Virus(hijackthis log)

Hent og gem denne engangsscanner på dit skrivebord - vent med at køre den, KUN gemme.
http://www.spywareinfo.dk/download/mwav.exe

Afbryd din Internetforbindelse (fysisk - stikket ud)

Genstart i fejlsikker tilstand (tryk på <F8> når maskinen starter op, lige inden den begynder at indlæse Windows) og kør nu virus-scanneren fra Kaspersky som du hentede i starten (måske skal du også trykke på knappen <Kør> i en "åbn-fil advarsel" fra Windows) og klik derefter på knappen <Unzip>. Nu pakker programmet sig ud til C:\Kaspersky og du skal klikke på knappen <Ok> når det er udpakket, hvorefter programmet starter.
Sæt flueben i følgende:
<Memory>, <Starup Folders>, <Drive>, <Registry>, <System Folders> og <Services>
Sæt prik i følgende:
<All Local Drives> og <Scan All Files>
Klik nu på knappen <Scan Clean>

VIGTIGT:
Noter dig hvilke filer scanneren finder, hvor den finder dem og hvad den gør med dem.

Genstart normalt - ny log tak :-)

Hej victor, og tak for svaret.

Er i øjeblikket igang med at scanne, skal love for den får fundet sig et par sager :) Vender tilbage når den er kommet videre med log fra både hijackthis og kaspersky scanneren.

Godt så, endelig blev den færdig med at scanne :) her er de to logs:

-- Kaspersky scanner log:

File C:\WINDOWS\System32\mspxs32.dll infected by "Trojan-Clicker.Win32.Agent.ba" Virus. Action Taken: File Deleted.

File C:\WINDOWS\System32\explorer32.exe infected by "Trojan.Win32.Regger.f" Virus. Action Taken: File Deleted.


File C:\WINDOWS\System32\egdi32.exe infected by "Trojan-Downloader.Win32.Agent.fv" Virus. Action Taken: File Deleted.


File C:\WINDOWS\System32\etool.exe infected by "Trojan.Win32.LowZones.l" Virus. Action Taken: File Deleted.


File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.


File C:\WINDOWS\System32\mac80ex.idf tagged as not-a-virus:AdWare.BargainBuddy.l. No Action Taken.


File C:\WINDOWS\System32\msbkf32.dat infected by "Trojan-Downloader.Win32.Small.acv" Virus. Action Taken: File Deleted.


File C:\WINDOWS\System32\mshtma.exe infected by "TrojanClicker.Win32.Agent.z" Virus. Action Taken: File Deleted.


File C:\WINDOWS\System32\mswkppy32.exe infected by "Trojan-Downloader.Win32.Small.acv" Virus. Action Taken: File Deleted.


File C:\WINDOWS\System32\netut80ex.vxd tagged as not-a-virus:AdWare.BargainBuddy.q. No Action Taken.


File C:\Documents and Settings\Bo Mortensen\Application Data\nawc.exe tagged as not-a-virus:AdWare.PurityScan.w. No Action Taken.


File C:\Documents and Settings\Bo Mortensen\Desktop\pod25ins.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temp\bb.exe tagged as not-a-virus:AdWare.BargainBuddy.l. No Action Taken.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temp\webrebates.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temporary Internet Files\Content.IE5\57LPI0W7\624[1].chm infected by "TrojanDownloader.Win32.Small.vq" Virus. Action Taken: File Deleted.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temporary Internet Files\Content.IE5\856NWP6N\bb[1].exe tagged as not-a-virus:AdWare.BargainBuddy.l. No Action Taken.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temporary Internet Files\Content.IE5\AG91M7OL\ne2[1].chm infected by "Exploit.CodeBaseExec" Virus. Action Taken: File Renamed.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temporary Internet Files\Content.IE5\AG91M7OL\webrebates_europe[1].exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temporary Internet Files\Content.IE5\FDC96ZSA\0006_regular[1].cab infected by "Trojan-Downloader.Win32.IstBar.gq" Virus. Action Taken: File Deleted.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temporary Internet Files\Content.IE5\FDC96ZSA\loader2[1].ocx infected by "Trojan-Downloader.Win32.Agent.ex" Virus. Action Taken: File Deleted.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temporary Internet Files\Content.IE5\FDC96ZSA\loader[1].exe infected by "TrojanDownloader.Win32.Small.xa" Virus. Action Taken: File Deleted.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temporary Internet Files\Content.IE5\FDC96ZSA\MediaTicketsInstaller[1].cab tagged as not-a-virus:AdWare.MediaTickets.f. No Action Taken.


File C:\Documents and Settings\Bo Mortensen\Local Settings\Temporary Internet Files\Content.IE5\KRHFIM7P\index[2].htm infected by "Exploit.IFrame.FileDownload" Virus. Action Taken: File Renamed.


File C:\Program Files\Alwil Software\Avast4\DATA\chest\00000007 infected by "Trojan.Win32.Dialer.ay" Virus. Action Taken: File Deleted.


