Konstant angreb fra about:blank

Hvordan advares du? Og af "hvem eller hvad"

Jeg advares af SpywareGuard med pop-ups, der siger, at "an attemt has been made to change your startpage" fra Google til about:blank, så klikker jeg på "restore old values" osv og problemet forsvinder i meget kort tid for så at dukke op igen.
Jeg skal på arbejde nu, men er hjemme igen om 3-4 timer, så hæng på, please!!!

Ok

Så er jeg hjemme igen. Angrebet fortsætter med uformindsket kraft - jeg kan faktisk ikke bestille andet end "restore old values" Vedhæfter min log.  Logfile of HijackThis v1.97.7
Scan saved at 13:51:59, on 09-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\Programmer\Spam Monitor\SpamMonitor.Exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\InfoCD\Personal InfoPrint\Pip.Exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\webdoc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5449ABAC-01AE-4E13-A0E1-7A3986E612E0} - C:\WINDOWS\System32\ncpnia.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Spam Monitor] C:\Programmer\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Personal InfoPrint.lnk = ?
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.5695138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

Jeg har et andet spørgsmål - jeg fandt denne fortræffelige side via Spywarefri.dk og da jeg mildest talt ikke ved en s... om PC'er er jeg jo ikke i stand til at optjene points - nyder, ikke yder - kan jeg købe mig til points og dermed vedblive at kunne trække på jeres hjælp?

Hent og kør CWSHredder herfra: http://www.arlet.dk/special.htm
genstart og ny hijackthis log

Logfile of HijackThis v1.97.7
Scan saved at 14:15:35, on 09-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\Programmer\Spam Monitor\SpamMonitor.Exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\InfoCD\Personal InfoPrint\Pip.Exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\webdoc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Spam Monitor] C:\Programmer\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Personal InfoPrint.lnk = ?
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.5695138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

Gjort - her er den nye log.

Prøv så en tur med Regedit.
Klik på Start->Kør skriv regedit og klik OK.
Du får et vindue lidt ligesom stifinder.
Klik dig frem til:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Tjek om der ligger en nøgle/tekst der hedder "HOMEOldSP", gør der det slet den.
Derefter klikker du på "denne computer" i regedit vinduet, klik så på rediger-Søg skriv Homeoldsp tryk <Enter> slet det hvis den finder noget, tryk så <F3> slet, <F3> slet, indtil du får at vide at søgningen er afsluttet.
Gør bagefter det samme med søgeordet About:blank

genstart og ny log

Logfile of HijackThis v1.97.7
Scan saved at 14:46:15, on 09-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\Programmer\Spam Monitor\SpamMonitor.Exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\InfoCD\Personal InfoPrint\Pip.Exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\webdoc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Spam Monitor] C:\Programmer\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Personal InfoPrint.lnk = ?
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.5695138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

Så er det gjort også; jeg slettede de samme grissebasser i mandags og er jo dækket ind med de ovennævnte virus- og antispywareprogrammer; hvordan kan det lort komme ind hele tiden?

Flyt først filen Hijackthis til en mappe oprettet kun til den.

Du skal nu til at i gang med at fixe:

Deaktiver systemgendannelse:
http://www.arlet.dk/systemgendannelsen.htm

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312


Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må du aktiver din systemgendannelse igen.

logfile of HijackThis v1.97.7
Scan saved at 15:17:42, on 09-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programmer\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\Programmer\Spam Monitor\SpamMonitor.Exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\InfoCD\Personal InfoPrint\Pip.Exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\webdoc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Spam Monitor] C:\Programmer\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Personal InfoPrint.lnk = ?
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.5695138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

Her er den nye log

kør lige cwshredder igen efterfulgt af en ny hijackthis log

ogfile of HijackThis v1.97.7
Scan saved at 15:25:57, on 09-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programmer\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\Programmer\Spam Monitor\SpamMonitor.Exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\InfoCD\Personal InfoPrint\Pip.Exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\webdoc\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Spam Monitor] C:\Programmer\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Personal InfoPrint.lnk = ?
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.5695138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

Da jeg just nu kørte CWShredder poppede advarslen om ændring af startsiden op!

