Hvad må jeg slette på HijackThis loggen ?

Ja.
Den er godt nok styg, vi kigger på den.

Gå ind her og hent Spybot også.
http://www.spywarefri.dk/vaerktoj.htm
Installer og kør Spybot, opdater online, scan, afhjælp valgte problemer, genstart.
Derefter  kører du Hijackthis, og kommer med en ny logfil, så kigger vi på den.

http://members.shaw.ca/techcd/WinsockXPFix.exe - Winsockfix.
http://www.cexx.org/lspfix.htm
De to progammer må du hellere hente, du risikerer at miste din internetforbindelse, efter en genstart.

Jeg har haft kørt SpyBot tidligere på aftenen og fjernet 152 bots. Jeg har lige kørt den igen og fjernede en mere, som hed "VX2/?"
Forøvrigt får jeg ofte en popup omkring installering af n-Case, hvad gør jeg ved denne ?
Jeg har hentet WinsockXPFix.exe og LSPFix.
Hermed ny log fra HijackThis:
Logfile of HijackThis v1.97.7
Scan saved at 00:49:35, on 09-01-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\mjbaaf.exe
C:\WINDOWS\System32\aolistxs.exe
C:\Programmer\ClearSearch\Loader.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\programme\GlobalDialer\tonex00233\svchost.exe
C:\Programmer\TRUST\Bluetooth-software\BTTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\XP_erhverv\Dokumenter\ULJ\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familylogon.stofanet.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~1\XP_ERH~1\APPLIC~1\MICROS~1\Office\Excel10.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {8F5BDB6D-404B-DDF1-7B1E-A6A0F9399860} - C:\WINDOWS\system32\qepauzxh.dll
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Programmer\ClearSearch\IE_ClrSch.DLL
O2 - BHO: (no name) - {DD43F0ED-DBA0-4ECB-CDA3-88BC82A1FFBF} - C:\WINDOWS\system32\tzgykugc.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
O4 - HKLM\..\Run: [ovutrzbm] C:\WINDOWS\mjbaaf.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\aolistxs.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Programmer\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [sws.exe] c:\programme\GlobalDialer\tonex00233\svchost.exe -remove
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.5532175926
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://cdn.climaxbucks.com/internet-optimizer/080703/UniDistIOcrack.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4297/mcfscan.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab

Fromsej er gået til ro nu, så jeg tager dig i stedet for. Det her er godt nok en styg log, som du også vil kunne se.

Du skal nu til at i gang med at fixe. Først skal du slå systemgendannelse fra. Hvis du ikke ved, hvordan du gør det så kig her:  http://spywarefri.dk/virusscannere.htm#alle

Jeg vil gerne have at du fixer fra fejlsikret tilstand, så print denne side ud så du kan se hvad du skal gøre for at blive clean. For at komme i fejlsikret tilstand, trykker du på f8 tasten under opstart.

Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte en vinge ud for alle disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.blazefind.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} - C:\WINDOWS\System32\n3tpa1.dll
O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~1\XP_ERH~1\APPLIC~1\MICROS~1\Office\Excel10.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - (no file)
O2 - BHO: (no name) - {8F5BDB6D-404B-DDF1-7B1E-A6A0F9399860} - C:\WINDOWS\system32\qepauzxh.dll
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Programmer\ClearSearch\IE_ClrSch.DLL
O2 - BHO: (no name) - {DD43F0ED-DBA0-4ECB-CDA3-88BC82A1FFBF} - C:\WINDOWS\system32\tzgykugc.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll

O4 - HKLM\..\Run: [sysu] "C:\progra~1\ddm\sysu.exe"
O4 - HKLM\..\Run: [ovutrzbm] C:\WINDOWS\mjbaaf.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\aolistxs.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Programmer\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKCU\..\Run: [sws.exe] c:\programme\GlobalDialer\tonex00233\svchost.exe -remove
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE

O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} - http://cdn.climaxbucks.com/internet-optimizer/080703/UniDistIOcrack.CAB
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB

---------------------------------------------------
Inden du skal finde og slette disse filer i fejlsikret tilstand, så følg denne vejledning:
Win2K og XP.
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
------------------------------------------------------

Find og slet disse prg.
C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\mjbaaf.exe => mjbaaf.exe
C:\WINDOWS\System32\aolistxs.exe => aolistxs.exe
C:\Programmer\ClearSearch\Loader.exe => ClearSearch\Loader.exe
C:\WINDOWS\System32\SahAgent.exe => SahAgent.exe
C:\programme\GlobalDialer\tonex00233\svchost.exe =>GlobalDialer\tonex00233\svchost.exe

Genstart normalt. Tag en ny scanning, og kopier ny log herind til tjek.

Kan du ikke lige kontrollere igen og, evt. bekræfte at jeg skal slette denne fil.
C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
For mig ligner det en fil fra min installation af Sony Ericsson software, som gør det muligt at ringe op til nettet via mobiltelefon(Jeg sidder med bærbar PC).
Filen er oprettet den 06.08.03 - samme dag som jeg installerede softwaren til Sony Ericsson og filen er fra firmaet "Extended Systems, Inc"

Lad den være i første omgang, den lyder legal nok, selvom den bliver fjernet i et andet forum, men ikke i et tredie.
Vi vender tilbage med mere info, hvis vi finder noget.

Hermed ny log. Må jeg slå systemgendannelse til igen nu ?

