Trojan og virus Smitfraud-c og tropig

... du kunne jo begynde med at stikke mig/os en HiJackThis Log ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Linket vil ikke åbner sig!!!!!!!!!

Virker da fint ?!?

Forsigtig forespørgsel -> Når jeg ser på denne liste over dine tidl. UAFSLUTTEDE spm ->
http://www.eksperten.dk/list.phtml?sort=&order=DESC&status_1=on&status_2=on&spm_creator=ahwaz&spm_part=&spm_answer=&find=&engine=exp
bør du lige læse og forstå ->
http://expfaq.dk/behandling_af_svar#behandling_af_svar

Det sker ikke noget når jeg klikker for at hente prg. hijackthis,

Åbnes http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm over hele hovedet ikke noget som helst? Eller hvad mener du her ?

Direkte Link ->
http://www.spywarefri.dk/downloads1/alternativ.exe

Det var en lang smøre! MEN NYTTIG
Selvfølelig har du ret i og vi alm. bruger skal udviser en vis deciplin

Direkte linke var bedrer. Når jeg laver en hijackthis så bliver hængende og jeg kan ikke kopie logfilen der åbnes en windu med  teksten:
SAS message log
UNABLE TO OPEN/READ MESSAGE FILE USING THE -MSG PATHS

JO Jo
her er logfilen:

Logfile of HijackThis v1.99.1
Scan saved at 20:14:48, on 03-04-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\programmer\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Hossein\Skrivebord\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ekstrabladet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://signon.stofanet.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - :C:\Programmer\Yahoo!\Common\yiesrvc.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] :regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] :C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] :"C:\Programmer\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmer\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmer\Yahoo!\Common/ycsms.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O15 - Trusted Zone: www.ma-kasse.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\System32\a3dxq.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Dokumenter\Settings\winsys2f.dll
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Programmer\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: ewido security suite guard - Unknown owner - C:\Programmer\ewido anti-malware\ewidoguard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

Lige et par ?

1) Er der nogen grund til at du ikke har Install SP2 + efterfølgende >70 KRITISKE opdateringer fra WindowsUpdate ?
http://www.comon.dk/index.php/news/show/id=18812

2) Hvor meget bruger du af dette Yahoo! halløj ?

3) "Crypkey License" er det noget DU har lagt ind ?

1- Ja sp2 er undladt med vilje da PC,en er selv bygget og mine erfaringer med sp2 har været dårligt.
2- jeg bruger yahoo mail og messenger
3- Nej jeg kender ikke noget til Crypkey License"

Desuden kan jeg se mange gamle ting som står stadig såsom MacAfee osv...

Mht SP2 "min erfaring" siger det modsatte; du er MEGET mere udsat for diverse Uønskede elementer på dit system; som du nu har oplevet en del af ... Det er jo nok ikke for 'sjov' at M$ udgiver SP2 + >70 efterfølgende opdateringer ...

Dvs. du bruger IKKE "McAfee" og det er 'rester' derfra ifølge din log ?
Hvad bruger du så ?

Du skal nok få en 'rensnings' procedure om lidt; skal bare lige have lidt styr på ovenstående ...

Det er ikke noget gald med sp2 det er min PC der ikke kan klare sp2, mange prg ikke kan køre og værst var at den frøs i tid og utid.
McAfee bruger jeg ikke. Jeg bruger sikkerhedspakken fra spywarefri dvs. spybot, spywareblaster, Ad-Aware Se personal og Sygate firewall.

Når man ikke vil høre,så må man føle.
det er muligvis en ulovlig udgave af XP,ingen SP2 ingen rensning da arbejdet er spildt.

Provokation -> http://hemmingsvej.dk/spywarefri/tekster/XPUlovligKEY.jpg - måske derfor ?

Jeg har så ladet alt det der Yahoo halløj blive ...

------------------------------------------------------------------------

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten (Hvis den er der?)