Jeg kan godt se, at de 2 R1'ere ikke er væk!!!
SpywareGuard'en kommer nu også med advarsel, når jeg bruger HijackThis - det er vist noget værre noget!

1. Download og installer følgende programmer:

Reglite - http://www.resplendence.com/reglite
Adaware - http://www.lavasoft.de/support/download/
SpyBot S&D - http://www.safer-networking.org/index.php?lang=en&page=download

2. Download og placer programmerne her i deres egne mapper:

CWShredder - http://www.spywareinfo.com/downloads/tools/CWShredder.exe
TheKillBox - http://home8.inet.tele.dk/fbj/TheKillBox.exe

3. Kør Reglite og skriv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

ind i "Adress" feltet, tryk <Enter>.

4. Dobbeltklik på AppInit_DLLs for at åbne "Data Editor", hvis det nederste felt kaldet "Value" indeholder en .dll fil er det den vi leder efter.

5. Den kan ikke slettes endnu, skriv stien og navnet ned på et stykke papir, det skal bruges senere.

6. I venstre vindue, højreklik på mappen "Windows"(Den er fremhævet med lilla), vælg "Rename" og omdøb den til "Notwindows".

7. Klik på AppInit_DLLs igen, slet værdien der indeholder .dll'en klik OK, så burde den være væk.

8. Omdøb "Notwindows" tilbage til "Windows"

9. Kør Spybot, Ad-aware og CWShredder, husk at opdatere online inden du kører programmet.

10. Nu er det tid til at slette den .dll fil.

11. Kør TheKillBox (skal være pakket ud til sin egen mappe). I tekstfeltet skriver du stien til den fil du skrev ned tidligere (eksempelvis c:\windows\system23\dllha.dll). Nu skal du vælge Action -> Delete on reboot. Nu dukker der et lille vindue op - vælg File -> Add file. Vælg Action -> Process and reboot

12. Genstart din PC i Fejlsikret tilstand (ved at taste F8 under opstart). Kør Spybot, Ad-aware og CWShredder igen. Genstart i Normal mode og læg en frisk HijackThis log herind.
______________________________________________

Hvis pkt. 11 ikke virker: Gå i Start -> Kør og skriv cmd og klik OK. Du er nu i et DOS-vindue. Skriv attrib -r "stien til filen du skal slette" (eksempelvis attrib -r c:\windows\system23\dllha.dll)

Gentag pkt. 11 - 12.

Har rodet med opskriften et par timer nu - det tager laaang tid at downloade Spybot, så jeg vil sige godnat nu og rode videre i morgen - du skal foreløbigt have tak og så håber jeg vi mødes igen i morgen. :o)Zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz

Så har jeg gjort, hvad du bad mig om, her er en ny Logfile of HijackThis v1.97.7
Scan saved at 07:37:57, on 10-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\Programmer\Spam Monitor\SpamMonitor.Exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programmer\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\InfoCD\Personal InfoPrint\Pip.Exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\webdoc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Spam Monitor] C:\Programmer\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Personal InfoPrint.lnk = ?
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.5695138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

Disse skal fixes.
Genstart og ny log :O)

Logfile of HijackThis v1.97.7
Scan saved at 13:48:17, on 10-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\Programmer\Spam Monitor\SpamMonitor.Exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\InfoCD\Personal InfoPrint\Pip.Exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programmer\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\webdoc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Spam Monitor] C:\Programmer\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Personal InfoPrint.lnk = ?
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.5695138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

Her er så den nye log - er jeg ved at være ren?

Du mangler stadig denne:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)

Prøv at tage den med cwshredder. Ellers må du gå igennem fromsejs guide een gang til.

Hverken Hijack eller CWShredder tager den!
Når jeg kører Reglite skal jeg så skrive ovenstående R1 i Adress-feltet i stedet for den i Fromsejs guide, for den blev slettet i går. I morges kørte jeg Reglite og der var ingen .dll, der poppede op i Value-feltet? :O)

Ja prøv det.
Jeg er ikke så skrap til fromsejs kur endnu, men det er nok det du skal gøre...
Det lyder rigtigt

Prøv at slette C:\WINDOWS\System32\ncpnia.dll med TheKillBox, kør så HJT igen og fix linien, genstart og se om ikke det hjalp, det meste er væk nu.

