alt offline indhold.

4. Under oversigten, klik på ryd oversigten.

5. Klik på ok.

6  Tøm papirkurven.


Link til sikring af din computer http://www.spywarefri.dk/manualer/sikkerhedspakke.htm


Nu har jeg lagt et svar, og hvis du ønsker at give mig point, kan du markere mit brugernavn, og klikke "accepter".

Ups, her er svaret.