Gator + MySearch - Vil du/I kigge på logfil ?

løber den igennem

Hent og kør dette program: http://www.arlet.dk/cwshredder.htm
genstart og ny hijackthis log

Hermed ny logfil, - på forhånd tak for hjælpen.
Logfile of HijackThis v1.97.7
Scan saved at 20:37:15, on 08-04-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\internat.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\WINNT\system32\worm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q5F8TGRU\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdc.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O1 - Hosts: 168.161.49.130 London_WM_UK.twi.com
O1 - Hosts: 168.161.51.2 ciscowmmes.wmme.de ciscowmmes
O1 - Hosts: 168.161.58.168 www.wmg.com
O1 - Hosts: 171.1.220.58 www.timeinc.com
O1 - Hosts: 193.43.14.5 ITM006 ITM006
O1 - Hosts: 193.57.51.251 FRP007 FRP007
O1 - Hosts: 193.148.19.97 SPM004 SPM004
O1 - Hosts: 194.36.93.33 INL006 INL006
O1 - Hosts: 194.60.216.66 INL007 inl007
O1 - Hosts: 194.60.216.69 INL008 inl008
O1 - Hosts: 194.68.215.65 SWS002
O1 - Hosts: 194.113.87.17 gea017
O1 - Hosts: 194.113.87.23 gea023
O1 - Hosts: 194.113.87.32 gea032.wmme.de gea032
O1 - Hosts: 206.245.81.66 nvW038
O1 - Hosts: 206.245.81.37 nvw142
O1 - Hosts: 206.245.77.65 ciscocopenhagen ciscop
O1 - Hosts: 206.245.77.66 wmd001.wmdenmark.dk wmd001
O1 - Hosts: 206.245.77.67 WMIDENMARK01 wmds01
O1 - Hosts: 206.245.77.68 WMIDENMARK01PORT2 wmds02
O1 - Hosts: 206.245.77.69 wmd004.wmdenmark.dk wmd004
O1 - Hosts: 206.245.77.70 wmd005.wmdenmark.dk wmd005
O1 - Hosts: 206.245.77.71 wmd006.wmdenmark.dk PRN001
O1 - Hosts: 206.245.77.72 wmd007.wmdenmark.dk PRN002
O1 - Hosts: 206.245.77.73 wmd008.wmdenmark.dk PRN003
O1 - Hosts: 206.245.77.74 wmd009.wmdenmark.dk RUL001
O1 - Hosts: 206.245.77.75 wmd010.wmdenmark.dk wmd010
O1 - Hosts: 206.245.81.1 nvw003
O1 - Hosts: 208.137.214.68 proxyinl
O1 - Hosts: 194.60.216.61 WMIBHBAKERST01
O1 - Hosts: 194.60.216.72 WMIBHBAKERST02
O1 - Hosts: 194.60.216.73 WMIBHBAKERST03
O1 - Hosts: 194.60.216.111 WMIBHMONITOR
O1 - Hosts: 168.161.23.241 WMIBHNEWYORK01
O1 - Hosts: 168.161.23.242 WMIBHNEWYORK02
O1 - Hosts: 202.40.7.68 WMIBHHONGKONG01
O1 - Hosts: 194.113.86.14 WMIBHGERMANY01
O1 - Hosts: 168.161.58.133 WMGGSEXHUB2
O1 - Hosts: 172.24.246.194 wblondon
O1 - Hosts: 172.24.76.10 INL013 # Reports Server
O1 - Hosts: 172.24.76.12 INL033 # Application Server
O1 - Hosts: 172.24.76.13 INL032 # Database Server