Jeg tror alligevel ikke, at jeg gør det - venter på godkendelse fra Fromsej

Logfile of HijackThis v1.97.7
Scan saved at 17:04:12, on 10-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\Programmer\Spam Monitor\SpamMonitor.Exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmer\InfoCD\Personal InfoPrint\Pip.Exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programmer\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\webdoc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Spam Monitor] C:\Programmer\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Personal InfoPrint.lnk = ?
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.5695138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

Den er godt nok noget hårdnakket - lever vist stadig!

Det var grove løjer, det er en genstridig lille fætter den.
Kopier teksten mellem de stiplede linier ind i et notesblokdokument, gem den som sletmig.reg, for at gøre det skal du ved "filtyper" trykke på pilen og vælge "Alle filer".
Dobbeltklik så på den og sig ja til at flette den ind i din regdatabase, genstart, så skulle filen gerne være væk.
--------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ncpnia.dll"="cmd /c Attrib -h -r -s \"C:\\WINDOWS\\System32\\ncpnia.dll\" & del \"C:\\WINDOWS\\System32\\ncpnia.dll\""
-------------------------------------
Kør så hijackthis igen, inden genstart, og fix linien, hvis den stadig er der

Nu har jeg prøvet igen at køre Spybot, AdAware og CWShredder i fejlsikret; Spybot fandt intet, CWShredder "Restored Internet Page" og AdAware fjernede noget "DOS" med 3 entries - jeg kan åbenbart ikke få has på den dll.ting.

Undskyld, jeg så ikke dit forslag - men nu har jeg gjort som du sagde - den er der vist desværre stadig, den lille genstridige fætter.


ogfile of HijackThis v1.97.7
Scan saved at 20:18:20, on 10-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\Logitech\iTouch\kbdtray.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Netscape\Netscape\Netscp.exe
C:\Programmer\Spam Monitor\SpamMonitor.Exe
C:\Programmer\Fælles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmer\InfoCD\Personal InfoPrint\Pip.Exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Dantz\Retrospect\retrorun.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programmer\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\webdoc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ncpnia.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmer\Fælles filer\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmer\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programmer\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [Spam Monitor] C:\Programmer\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Personal InfoPrint.lnk = ?
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37941.5695138889
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab

Nu er det snart personligt det her.
Boot på din XP CD, vælg "R" for Repair, vælg konsolmode.
Du får nu en "DOS" prompt, her skifter du til C:\WINDOWS\System32 og skriver:
del ncpnia.dll og trykker <Enter>, så skal den sq dø.
Kommandoerne er som følger:
Du ender med C:\> her skriver du cd windows\system32 <Enter>
Så har du C:\WINDOWS\System32> her skriver du del ncpnia.dll <Enter>
Genstart så og en ny log.

Uha, det var værre - eller så slemt, som det kan blive lige nu, vi er nemlig lige flyttet og har stadig nogle ting opmagasineret et godt stykke vej herfra - der i blandt desværre nogle computerting - og endnu mere desværre vores Windows XP!
Jeg synes, I skal tage jeres points nu og så vender jeg tilbage, når jeg har fået fat i Installations-CD'en og gjort, som foreslået. Det er bare ØV, ØV, ØV..
Giv mig lige et bud på pointfordelingen - kan man i øvrigt "købe" points, da jeg ikke tror, jeg er i stand til at tjene nogen - det er jeg s.. for dum til i dette forum.

Kære io. Du får 5 point om dagen for at være med.
Så det har ikke noget at gøre med at man er for dum. Det tror jeg bestemt ikke du er.
Der er nok mange, der ville have givet op for længe siden i forhold til hvad vi trækker dig igennem.

