Siden kan ikke vises

Hejsa :O)

Du har både Flashget og Stardownloader liggende. Jeg ville mene at Stardownloader er rigeligt. Og den er også fri for spyware. Det kan jeg ikke garantere at Flashget er.
Du kan slette Flashget i kontrolpanel -> tilføj/fjerm programmer.

Hent derefter denne scanner:
http://www.mwti.net/antivirus/free_utilities.asp
Det er ligegyldigt hvilken af de 7 mirrors du bruger. Programmet er det samme.
Inde i opsætningen sætter du den til at scanne alt.
Kør scan/clean.

Fortæl om hvad den finder.

Jo og så kom lige med en log fra den nyeste version af Hijackthis:O)
http://danborg.org/spy/HJT/hijackthis.exe

Flashget er fjernet og computeren er scannet igennem med følgende resultat :

File C:\WINDOWS\SYSTEM\RUNNER.EXE infected by "TrojanProxy.Win32.Mitglieder.bk" Virus. Action Taken: File Deleted.
File C:\WINDOWS\od-stnd183.exe tagged as not-a-virus:PornWare.Dialer.OnlineDialer. No Action Taken.
File C:\WINDOWS\od-stnd218.exe tagged as not-a-virus:PornWare.Dialer.0190-Dialers. No Action Taken.
File C:\WINDOWS\wsem216.dll infected by "TrojanDownloader.Win32.Dyfuca.z" Virus. Action Taken: File Deleted.
File C:\WINDOWS\SYSTEM\VideoAction_dk-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SYSTEM\EasyDates_dk-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SYSTEM\HotVideo_dk-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SYSTEM\Dyr2-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SYSTEM\Hot_Denmark-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SYSTEM\VideoAction_dk-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SYSTEM\EasyDates_dk-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SYSTEM\HotVideo_dk-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SYSTEM\Dyr2-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\SYSTEM\Hot_Denmark-uninstall.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\COMMAND\EBD\EBD.CAB tagged as not-a-virus:Tool.DOS.Restart. No Action Taken.
File C:\WINDOWS\TEMP\webhancer\whCC-KaZaa.exe infected by "not-a-virus:AdvWare.WebHancer.214" Virus. Action Taken: File Renamed.
File C:\WINDOWS\TEMP\nsiED.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\TEMP\ICD6.tmp\99930250.exe tagged as not-a-virus:PornWare.Dialer.Generic. No Action Taken.
File C:\WINDOWS\TEMP\nsiDD.exe tagged as not-a-virus:RiskWare.Dialer.gen. No Action Taken.
File C:\WINDOWS\TEMP\bb.exe infected by "not-a-virus:AdvWare.BargainBuddy.a" Virus. Action Taken: File Renamed.
File C:\WINDOWS\TEMP\clnD294.TMP infected by "TrojanDownloader.Win32.Dyfuca.f" Virus. Action Taken: File Deleted.
File C:\WINDOWS\TEMP\ICD8.tmp\55500828.exe tagged as not-a-virus:PornWare.Dialer.Generic. No Action Taken.
File C:\WINDOWS\TEMP\ICD9.tmp\55500828.exe tagged as not-a-virus:PornWare.Dialer.Generic. No Action Taken.
File C:\WINDOWS\TEMP\istsvc_updater.exe infected by "TrojanDownloader.Win32.IstBar.e" Virus. Action Taken: File Deleted.
File C:\WINDOWS\TEMP\istsv_.exe infected by "TrojanDownloader.Win32.IstBar.ad" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Skrivebord\dvd_copy\All4DVD2DivX\claddvd.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Skrivebord\dvd_copy\All4DVD2DivX\Install first\MPradium.zip tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx infected by "not-a-virus:AdvWare.MediaTickets.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Menuen Start\Underholdning\små programmer\Beer.exe infected by "not-virus:Joke.Win32.Stupen.c" Virus. Action Taken: File Renamed.
File C:\WINDOWS\od-stnd183.exe tagged as not-a-virus:PornWare.Dialer.OnlineDialer. No Action Taken.
File C:\WINDOWS\od-stnd218.exe tagged as not-a-virus:PornWare.Dialer.0190-Dialers. No Action Taken.
File C:\RECYCLED\Q330995.exe infected by "TrojanDropper.Win32.Small.hx" Virus. Action Taken: File Deleted.
File C:\Programmer\KaZaA Lite\My Shared Folder\KazaaUpdate151.exe infected by "not-a-virus:AdvWare.Cydoor" Virus. Action Taken: File Renamed.
File C:\Programmer\KaZaA Lite\My Shared Folder\kmd171gu_en.exe infected by "not-a-virus:AdvWare.Cydoor" Virus. Action Taken: File Renamed.
File C:\program files\Internet Optimizer\optimize.exe infected by "TrojanDownloader.Win32.Dyfuca.bq" Virus. Action Taken: File Deleted.
File C:\program files\Internet Optimizer\actalert.exe infected by "TrojanDownloader.Win32.Dyfuca.bw" Virus. Action Taken: File Deleted.
File C:\DATA\Installationsprogrammer\napv2b7.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\DATA\Installationsprogrammer\NSMA_S~1.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\DATA\Installationsprogrammer\setup_00_12_28.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\DATA\Installationsprogrammer\zonalarm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Og her er en ny logfil fra hijackthis :