Logfile of HijackThis v1.97.7
Scan saved at 20:42:06, on 09-01-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\XP_erhverv\Dokumenter\ULJ\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familylogon.stofanet.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.5532175926
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4297/mcfscan.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab

Beautiful, hele svineriet i første hug.
for at holde din PC ren bør du installere nogle af programmerne fra vores pakke.
Minimum spywareguard, Spywareblaster og IE-Spyad.
http://www.spywarefri.dk/pakken.htm
Derudover IE Privacy Keeper som du finder her:
http://unhsolutions.net/IEPK/

Jeg troede at jeg var sluppet af med problemerne, men tværtimod. Udskriften af forrige log blev faktisk kørt efter at jeg selv havde fjernet det, som jeg vidste skulle slettes, såsom www.about-blank.biz samt diverse sex sider. Efter at have genstartet kommer de dog igen. Jeg har kørt Spybot først, men den slettede igen bare VX2/?
Hermed fuld version af loggen. Er der nogle som vil hjælpe ?

Logfile of HijackThis v1.97.7
Scan saved at 23:41:30, on 11-01-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\XP_erhverv\Dokumenter\ULJ\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familylogon.stofanet.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://about-blank.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: 69.56.223.196 t.rack.cc
O1 - Hosts: 69.56.223.196 www.alfa-search.com
O1 - Hosts: 69.56.223.196 webcoolsearch.com
O1 - Hosts: 69.56.223.196 in.webcounter.cc
O1 - Hosts: 69.56.223.196 i-lookup.com
O1 - Hosts: 69.56.223.196 www.hand-book.com
O1 - Hosts: 69.56.223.196 www.maxxxhosters.com
O1 - Hosts: 69.56.223.196 allneedsearch.com
O1 - Hosts: 69.56.223.196 nativehardcore.com
O1 - Hosts: 69.56.223.196 teen-biz.com
O1 - Hosts: 69.56.223.196 tits.hardcore4ever.net
O1 - Hosts: 69.56.223.196 best.royalsearch.net
O1 - Hosts: 69.56.223.196 default-homepage-network.com
O1 - Hosts: 69.56.223.196 xwebsearch.biz
O1 - Hosts: 69.56.223.196 www.rightfinder.net
O1 - Hosts: 69.56.223.196 www.search-1.net
O1 - Hosts: 69.56.223.196 www.searchv.com
O1 - Hosts: 69.56.223.196 www.websearch.com
O1 - Hosts: 69.56.223.196 mysearchnow.com
O1 - Hosts: 69.56.223.196 www.therealsearch.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 find.microgirls.com
O1 - Hosts: 69.56.223.196 super-spider.com
O1 - Hosts: 69.56.223.196 www.searching-the-net.com
O1 - Hosts: 69.56.223.196 www.firstbookmark.com
O1 - Hosts: 69.56.223.196 just.find-itnow.com
O1 - Hosts: 69.56.223.196 www.find-itnow.com
O1 - Hosts: 69.56.223.196 qwertysearch123.biz
O1 - Hosts: 69.56.223.196 www.search-space.com
O1 - Hosts: 69.56.223.196 www.windowws.cc
O1 - Hosts: 69.56.223.196 aifind.info
O1 - Hosts: 69.56.223.196 www.find4u.net
O1 - Hosts: 69.56.223.196 www.lookfor.cc
O1 - Hosts: 69.56.223.196 www.008i.com
O1 - Hosts: 69.56.223.196 www.viewpornkey.com
O1 - Hosts: 69.56.223.196 www.hugesearch.net
O1 - Hosts: 69.56.223.196 www.novafuck.com
O1 - Hosts: 69.56.223.196 www.seznam.cz
O1 - Hosts: 69.56.223.196 aifind.cc
O1 - Hosts: 69.56.223.196 www.onet.pl
O1 - Hosts: 69.56.223.196 teenhqpics.com
O1 - Hosts: 69.56.223.196 www.ttjj.com
O1 - Hosts: 69.56.223.196 www.search-dot.com
O1 - Hosts: 69.56.223.196 www.search-and-go.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Microsoft Excel - {17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} - C:\DOCUME~1\XP_ERH~1\APPLIC~1\MICROS~1\Office\Excel10.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.5532175926
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4297/mcfscan.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab

Har du nu husket at deaktivere din systemgendannelse, ellers gør det endelig nu.

Hent cwsschredder her:
http://www.spywareinfo.com/~merijn/junk/CWShredder.exe
Kør programmet, tjek for updates, luk alle vinduer, undtaget cwsschredder, klik på Next, den scanner nu, når den er færdigt klik på Fix, klik på Exit.

Ny logfil.

Husk en genstart imellem Exit og ny logfil.*S*

Hej
Systemgendannelse har været deaktiveret hele tiden og jeg har genstartet computeren og lavet ny logfil.

Logfile of HijackThis v1.97.7
Scan saved at 19:49:55, on 12-01-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\XP_erhverv\Dokumenter\ULJ\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.familylogon.stofanet.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://about-blank.biz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.5532175926
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4297/mcfscan.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab

Der er ikke meget tilbage. Fix disse:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://about-blank.biz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://about-blank.biz/

Find og slette denne i fejlsikret tilstand:
C:\PROGRA~1\FLLESF~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe

Jeg er meget i tvivl om ErTray.exe skal slettes. Umiddelbart ligner det noget som jeg skal bruge til min opkobling til nettet via min Sony Ericcson telefon.

Så skal du nok lige lade den ligge i fred og ro.