Hijackthis log bedes kigget igennem.

Ja når du lægger den herind *LOL*

Her er min logfil:

Logfile of HijackThis v1.97.7
Scan saved at 15:27:03, on 16-6
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe
C:\Programmer\TimeTool\TimeTool.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\PPSOFT.DK\PP_MailCheck\mailck.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\IntralinX\QuickNotes\QuickNotes.exe
C:\Programmer\Executive Software\DiskeeperLite\DKService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\NORMAN\nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Programmer\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Asser\Application Data\Mozilla\Profiles\default\kc2lebp0.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Stone's TimeTool] C:\Programmer\TimeTool\TimeTool.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vSubst Z:] vSubst Z:  C:\ENCYCL~1
O4 - HKLM\..\Run: [vSubst W:] vSubst W:  C:\WORLDA~1
O4 - HKLM\..\Run: [vSubst K:] vSubst K:  C:\KRAKSK~1
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmer\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MailCheck] C:\Programmer\PPSOFT.DK\PP_MailCheck\mailck.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: IntralinX QuickNotes.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.dk
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www.tutorials.com/plugins/Plugin0501.0090/streetnoagent7.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

http://www.eksperten.dk/artikler/144
http://www.eksperten.dk/artikler/254
Programmerne her i artiklerne beskytter dig mod de uindbudte ting. DEm kan du bruge som supplement til din firewall

Tak. Jeg kigger på artiklerne.

Først opretter du en mappe kun til hijackthis og lægger programmet derover. Så har vi nemlig styr på backup filerne.
Kommer du til at slette noget forkert, kan vi altid komme tilbage og lave en restore. Derfor skal Hijack have sin egen mappe.

Første vigtige punkt er at slå systemgendannelsen fra. Højreklik på Denne Computer på skrivebordet, vælg Egenskaber og fanebladet Systemgendannelse og sæt flueben i Deaktiver systemgendannelse. Klik ok og genstart.
Ellers genskabes alt hvad vi fjerner.

Derefter skal du åbne hijackthis.
Du skal vinge disse filer af, jeg har beskrevet nedenunder.
Når du har gjort det så lukker du alle andre vinduer ned.
Klik på Fix checkede.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab




Vi skal kunne se dine skjulte filer for at finde snavs, der skal slettes manuelt. Det er en del af processen.
Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Disse programmer skal slettes i fejlsikret tilstand. Du genstarter og trykker F8 når Windows starter op.

Søg efter disse filer:
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe

Derefter genstarter du og sender en ny log ind til check

Programmet Hijackthis ligger i mappen C:\Programmer. Der ligger også log-filerne.
Systemdannelsen er slået fra (Den var ikke slået til forresten).
Jeg fjernede fluebenet fra "Skjul beskyttede operativsystemfiler"
Der var ingen fluebet ved "Skjul filtypenavne for kendte filtyper"

Her er så den nye log:

Logfile of HijackThis v1.97.7
Scan saved at 16:14:08, on 16-6
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe
C:\Programmer\TimeTool\TimeTool.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\PPSOFT.DK\PP_MailCheck\mailck.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\IntralinX\QuickNotes\QuickNotes.exe
C:\Programmer\Executive Software\DiskeeperLite\DKService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\NORMAN\nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\WINDOWS\system32\fxssvc.exe
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\Programmer\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Asser\Application Data\Mozilla\Profiles\default\kc2lebp0.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Stone's TimeTool] C:\Programmer\TimeTool\TimeTool.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vSubst Z:] vSubst Z:  C:\ENCYCL~1
O4 - HKLM\..\Run: [vSubst W:] vSubst W:  C:\WORLDA~1
O4 - HKLM\..\Run: [vSubst K:] vSubst K:  C:\KRAKSK~1
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmer\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MailCheck] C:\Programmer\PPSOFT.DK\PP_MailCheck\mailck.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: IntralinX QuickNotes.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.dk
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www.tutorials.com/plugins/Plugin0501.0090/streetnoagent7.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Stone's TimeTool] C:\Programmer\TimeTool\TimeTool.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vSubst Z:] vSubst Z:  C:\ENCYCL~1
O4 - HKLM\..\Run: [vSubst W:] vSubst W:  C:\WORLDA~1
O4 - HKLM\..\Run: [vSubst K:] vSubst K:  C:\KRAKSK~1
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmer\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MailCheck] C:\Programmer\PPSOFT.DK\PP_MailCheck\mailck.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: IntralinX QuickNotes.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\CONFLICT.2\googlenav.dll/cmsimilar.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.dk
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www.tutorials.com/plugins/Plugin0501.0090/streetnoagent7.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Så er din log ren og du kan godt slå systemgendannelsen til igen og skjule dine systemfiler.

http://www.spysweeper.com/spyware-remover-download.html
Du kan også bruge dette nye program. Det er kanongodt :O)

Jajaja... jeg forstod det godt :-)
Da jeg valgte kanon, som brugernavn var den optaget. Til min overraskelse var kanoon og kanooon også optaget... så måtte jeg jo hedde kanoooon :-D

1000 tak for hjælpen.

Velbekomme :O)
Rart at se at du har en god humor. Faktisk opdagede jeg ført "miseren" efter jeg havde sendt den...
Takker mange gange for point :O)