Hjælp til at fjerne div, snask detr tærer på hastigheden søges

Oplever du ellers problemer ?

Gennemfør evt. proceduren herfra ->
http://www.eksperten.dk/artikler/1123

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

En lidt outdated Hijackthis du der bruger...
Brug nyeste: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Hm..så er jeg igennem hele baljen fra artiklen. Lægger logs i nyt sprgsmål.

Tak for dit input john *S*

Hvad mener du med "Lægger logs i nyt sprgsmål."

Du opretter vel ikke nyt spørgsmål bare til logs????

Tak for din venlige tilrettevisning. Du er et sjældent godt menneske der gidder at bruge tid på os håbløse..tak for det.

Vel tilbage på sporet spejder jeg ivrigt efter en der kigger i logs  :o)



Logfile of HijackThis v1.99.1
Scan saved at 17:36:47, on 05-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\POP\My Documents\DOKUMENTER\CRAPCLEANING\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kaninunivers.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179594019155
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179605607203
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/05/2007 at 05:02 PM

Application Version : 3.7.1018

Core Rules Database Version : 3318
Trace Rules Database Version: 1319

Scan type      : Complete Scan
Total Scan Time : 00:24:32

Memory items scanned      : 171
Memory threats detected  : 0
Registry items scanned    : 4717
Registry threats detected : 0
File items scanned        : 29602
File threats detected    : 23

Adware.Tracking Cookie
    C:\Documents and Settings\POP\Cookies\pop@imrworldwide[1].txt
    C:\Documents and Settings\POP\Cookies\pop@adtech[2].txt
    C:\Documents and Settings\POP\Cookies\pop@e2.emediate[2].txt
    C:\Documents and Settings\POP\Cookies\pop@ads.estart[1].txt
    C:\Documents and Settings\POP\Cookies\pop@ad1.emediate[2].txt
    C:\Documents and Settings\POP\Cookies\pop@adfair[1].txt
    C:\Documents and Settings\POP\Cookies\pop@tradedoubler[2].txt
    C:\Documents and Settings\POP\Cookies\pop@doubleclick[2].txt
    C:\Documents and Settings\POP\Cookies\pop@mediaplex[2].txt
    C:\Documents and Settings\POP\Cookies\pop@track.adform[2].txt
    C:\Documents and Settings\POP\Cookies\pop@banner.fynskemedier[1].txt
    C:\Documents and Settings\POP\Cookies\pop@adserver.banneradministration[2].txt
    C:\Documents and Settings\BØRN\Cookies\børn@adfair[2].txt
    C:\Documents and Settings\BØRN\Cookies\børn@e2.emediate[2].txt
    C:\Documents and Settings\BØRN\Cookies\børn@track.adform[1].txt
    C:\Documents and Settings\POP\Cookies\pop@adtech[1].txt
    C:\Documents and Settings\POP\Cookies\pop@doubleclick[1].txt
    C:\Documents and Settings\POP\Cookies\pop@imrworldwide[2].txt
    C:\Documents and Settings\POP\Cookies\pop@mediaplex[1].txt
    C:\Documents and Settings\POP\Cookies\pop@statcounter[1].txt
    C:\Documents and Settings\POP\Cookies\pop@track.adform[1].txt
    C:\Documents and Settings\POP\Cookies\pop@track.adform[3].txt

Adware.Accoona
    C:\PROGRAM FILES\FILESUBMIT\CARROTSCUR.ZIP\ATOOLBAR400005.EXE



********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
05-10-2007 17:38:12,75

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 17:38:13
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0


ComboFix 07-10-04.6 - POP 2007-10-05 17:40:40.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.188 [GMT 2:00]
Running from: C:\Documents and Settings\POP\My Documents\DOKUMENTER\CRAPCLEANING\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Marco Frid\Skrivebord\internet.lnk

.
(((((((((((((((((((((((((  Files Created from 2007-09-05 to 2007-10-05  )))))))))))))))))))))))))))))))
.

2007-10-05 17:39    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-04 20:27    <DIR>    d--------    C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-10-04 20:26    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2007-10-04 20:26    <DIR>    d--------    C:\Documents and Settings\POP\Application Data\SUPERAntiSpyware.com
2007-10-04 11:01    626,688    --a------    C:\WINDOWS\system32\msvcr80.dll
2007-10-04 11:01    499,712    --a------    C:\WINDOWS\system32\msvcp71.dll
2007-10-04 11:01    348,160    --a------    C:\WINDOWS\system32\msvcr71.dll
2007-10-04 11:01    <DIR>    d-a------    C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-09-10 17:24    <DIR>    d--------    C:\Documents and Settings\POP\Application Data\Apple Computer

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 20:26    ---------    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2007-10-04 17:49    ---------    d--------    C:\Program Files\Google
2007-10-04 17:46    ---------    d--------    C:\Program Files\Microsoft ActiveSync
2007-10-04 17:45    ---------    d--------    C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2007-10-04 11:14    ---------    d--------    C:\Program Files\Lavasoft
2007-09-03 11:11    ---------    d--------    C:\Documents and Settings\POP\Application Data\ParetoLogic
2007-08-31 11:35    ---------    d--------    C:\Program Files\Aspect2
2007-08-05 20:57    ---------    d--------    C:\Program Files\MediaMonkey
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-12-27 20:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-12-17 22:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-04 17:50]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys
R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys
S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 10:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-05 15:35:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 17:42:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-05 17:43:43
C:\ComboFix-quarantined-files.txt ... 2007-10-05 17:43
.
    --- E O F ---

Så mangler vi bare dr1_larry...

I'm here *S* -> AKA dr1_larry ...

Der er ikke så meget mere at fiske efter...

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

http://www.spywarefri.dk/tipsogtricks.htm#langsom