Kan ikke slippe af med searchv.com som startside.

Gå ind her og hent Spybot og Hijackthis.
http://www.spywarefri.dk/vaerktoj.htm
Installer og kør Spybot, opdater online, scan, afhjælp valgte problemer, genstart.
Derefter udpakker og kører du Hijackthis, scan, save log og kopier logfilen herind, så kigger vi på den.
Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.

Hvis du har husket at opdatere spybot, så bare gå videre til HJT.

Den er her, iøvrigt lynhurtigt svar. 
Logfile of HijackThis v1.97.3
Scan saved at 17:45:15, on 10-10-2003
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
C:\Programmer\Omniquad MyPrivacy\MyPrivacy.exe
C:\Programmer\Alwil Software\Avast4\ashDisp.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmer\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Jan Håkonsson\Lokale indstillinger\Temp\Midlertidig mappe 5 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tv2.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.tv2.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tv2.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
O4 - HKLM\..\Run: [MyPrivacy] C:\Programmer\Omniquad MyPrivacy\MyPrivacy.exe
O4 - HKLM\..\Run: [avast!] C:\Programmer\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ODSHost] C:\Programmer\ODSP\ODSHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "C:\Programmer\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Programmer\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun
O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg
O4 - HKLM\..\Run: [Registry Crawler] C:\PROGRA~1\RCrawler\RCrawler.exe -TRAYONLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmer\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Omniquad MyPrivacy (HKLM)
O9 - Extra 'Tools' menuitem: Omniquad MyPrivacy (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {0A7F4407-A1C8-496A-9670-F13370CAAACC} (SysReg_DK Control) - http://213.150.57.68/system/SysREG_DK.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/017a26a43d0ecbc61419/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.0515162037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp

Hvorfor står mit spørgsmål som accepteret?

Fordi du har accepteret allerede.

Det skal man vente med, indtil man får et svar man kan bruge..

Her er det ligemeget for fromsej hjælper dig hele vejen alligevel...

Jamen jeg aner ikke hvor/hvordan man accepterer, men oki.

Jeg kommer med et svar og vejledning i løbet af en times tid.*S*

Lyder bare godt.

Slå systemgendannelse fra: http://www.spywarefri.dk/virus.htm#alle
Følgende skal fixes med Hijackthis:
Scan, sæt flueben ved alle linier listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikker tilstand, og slet de filer listet nederst.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchv.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun
O4 - HKLM\..\Run: [sys] regedit /s C:\WINDOWS\sys.reg
O16 - DPF: {0A7F4407-A1C8-496A-9670-F13370CAAACC} (SysReg_DK Control) - http://213.150.57.68/system/SysREG_DK.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp
-------------------------------------------------
Prøv i fejlsikker Start=>Søg bs3.dll, hvis den er der slet den.
C:\WINDOWS\bs3.dll

Genstart normalt og kom med en ny logfil, så vi kan se om alt er med.

Har ordnet med hijack, måske dumt spørsmål men hvordan starter jeg xp i fejlsikret??

f8 ved start

oki

Her er den nye log, bs3.dll, kunne jeg imidlertid ikke finde.

Logfile of HijackThis v1.97.3
Scan saved at 19:25:18, on 10-10-2003
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
C:\Programmer\Omniquad MyPrivacy\MyPrivacy.exe
C:\Programmer\Alwil Software\Avast4\ashDisp.exe
C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\PROGRA~1\RCrawler\RCrawler.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmer\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Documents and Settings\Jan Håkonsson\Lokale indstillinger\Temp\Midlertidig mappe 6 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tv2.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.tv2.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.tv2.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\OPTICA~1\4DMAIN.EXE
O4 - HKLM\..\Run: [MyPrivacy] C:\Programmer\Omniquad MyPrivacy\MyPrivacy.exe
O4 - HKLM\..\Run: [avast!] C:\Programmer\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ODSHost] C:\Programmer\ODSP\ODSHost.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PP8 SE Reminder] "C:\Programmer\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Programmer\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Registry Crawler] C:\PROGRA~1\RCrawler\RCrawler.exe -TRAYONLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmer\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Omniquad MyPrivacy (HKLM)
O9 - Extra 'Tools' menuitem: Omniquad MyPrivacy (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/017a26a43d0ecbc61419/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.0515162037

Det pyntede.
For nu at holde den så ren skal du lige en tur ind her:
http://www.spywarefri.dk/vaerktoj.htm
Hent spywareblaster, SpywareGuard, IE-Spyad og Empty Temp folders, installer programmerne og hold dem opdaterede, de to første skal du lige opdatere online med det samme du har dem.
der er dansk brugervejledning på samme side, læs især om IE-Spyad, så du får det optimale ud af den.
Mvh:
Fromsej/Team Spywarefri.

Mange 1000-tak for super hurtigt og fremragende hjælp.

Velbekomme, du må gerne slå systemgendannelse til igen nu.
At du ikke kunne finde bs3.dll gør ikke noget, så er den da væk, du har fjernet den med spybot, undtaget den linie i din regdatabase, som vi fandt med hijackthis.