O1 - Hosts: 172.25.253.13 HKH010 # Database Server
O1 - Hosts: 172.25.253.12 HKH011 # Application Server
O1 - Hosts: 172.25.253.10 HKH009 # Reports Server
O1 - Hosts: 172.24.76.11 INL034 # Development Server (Baker Street, London)
O1 - Hosts: 172.25.253.14 HKH014
O1 - Hosts: 172.24.26.5 WMIARGENTINA01
O1 - Hosts: 172.24.26.2 WMIARGENTINA02
O1 - Hosts: 203.6.135.10 WMIAUSTRALIA12
O1 - Hosts: 203.6.135.43 WMIAUSTRALIA16
O1 - Hosts: 203.6.135.20 WMIAUSTRALIA18
O1 - Hosts: 203.6.135.11 WMIAUSTRALIA20
O1 - Hosts: 203.6.137.35 WMIAUSTRALIA30
O1 - Hosts: 203.6.136.35 WMIAUSTRALIA40
O1 - Hosts: 203.6.138.35 WMIAUSTRALIA50
O1 - Hosts: 203.6.139.35 WMIAUSTRALIA60
O1 - Hosts: 206.245.70.3 WMIAUSTRIA01
O1 - Hosts: 206.245.70.4 WMIAUSTRIA02
O1 - Hosts: 206.245.70.70 WMIAUSTRIA03
O1 - Hosts: 206.245.70.6 WMIAUSTRIA05
O1 - Hosts: 206.245.71.252 WMIBELGIUM01
O1 - Hosts: 206.245.71.250 WMIBELGIUM02
O1 - Hosts: 168.161.89.252 WMIBRAZIL01
O1 - Hosts: 168.161.89.251 WMIBRAZIL02
O1 - Hosts: 168.161.89.250 WMIBRAZIL03
O1 - Hosts: 168.161.81.250 WMIBRAZIL11
O1 - Hosts: 168.161.81.251 WMIBRAZIL12
O1 - Hosts: 204.225.254.66 WMICANADA01
O1 - Hosts: 204.225.254.67 WMICANADA02
O1 - Hosts: 204.225.254.253 WMICANADA03
O1 - Hosts: 204.225.254.254 WMICANADA04
O1 - Hosts: 204.225.254.252 WMICANADA05
O1 - Hosts: 168.161.55.231 WMICHILE01
O1 - Hosts: 168.161.55.232 WMICHILE02
O1 - Hosts: 168.161.55.101 WMICOLOMBIA01
O1 - Hosts: 168.161.55.102 WMICOLOMBIA02
O1 - Hosts: 206.245.76.190 WMICZECH01
O1 - Hosts: 206.245.77.67 WMIDENMARK01
O1 - Hosts: 193.185.212.7 WMIFINLAND01
O1 - Hosts: 193.185.212.6 WMIFINLAND02
O1 - Hosts: 193.57.51.241 WMIFRANCE01
O1 - Hosts: 206.245.83.253 WMIFRANCE02
O1 - Hosts: 206.245.84.253 WMIFRANCE03
O1 - Hosts: 206.245.69.253 WMIFRANCE04
O1 - Hosts: 193.57.51.5 WMIFRANCE10
O1 - Hosts: 206.245.83.254 WMIFRANCE11
O1 - Hosts: 206.245.84.254 WMIFRANCE12
O1 - Hosts: 206.245.69.254 WMIFRANCE13
O1 - Hosts: 172.24.77.250 WMIFRANCE20
O1 - Hosts: 206.245.83.252 WMIFRANCE21
O1 - Hosts: 206.245.84.252 WMIFRANCE22
O1 - Hosts: 206.253.69.251 WMIFRANCE23
O1 - Hosts: 193.57.51.7 WMIFRANCE30
O1 - Hosts: 194.113.87.1 WMIALSDORF01
O1 - Hosts: 194.113.87.2 WMIALSDORF02
O1 - Hosts: 194.113.87.3 WMIALSDORF03
O1 - Hosts: 194.113.87.4 WMIALSDORF04
O1 - Hosts: 194.113.87.5 WMIALSDORF05
O1 - Hosts: 194.113.87.16 WMIALSDORF16
O1 - Hosts: 194.113.87.17 WMIALSDORF17