Logfile of HijackThis v1.97.7
Scan saved at 15:41:11, on 06-09-04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMER\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAMMER\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\CSAFE\AUTOCHK.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMMER\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAMMER\FæLLES FILER\SHUTTL~1\LEDTRAY.EXE
C:\PROGRAMMER\FæLLES FILER\SHUTTL~1\ICONFIG.EXE
C:\PROGRAMMER\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\SHUTDOWNAWARE.EXE
C:\WINDOWS\SDISKMON.EXE
C:\PROGRAMMER\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAMMER\FæLLES FILER\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAMMER\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAMMER\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\MICROSOFT ACTIVESYNC\WCESMGR.EXE
C:\PROGRAMMER\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMER\STAR DOWNLOADER\STARDOWN.EXE
C:\WINDOWS\SKRIVEBORD\DOWNLOAD\MWAV.EXE
C:\WINDOWS\TEMP\MWAVSCAN.COM
C:\WINDOWS\TEMP\KAVSS.EXE
C:\PROGRAMMER\TILBEHøR\WORDPAD.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SKRIVEBORD\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aktienyt.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Cache-hors.stofanet.dk:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Skan registreringsdatabase] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ConfigSafe] C:\CSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmer\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LEDTRAY.EXE] C:\PROGRA~1\FæLLES~1\SHUTTL~1\LEDTRAY.EXE
O4 - HKLM\..\Run: [ICONFIG.EXE] C:\PROGRA~1\FæLLES~1\SHUTTL~1\ICONFIG.EXE "Software\Shuttle Technology\epmmc9x\MMC"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [shutdownaware] C:\WINDOWS\shutdownaware.exe
O4 - HKLM\..\Run: [SDiskDaemon] C:\WINDOWS\sdiskmon.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\FÆLLES~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\RunServices: [Planlægningsagent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAMMER\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Star Downloader Free] C:\PROGRAMMER\STAR DOWNLOADER\STARDOWN.EXE
O4 - HKCU\..\RunServices: [H/PC Connection Agent] "C:\PROGRAMMER\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\RunServices: [Star Downloader Free] C:\PROGRAMMER\STAR DOWNLOADER\STARDOWN.EXE
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAMMER\STAR DOWNLOADER\sdie.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O12 - Plugin for .prp: C:\PROGRA~1\INTERN~1\PLUGINS\npopal32.dll
O12 - Plugin for .ivr: C:\PROGRA~1\INTERN~1\PLUGINS\NPRVRT32.dll
O16 - DPF: {25F5AA75-B6D8-11CF-B348-00002422759D} (DataPoolSV10.CDataPool) - file://G:\win32\EBankWeb\Software\dpserver.CAB
O16 - DPF: {CF48D854-EC79-11D0-9EDC-00A0245DA6F6} (OfcCtl Class) - http://195.184.35.91/homebanking/Software/Ofx.cab
O16 - DPF: {47FCD744-28E2-11D1-A13A-000024601F43} (EB_CommonUtilities.Common1) - http://195.184.35.91/homebanking/Software/EB_CommonUtilities.CAB
O16 - DPF: {0B4A9EB4-332F-11D1-BEA2-00A0245DA6F8} (FitCrypto Class) - file://G:\win32\EBankWeb\Software\FitSecure.cab
O16 - DPF: {E5CAA475-5F45-11D1-8064-A01A01C10000} (EBPrintSupport.HtmlTemplate) - file://G:\win32\EBankWeb\Software\EBPrintSupport.CAB
O16 - DPF: {3C4C2F07-5F6F-11D2-A525-00A024651F92} (EB_System.CData) - file://G:\win32\EBankWeb\Software\BDRTL.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {E89366AF-2E44-11D1-91AE-006097D602F7} (FileAccess Control) - http://www45.visto.com/static/activex/vfile07.dll
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00600BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibpib100.cab
O16 - DPF: {CE00B72E-986F-11D3-BC3C-E29223000000} (ZLibCls Class) - http://hb.bgbank.dk/ebankweb/Software/FitZip.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.bgbank.dk/bgnetbank/activex/DanskeSikker.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00613BD20001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1320ib100.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/products/camera_servers/AxisCamControl.ocx
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00614BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1400ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00614BD01001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1401ib100.cab
O16 - DPF: {59B18099-4C1D-4A08-A9F7-ED0554006749} (Select Class) - http://foto.jubii.dk/components/photoupload.ocx
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://130.228.2.107/speedtest/SpeedTest_2.cab
O16 - DPF: {0A7F4407-A1C8-496A-9670-F13370CAAACC} (SysReg_DK Control) - http://130.228.2.107/system/SysREG_DK.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools Online) - http://www.seagate.com/support/seatools/online/bin/npSeaTools.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00615BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1500ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00617BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1700ib100.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37864.3212384259
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00618BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1800ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00619BD00001} (Sydbanks NetBank) - https://netbank.sydbank.dk/ssydbankibp1900ib100.cab
O16 - DPF: Nordea Online investering - https://www.onlineinvestering.nordea.dk/oiclient.nsf/files/client/$FILE/oiclient.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://www.fotoalbum.politiken.dk/upload-classes/Uploader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.pc.ibm.com/egather/IbmEgath.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {AABB591F-CEB3-404A-A979-AA30B16CB914} (IPLabs Image Uploader 2.5) - http://asp03.photoprintit.de/microsite/10023/defaults/activex/ImageUploader2.cab


