forkert menubar

OK du er blevet hijacked.

gør nu følgende

hent spybot search and destroy
http://www.safer-networking.org/index.php?lang=en&page=download
instaler opdater og scan og lad den fixe alt hvad den finder.

hent så hijackthis instaler kør og kopier den logfil den laver her ind.
http://www.webattack.com/get/hijackthis.shtml
DU MÅ IKKE FIXE NOGET SELV MED HIJACKTHIS!!!

så hjælper vi dig sikkert igennem det lort

alternativt kan du prøve dette program, som skulle virke mod netop den type problemer. Desvære kan jeg ikke sige så meget om programmets kvalitit/effektivitet.

jeg vil nok holde mig til mit første forslag, som er meget effektivt! og så får du andre til at gøre arbejdet for dig*S*

http://spywarefri.dk/vaerktoj.htm#bhodemon
http://www.definitivesolutions.com/bhodemon.htm

Hej C-holst

her er loggen
Logfile of HijackThis v1.97.7
Scan saved at 07:22:38, on 22-11-03
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tapisrv.exe
C:\WINNT\System32\esserver.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\rasman.exe
C:\WINNT\System32\SENS.EXE
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\loadwc.exe
E:\hpscan\PrecisionScan\hpsjbmgr.exe
C:\WINNT\System32\qttask.exe
C:\WINNT\loadqm.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programmer\Fælles filer\Real\Update_OB\rnathchk.exe
C:\WINNT\System32\MSWHEEL.EXE
C:\WINNT\System32\ddhelp.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\WINNT\Profiles\mol20\Skrivebord\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://i-lookup.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://i-lookup.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/w/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/w/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?656387 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: ohb - {18B79968-1A76-4953-9EBB-B651407F8998} - C:\WINNT\System32\windec32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINNT\winshow.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: I-Lookup.com Bar - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - C:\WINNT\System32\windec32.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [hpsjbmgr] e:\hpscan\PrecisionScan\hpsjbmgr.exe
O4 - HKLM\..\Run: [hpppta] e:\hpscan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [INETINFN] C:\I386\INETSRV\INETINFN.EXE
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~4\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~4\point32.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - Global Startup: Hogatex Automatik-Update.lnk = C:\Hogatex\Utils\HogaCOPY.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O13 - WWW. Prefix: http://
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://www.thepaymentcentre.com/build/preload.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/26d59cedd18406725a21/netzip/RdxIE2.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_pack.cab
O16 - DPF: {A9EF28A2-55D1-480B-A403-84928D59F556} (DFRun Class) - http://webpdp.gator.com/v3/download/iegator_3295_hd3ptdm.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} (iiittt Class) - http://toolbar2.i-lookup.com/toolbar2/windec32.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 194.239.134.83 193.162.153.164
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 194.239.134.83 193.162.153.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 194.239.134.83 193.162.153.164
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing) (HK

tak skal du have, der ser ud  til at trænge. Jeg har ikke selv tid nu, da jeg skal i gang med dagens arbejde, men op af formiddagen er jeg sikker på, at der kommer nogle friske folk og tjekker den igennem for dig.
så læn dig tilbage, nyd morgenkaffen, og hold øje med tråden her. Du vil nok modtage nogle instrukser, og blive bedt om at udføre nogle foskellige ting, men som jeg nævnte indledningsvis, det er andre der laver arbejdet for dig.

i mellemtiden skal du ikke pille ved noget, eller forsøge at slette noget ved hjælp af andre programmer, det gør det ikke bedre for dem der vil hjælpe dig.

hehe. frisk og frisk er så meget sagt.

Jeg skal nok løbe din log igennem.