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program Files\DashBar\DashBar15.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TaskMon] C:\WINNT\system32\taskmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [DELETE ME] worm.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37879.0513310185
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdc.dk/
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O1 - Hosts: 168.161.49.130 London_WM_UK.twi.com
O1 - Hosts: 168.161.51.2 ciscowmmes.wmme.de ciscowmmes
O1 - Hosts: 168.161.58.168 www.wmg.com
O1 - Hosts: 171.1.220.58 www.timeinc.com
O1 - Hosts: 193.43.14.5 ITM006 ITM006
O1 - Hosts: 193.57.51.251 FRP007 FRP007
O1 - Hosts: 193.148.19.97 SPM004 SPM004
O1 - Hosts: 194.36.93.33 INL006 INL006
O1 - Hosts: 194.60.216.66 INL007 inl007
O1 - Hosts: 194.60.216.69 INL008 inl008
O1 - Hosts: 194.68.215.65 SWS002
O1 - Hosts: 194.113.87.17 gea017
O1 - Hosts: 194.113.87.23 gea023
O1 - Hosts: 194.113.87.32 gea032.wmme.de gea032
O1 - Hosts: 206.245.81.66 nvW038
O1 - Hosts: 206.245.81.37 nvw142
O1 - Hosts: 206.245.77.65 ciscocopenhagen ciscop
O1 - Hosts: 206.245.77.66 wmd001.wmdenmark.dk wmd001
O1 - Hosts: 206.245.77.67 WMIDENMARK01 wmds01
O1 - Hosts: 206.245.77.68 WMIDENMARK01PORT2 wmds02
O1 - Hosts: 206.245.77.69 wmd004.wmdenmark.dk wmd004
O1 - Hosts: 206.245.77.70 wmd005.wmdenmark.dk wmd005
O1 - Hosts: 206.245.77.71 wmd006.wmdenmark.dk PRN001
O1 - Hosts: 206.245.77.72 wmd007.wmdenmark.dk PRN002
O1 - Hosts: 206.245.77.73 wmd008.wmdenmark.dk PRN003
O1 - Hosts: 206.245.77.74 wmd009.wmdenmark.dk RUL001
O1 - Hosts: 206.245.77.75 wmd010.wmdenmark.dk wmd010
O1 - Hosts: 206.245.81.1 nvw003
O1 - Hosts: 208.137.214.68 proxyinl
O1 - Hosts: 194.60.216.61 WMIBHBAKERST01
O1 - Hosts: 194.60.216.72 WMIBHBAKERST02
O1 - Hosts: 194.60.216.73 WMIBHBAKERST03
O1 - Hosts: 194.60.216.111 WMIBHMONITOR
O1 - Hosts: 168.161.23.241 WMIBHNEWYORK01
O1 - Hosts: 168.161.23.242 WMIBHNEWYORK02
O1 - Hosts: 202.40.7.68 WMIBHHONGKONG01
O1 - Hosts: 194.113.86.14 WMIBHGERMANY01
O1 - Hosts: 168.161.58.133 WMGGSEXHUB2
O1 - Hosts: 172.24.246.194 wblondon
O1 - Hosts: 172.24.76.10 INL013 # Reports Server
O1 - Hosts: 172.24.76.12 INL033 # Application Server
O1 - Hosts: 172.24.76.13 INL032 # Database Server
O1 - Hosts: 172.25.253.13 HKH010 # Database Server
O1 - Hosts: 172.25.253.12 HKH011 # Application Server
O1 - Hosts: 172.25.253.10 HKH009 # Reports Server
O1 - Hosts: 172.24.76.11 INL034 # Development Server (Baker Street, London)