Men hvorfor kunne mit norton antivirus ikke finde virusserne ?

Og findes der ikke ét program der scanne det hele, istedet for at man skal bruge adaware, spybot, norton, og så nu det her program ?

Jeg kan se den bla. Meget andet også har fundet en masse dialere - hvor kommer de fra, jeg er normalt ikke inde på suspekte hjemmesider !

Hvad med alle de filer som er "not a virus" kan jeg ikke fjerne dem ?

Håber du vil svare på ovenstående (eller kræver det et nyoprettet spm ?) og at du kan bruge ovenstående.

Så kommer jeg lige andersenph i forkøbet (for en gangs skyld :-) Alle de dialere som du er sikker på ikke er banknøgler, eller andet du skal bruge, kan du roligt slette. Det samme gælder for det andet den ikke sletter.

Med hensyn til Norton, så vil jeg sige det så diplomatisk jeg kan: Norton er ikke særligt godt !!!

Et program der kan finde og fjerne alt skidt, findes mig bekendt ikke. Jeg anbefaler altid at man har Antivirus, Antispyware, og Antitrojan programmer. Alle tre typer skidt, kræver allesammen programmer der er specielt udviklet til formålet.

Tak for kommentaren

Sletter jeg dem så filerne manuelt eller kan jeg får programmet til det ?

dvs. de programmer du hentyder til, er det dem jeg har brugt nu eller mangler jeg nogen ?

Du skal slette dem manuelt.

C:\WINDOWS\od-stnd183.exe For eksempel. Den finder du i stifinder eller i start -> søg -> søg efter filer eller mapper.

Med hensyn til programmer, så er der en god beskrivelse her af, hvad man behøver:
http://www.spywarefri.dk/pakken.htm

Spysweeper kan gøre det ud for Spybot, Spywareguard og Spywareblaster.
Det koster lidt, men det er det hele værd.

Tak andersenph

Jeg tror det hele virker nu (også nogle andre programmer jeg havde noget bøvl med :-))
Var der ellers noget jeg skulle slette i min hijack-logfil ?

Hej igen
Njaeh du kan fixe denne:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
Den må godt komme væk.
Ellers har du vist bedst styr på dine bank links. Dem du ikke bruger kan du fixe.
Husk bare at oprette en mappe til Hijackthis. Så gemmes backup af det du fixer nemlig der.

smid et svar, så får du dine velfortjente point :-)

Det kommer her :O)