Personligt synes jeg du skal beholde dine point til en anden god gang.
Jeg har i hvert fald ikke løst dit problem :O)
Og føler således ikke at det er rimeligt at gøre krav på point :O)

Hvor er I bare søde og hjælpsomme og tålmodige og fandens dygtige!!!
Venter lige på melding fra Fromsej og Arlet :O) (O;

Du kan, hvis du har diskettedrev og 6 disketter, anvende bootdisketter for at komme i konsolmode.
De kan hentes her:
http://www.microsoft.com/downloads/release.asp?releaseid=42818 - Windows XP Home Edition SP1
http://www.microsoft.com/downloads/release.asp?releaseid=42819 - Windows XP Professional SP1
Husk at hente de rigtige.
(Det er fuldt legale links!)
Jeg har aldrig prøvet det med disketteudgaven, men det er da forsøget værd.
Pointfordeling, giv Arlet og jeg 15 hver, og tag de resterende 70 igen, 100 point er meget for et spørgsmål, og der er alligevel ingen af os der går synderligt højt op i de point.
Desuden griner købmanden bare når vi vil købe en kasse øl for 200 Eksperten point. ;o)
Du kan også bare lade tråden her stå åben, hvis diskette tricket ikke virker, så kører vi løs igen når din XP CD er dukket op, det må være det rigtigste.

Jamen så vil jeg lade tråden stå åben og jeg regner med at være tilbage lørdag eller søndag - jeg vil ønske jer alle 3 en rigtig dejlig, solfyldt week-end (0:(0:(0:

Så er jeg klar igen; men jeg kan altså ikke finde ud af, hvordan man "booter" fra XP CD'en - har prøvet at putte den i drevet, men der kommer ikke noget "R" - den spørger, hvad jeg vil foretage mig og der er så 4-5 faste muligheder - hjælp!!!

Hvilke muligheder får du?

Hej igen!

1) Installere Windows XP (Jeg har en fornemmelse af, at det er den jeg skal bruge??)
2) Installer valgfrie Windows-komponenter.
3) Udføre andre opgaver.
4) Kontrollere sstemkontabilitet.

Hvis man installere ovenpå, mister man så filer o.lign??

Jeg er lidt i tvivl her, får du en almindelig XP opstart, og så de valgmuligheder i et vindue?
Gør du det booter du ikke på CDén, men på din harddisk.

Nej ikke en alm. opstart - jeg har startet PC'en , lagt CD'en i drevet(jeg har 2 drev, i øvrigt) og så kommer det pågældende billede - jeg gør det nok forkert!!!
Booter nok fra harddisken, som du skriver..

Du skal nok ud i biosen og sætte dit cd drev til at være first boot device.
Det gør du ved at trykke delete en masse gange når computeren starter op og tæller ram.
Så kommer du i bios og kan stille på opstartsrækkefølgen (bootsekvens)

Det lykkedes mig at gøre ovenstående og så prøvede jeg dit oprindelige forslag med Repair osv. men der kommer en meddelelse om, at den ikke kan finde system32 -

Den må fromsej nok hellere prøve at redde dig ud af ;O)

Ok, tak fordi du reagerede - vi må se, hvad der kommer ud af det her :0)(0:

Den fejlmelding kan jeg overhovedet ikke lide, kan du komme almindeligt ind i windows nu?

Ja, det kan jeg - jeg har disabled first boot device osv. og Windows kører som vanligt.

Jeg tror ikke rigtigt, at jeg tør mere - føler, jeg er på gyngende grund, når jeg piller ved de meget vitale dele. Men jeg har en god ven, som har forstand på den slags og kan evt. bede ham om at udføre de foreslåede operationer - så skal jeg nok skrive ind og fortælle om det lykkes eller ej - er det OK? Men så skal i d....også he' jeres points og en meget stor tak; jeg synes virkeligt det er et fantastisk forum og jeg har lært mere på den lille uge, jeg har kommunikeret med jer end på de 15 år, jeg har brugt PC.
Jeg lader høre fra mig!
Lots of love
Trine

Det er helt i orden, men du kæmpede nu godt. ;o)
Jeg vil ikke have point, det tror jeg heller ikke de andre vil, så læg et svar og tag dine point igen, du får sikkert brug for dem en anden dag.
Mvh:
Fromsej.

Jeg er helt enig med Fromsej :O)

Thank You, Gentlemen!

Du skal lige have et par artikler om sikker surfing.
http://www.eksperten.dk/artikler/144
http://www.eksperten.dk/artikler/254
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Mvh:
Fromsej/Team Spywarefri.