O1 - Hosts: 172.25.253.14 HKH014
O1 - Hosts: 172.24.26.5 WMIARGENTINA01
O1 - Hosts: 172.24.26.2 WMIARGENTINA02
O1 - Hosts: 203.6.135.10 WMIAUSTRALIA12
O1 - Hosts: 203.6.135.43 WMIAUSTRALIA16
O1 - Hosts: 203.6.135.20 WMIAUSTRALIA18
O1 - Hosts: 203.6.135.11 WMIAUSTRALIA20
O1 - Hosts: 203.6.137.35 WMIAUSTRALIA30
O1 - Hosts: 203.6.136.35 WMIAUSTRALIA40
O1 - Hosts: 203.6.138.35 WMIAUSTRALIA50
O1 - Hosts: 203.6.139.35 WMIAUSTRALIA60
O1 - Hosts: 206.245.70.3 WMIAUSTRIA01
O1 - Hosts: 206.245.70.4 WMIAUSTRIA02
O1 - Hosts: 206.245.70.70 WMIAUSTRIA03
O1 - Hosts: 206.245.70.6 WMIAUSTRIA05
O1 - Hosts: 206.245.71.252 WMIBELGIUM01
O1 - Hosts: 206.245.71.250 WMIBELGIUM02
O1 - Hosts: 168.161.89.252 WMIBRAZIL01
O1 - Hosts: 168.161.89.251 WMIBRAZIL02
O1 - Hosts: 168.161.89.250 WMIBRAZIL03
O1 - Hosts: 168.161.81.250 WMIBRAZIL11
O1 - Hosts: 168.161.81.251 WMIBRAZIL12
O1 - Hosts: 204.225.254.66 WMICANADA01
O1 - Hosts: 204.225.254.67 WMICANADA02
O1 - Hosts: 204.225.254.253 WMICANADA03
O1 - Hosts: 204.225.254.254 WMICANADA04
O1 - Hosts: 204.225.254.252 WMICANADA05
O1 - Hosts: 168.161.55.231 WMICHILE01
O1 - Hosts: 168.161.55.232 WMICHILE02
O1 - Hosts: 168.161.55.101 WMICOLOMBIA01
O1 - Hosts: 168.161.55.102 WMICOLOMBIA02
O1 - Hosts: 206.245.76.190 WMICZECH01
O1 - Hosts: 206.245.77.67 WMIDENMARK01
O1 - Hosts: 193.185.212.7 WMIFINLAND01
O1 - Hosts: 193.185.212.6 WMIFINLAND02
O1 - Hosts: 193.57.51.241 WMIFRANCE01
O1 - Hosts: 206.245.83.253 WMIFRANCE02
O1 - Hosts: 206.245.84.253 WMIFRANCE03
O1 - Hosts: 206.245.69.253 WMIFRANCE04
O1 - Hosts: 193.57.51.5 WMIFRANCE10
O1 - Hosts: 206.245.83.254 WMIFRANCE11
O1 - Hosts: 206.245.84.254 WMIFRANCE12
O1 - Hosts: 206.245.69.254 WMIFRANCE13
O1 - Hosts: 172.24.77.250 WMIFRANCE20
O1 - Hosts: 206.245.83.252 WMIFRANCE21
O1 - Hosts: 206.245.84.252 WMIFRANCE22
O1 - Hosts: 206.253.69.251 WMIFRANCE23
O1 - Hosts: 193.57.51.7 WMIFRANCE30
O1 - Hosts: 194.113.87.1 WMIALSDORF01
O1 - Hosts: 194.113.87.2 WMIALSDORF02
O1 - Hosts: 194.113.87.3 WMIALSDORF03
O1 - Hosts: 194.113.87.4 WMIALSDORF04
O1 - Hosts: 194.113.87.5 WMIALSDORF05
O1 - Hosts: 194.113.87.16 WMIALSDORF16
O1 - Hosts: 194.113.87.17 WMIALSDORF17
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program Files\DashBar\DashBar15.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TaskMon] C:\WINNT\system32\taskmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [DELETE ME] worm.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