Crypkey License - Kenonic Controls Ltd
ewido security suite control
ewido security suite guard
McAfee WSC Integration
McAfee Task Scheduler
McAfee SecurityCenter Update Manager
McAfee.com VirusScan Online Realtime Engine
Norman API-hooking helper

stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

------------------------------------------------------------------------

Kør en scanning med Hijackthis
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] :regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll (Alle disse linier)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Dokumenter\Settings\winsys2f.dll
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Programmer\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: ewido security suite guard - Unknown owner - C:\Programmer\ewido anti-malware\ewidoguard.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programmer\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)

For at kunne se alle filer og mapper, så følg denne vejledning:
http://www.spywareinfo.dk/tip-og-tricks/mappeindstillinger.htm

Genstart i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

Søg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

C:\Programmer\ewido anti-malware\ <- Hele mappen
c:\PROGRA~1\mcafee.com\ <- Hele mappen
C:\VIRUSfighter\Nvc\ <- Hele mappen
C:\WINDOWS\SYSTEM32\crypserv.exe
C:\Documents and Settings\All Users\Dokumenter\Settings\winsys2f.dll
c:\windows\system32\fqr.dll

Genstart normalt, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

RegBase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)

Fraklik Yahoo Toolbar under instalationen !!!

------------------------------------------------------------------------

Hej igen

Jeg har fixet de ting du har vist bortset fra "04- HKLM..............smqrt.dll" og "010- Unknown.." startet i fejlsikretilstand og følge vejledningen men ved ikke hvordan jeg skal finde de programmer der skal slettes.Jeg har flyttet prikket til vis skjulte filer og mapper så kan jeg ikke komme viderer.

Her er en ny log:
Logfile of HijackThis v1.99.1
Scan saved at 14:45:05, on 04-04-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Documents and Settings\Hossein\Skrivebord\alternativ.exe
C:\WINDOWS\system32\mqtgsvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ekstrabladet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - :C:\Programmer\Yahoo!\Common\yiesrvc.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] :C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] :"C:\Programmer\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmer\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmer\Yahoo!\Common/ycsms.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O15 - Trusted Zone: www.ma-kasse.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\System32\a3dxq.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Dokumenter\Settings\winsys2f.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\programmer\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

UF - jeg har åbenbart overset denne grimmert ->
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\System32\a3dxq.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Dokumenter\Settings\winsys2f.dll

Begge 'fixes' + SLETNING

-> Ny Log ...

(Joooo - det ka' blive lidt kringlet; og nu ka' jeg ikke la' være med at sige/skrive det: Det manglende SP2 + >70 efterfølgende opdateringer - Hmmm... )

Det er meget kringlet jeg fatter ikke hvad der sker.
Hijackthis opføre sig mærklig. Efter jeg markerer og klikker på for at fixer så løber den igennem og kommer med en advarsel noget med 010 og skybot og når jeg klikker på ok så får jeg en blank side og sker ikke noget.......

... vi skal tihverifald have ovennævnte elementer VÆK !!!

Hvis HiJackThis (stadig) ikke vil makke ret så ->

Download http://siri.urz.free.fr/Fix/SmitfraudFix.exe (by S!Ri)
Til roden af C:drevet

Genstart i fejlsikret tilstand, hvis du ikke ved hvordan så kig her:
http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

Dobbeltklik på C:\Smitfraud exe. Vælg punkt [2]. Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

Genstart og læg en frisk Hijackthislog herind, loggen fra SmitfraudFix (C:\rapport.txt) og fortæl hvordan computeren kører.

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

jeg kørt prg. smitfraudfixi fejlsikre tilstand men hijackthis opføre sig stadig underligt

Hmmm...

Måske ->
RegBase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)

Fraklik Yahoo Toolbar under instalationen !!!

Jeg har kørt Ccleaner og synes stadigvæk hijackthis ikke kan fixer de kritiske punkter.
Hvad med systemgendannelse skal den ikke deaktivires?

her er nyeste log

Logfile of HijackThis v1.99.1
Scan saved at 23:41:30, on 04-04-2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Documents and Settings\Hossein\Skrivebord\alternativ.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ekstrabladet.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - :C:\Programmer\Yahoo!\Common\yiesrvc.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmer\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PcSync] :C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] :"C:\Programmer\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmer\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmer\Yahoo!\Common/ycsms.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\fqr.dll
O15 - Trusted Zone: www.ma-kasse.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) - http://130.228.229.80/homeskyline/TEInstall/TE.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by110fd.bay110.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\System32\a3dxq.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Dokumenter\Settings\winsys2f.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\programmer\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

(Jeg har 'tabt' tråden lidt - og nok ikke så megen tid de næste dage.
Jeg vil anbefale dig at begynde "forfra" via http://www.spywarefri.dk/forum/ - de er goe' *S*, og henvise til denne tråd !!!)

Hvis nogen skulle være interesseret, blev den knækket ved en gang intens Google.*S*
Jeg fandt ud af at der var en "beskyttelsesfil" der skjulte infektionen, også kendt som et rootkit, så delvist gættede jeg på filnavnene og knaldede dem med Avenger.
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=36910#278529