Det er det gode ved Eksperten, der er altid en nørd eller to i nærheden. *G*

ha' en god dag

Jeg fandt da lidt snavs*S*


Der var MEGET snavs:
Du skal nu til at i gang med at fixe. Men først skal du lige have noget instruktion. Du skal åbne hijackthis. Du får herunder nogle filer som du skal fixe, det du skal gøre er at sætte en vinge ud for alle disse filer. IKKE FIXE endnu. Når du har gjort det så lukker du alle andre vinduer ned, det er meget vigtigt at det eneste vindue som er åbent er HijackThis vinduet. Husk også at lukke dette vindue når du har markeret filerne. Nu må du fixe. Klik på Fix chekede. Efter fix skal du genstarte din computer.
Her er de filer, du skal fixe :


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://i-lookup.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://i-lookup.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/w/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/w/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://i-lookup.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?656387 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?656387 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINNT\system32\searchbar.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: ohb - {18B79968-1A76-4953-9EBB-B651407F8998} - C:\WINNT\System32\windec32.dll
O2 - BHO: WinShow module - {6CC1C918-AE8B-4373-A5B4-28BA1851E39A} - C:\WINNT\winshow.dll
O3 - Toolbar: I-Lookup.com Bar - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - C:\WINNT\System32\windec32.dll
O4 - HKLM\..\Run: [INETINFN] C:\I386\INETSRV\INETINFN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O13 - WWW. Prefix: http://
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://www.thepaymentcentre.com/build/preload.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/26d59cedd18406725a21/netzip/RdxIE2.cab
O16 - DPF: {A9EF28A2-55D1-480B-A403-84928D59F556} (DFRun Class) - http://webpdp.gator.com/v3/download/iegator_3295_hd3ptdm.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/es/SysWebTelecom.cab
O16 - DPF: {FE1A240F-B247-4E06-A600-30E28F5AF3A0} (iiittt Class) - http://toolbar2.i-lookup.com/toolbar2/windec32.cab
O19 - User stylesheet: C:\WINNT\Web\oslogo.bmp (file missing) (HK


Derefter Genstarter du i fejlsikret tilstand(Fejlsikret tilstand kommer du i ved at trykke på <F8> når maskinen starter op, lige inden den begynder at indlæse Windows.) Find følgende fil i Stifinder og slet den:


C:\WINNT\loadqm.exe


Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.

Uha  Jeg tror jeg går over til brevduer igen

det varer lige et par dage inden jeg vender tilbage, da computeren står på mit arbejde

på forhånd tak

Her er den nye log.

Logfile of HijackThis v1.97.7
Scan saved at 10:41:24, on 24-11-03
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\tapisrv.exe
C:\WINNT\System32\esserver.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\rasman.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\SENS.EXE
C:\WINNT\Explorer.exe
C:\WINNT\System32\loadwc.exe
E:\hpscan\PrecisionScan\hpsjbmgr.exe
C:\WINNT\System32\qttask.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\System32\MSWHEEL.EXE
C:\WINNT\System32\ddhelp.exe
C:\Programmer\Fælles filer\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\WINNT\Profiles\mol20\Skrivebord\Ad Aware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (disabled by BHODemon)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [hpsjbmgr] e:\hpscan\PrecisionScan\hpsjbmgr.exe
O4 - HKLM\..\Run: [hpppta] e:\hpscan\PrecisionScan\hpppta.exe /ICON
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~4\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~4\point32.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINNT\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - Global Startup: Hogatex Automatik-Update.lnk = C:\Hogatex\Utils\HogaCOPY.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_pack.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 194.239.134.83 193.162.153.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 194.239.134.83 193.162.153.164

Jeg kunne ikke genstarte i Sikret tilstand, selv om jeg trykkede på F8 hele tiden???

jeg har slettet C:\winnt\loadqm.exe, men ikke i sikret tilstand???

Hilsen

Den er væk alligevel, så du er ren nu.

For at sikre din fremtidige færden på nettet vil jeg foreslå at du henter følgende programmer :
Spywareblaster & Spywareguard & IE-SPYAD & Empty Temp Folders

Alle programmerne finder du her http://www.spywarefri.dk/vaerktoj.htm

Hvor der også er en beskrivelse af programmerne, samt en installations vejledning..

Alt sammen skal løbende opdateres, ligesom dit windows og IE..

Derefter kan du trygt surfe på nettet, uden at få alt det snavs på computeren.