ok. Går i krig mod den nu.

Flyt først filen Hijackthis til en mappe oprettet kun til den.

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

ALLE 01

O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program Files\DashBar\DashBar15.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [DELETE ME] worm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab



Find og slet i fejlsikret(f8 ved opstart):


C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\worm.exe



Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.

Ny logfil, - men der er 01'ere med igen (?). Jeg har indstalleret Spyguard, når jeg så får en "waring", skal jeg så vælge "Restore ..." eller "Keep new ....".
Logfil:
Logfile of HijackThis v1.97.7
Scan saved at 22:02:07, on 08-04-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q5F8TGRU\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdc.dk/
O1 - Hosts: 194.60.216.105 WMIBAKERST11
O1 - Hosts: 194.60.216.79 WMIBAKERST12
O1 - Hosts: 194.60.216.51 INL014
O1 - Hosts: 194.60.216.82 WMIBAKERST15
O1 - Hosts: 194.60.216.92 WMIBAKERST16
O1 - Hosts: 194.60.216.62 INL017
O1 - Hosts: 194.60.216.85 WMIBAKERST18
O1 - Hosts: 194.60.216.78 WMIBAKERST19
O1 - Hosts: 194.60.216.98 WMIBAKERST20
O1 - Hosts: 172.24.28.21 INL021
O1 - Hosts: 194.60.216.59 INL022
O1 - Hosts: 194.60.216.89 INL023
O1 - Hosts: 194.36.93.25 WMIBAKERST25
O1 - Hosts: 194.60.216.194 INL026
O1 - Hosts: 194.60.216.95 WMIBAKERST27
O1 - Hosts: 168.161.23.222 WMINEWYORK02
O1 - Hosts: 168.161.23.223 WMINEWYORK03
O1 - Hosts: 168.161.23.224 WMINEWYORK04
O1 - Hosts: 206.245.98.3 WMIUK01
O1 - Hosts: 194.148.21.1 WMIUK02
O1 - Hosts: 194.148.21.2 WMIUK03
O1 - Hosts: 206.245.101.3 WMIUK04
O1 - Hosts: 206.245.99.14 WMIUK05
O1 - Hosts: 206.245.98.5 WMIUK08
O1 - Hosts: 194.148.21.3 WMIUK09
O1 - Hosts: 206.245.99.6 WMIUK10
O1 - Hosts: 206.245.98.6 WMIUK11
O1 - Hosts: 194.148.21.4 WMIUK12
O1 - Hosts: 194.148.21.5 WMIUK13
O1 - Hosts: 194.148.21.6 WMIUK14
O1 - Hosts: 194.148.21.7 WMIUK17
O1 - Hosts: 206.245.98.7 WMIUK19
O1 - Hosts: 206.245.101.1 WMIUK25
O1 - Hosts: 206.245.99.191 WMIUK28
O1 - Hosts: 206.245.98.8 WMIUK29
O1 - Hosts: 194.148.21.8 WMIUK30
O1 - Hosts: 194.148.21.9 WMIUK31
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TaskMon] C:\WINNT\system32\taskmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37879.0513310185
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Du skal vælge restore, hvis du ikke kender det program.

Skal fixes:

ALLE 01

genstart og ny log

Hermed ny logfil igen, - håber det nu er lykkedes ;-))))
Logfile of HijackThis v1.97.7
Scan saved at 22:20:40, on 08-04-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\Mixer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q5F8TGRU\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tdc.dk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TaskMon] C:\WINNT\system32\taskmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37879.0513310185
O16 - DPF: {9FC87BC7-7963-4B70-8485-B1A41034C9A1} (CSonyPicturesGameDownloaderCtl Object) - http://www.shockwave.com/content/angelx/SonyPicturesGameDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Så er du ren

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

Tusind tak for hjælpen. Jeg vil straks pakke PC'en ind, så den undgår ubudne "gæster"
;0)))))

Velbekommen