File C:\Program Files\Cool2000\ce2kunin.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


File C:\System Volume Information\_restore{663B6F4D-6D6A-4AA1-BFE8-939C9D145BCC}\RP63\A0017837.EXE tagged as not-a-virus:AdWare.Toolbar.MyWay.b. No Action Taken.


File C:\System Volume Information\_restore{663B6F4D-6D6A-4AA1-BFE8-939C9D145BCC}\RP63\A0017838.DLL tagged as not-a-virus:AdWare.ToolBar.MyWay.g. No Action Taken.


File C:\System Volume Information\_restore{663B6F4D-6D6A-4AA1-BFE8-939C9D145BCC}\RP66\A0018087.exe tagged as not-a-virus:AdWare.BargainBuddy.n. No Action Taken.


File C:\System Volume Information\_restore{663B6F4D-6D6A-4AA1-BFE8-939C9D145BCC}\RP68\A0019205.dll infected by "Trojan-Clicker.Win32.Agent.ba" Virus. Action Taken: File Deleted.


File C:\System Volume Information\_restore{663B6F4D-6D6A-4AA1-BFE8-939C9D145BCC}\RP68\A0019206.exe infected by "Trojan.Win32.Regger.f" Virus. Action Taken: File Deleted.


File C:\System Volume Information\_restore{663B6F4D-6D6A-4AA1-BFE8-939C9D145BCC}\RP68\A0019207.exe infected by "Trojan-Downloader.Win32.Agent.fv" Virus. Action Taken: File Deleted.


File C:\System Volume Information\_restore{663B6F4D-6D6A-4AA1-BFE8-939C9D145BCC}\RP68\A0019208.exe infected by "Trojan.Win32.LowZones.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{663B6F4D-6D6A-4AA1-BFE8-939C9D145BCC}\RP68\A0019209.exe infected by "TrojanClicker.Win32.Agent.z" Virus. Action Taken: File Deleted.


File C:\System Volume Information\_restore{663B6F4D-6D6A-4AA1-BFE8-939C9D145BCC}\RP68\A0019210.exe infected by "Trojan-Downloader.Win32.Small.acv" Virus. Action Taken: File Deleted.


File C:\TEMP\sahagent.exe tagged as not-a-virus:AdWare.Sahat.h. No Action Taken.


File C:\WINDOWS\Downloaded Program Files\loader.exe infected by "TrojanDownloader.Win32.Small.xa" Virus. Action Taken: File Deleted.


File C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe tagged as not-a-virus:AdWare.ShopAtHome.b. No Action Taken.


File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.


File C:\WINDOWS\system32\mac80ex.idf tagged as not-a-virus:AdWare.BargainBuddy.l. No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd tagged as not-a-virus:AdWare.BargainBuddy.q. No Action Taken.


File D:\Games\Quake III Arena\Check for Quake III Arena Updates.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


File D:\Games\Quake III Arena\Extras\WorldNet\PCVKIT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


File D:\IRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.14. No Action Taken.


File D:\IRC\MOO.DLL tagged as not-a-virus:Tool.Win32.Moo. No Action Taken.


File D:\Laptop backup\DC++ downloads\Flash FXP\FlashFXP1.4.rar tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


File D:\mIRC\backup\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\mIRC\mirc.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.
File D:\Programmer\Flash FXP\FlashFXP1.4.rar tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP114\A0057706.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP114\A0058802.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP115\A0058989.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP115\A0060087.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP115\A0061313.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP115\A0061454.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP117\A0061806.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP117\A0062814.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP118\A0063048.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP118\A0063181.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP121\A0064898.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP121\A0066908.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP123\A0072364.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP124\A0075388.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{5B5A94DD-5B35-446C-90F5-FF0869BDD784}\RP125\A0075710.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{9B30FBF3-6105-4E1E-A911-99CE2E50956B}\RP10\A0005066.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{9B30FBF3-6105-4E1E-A911-99CE2E50956B}\RP12\A0005264.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{9B30FBF3-6105-4E1E-A911-99CE2E50956B}\RP12\A0005390.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{9B30FBF3-6105-4E1E-A911-99CE2E50956B}\RP16\A0006342.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{9B30FBF3-6105-4E1E-A911-99CE2E50956B}\RP4\A0001374.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.


File D:\System Volume Information\_restore{9B30FBF3-6105-4E1E-A911-99CE2E50956B}\RP6\A0001936.exe tagged as not-a-virus:RiskWare.mIRC.6.03. No Action Taken.

-- Ny HijackThis log:

Logfile of HijackThis v1.99.0
Scan saved at 12:29:07, on 28-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Bo Mortensen\Desktop\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestsearch.name/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestsearch.name/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestsearch.name/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestsearch.name/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bestsearch.name/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestsearch.name/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestsearch.name/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestsearch.name/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestsearch.name/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bestsearch.name/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestsearch.name/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestsearch.name/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestsearch.name/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestsearch.name/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestsearch.name/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestsearch.name/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://billing.goa.com/swflash.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

Udfør følgende:

Åbn en mappe, (lige gyldigt hvilken) klik i menuen øverst oppe på Funktioner > Mappeindstillinger > Vis
Fjern flueben ved "Skjul beskyttede operativsystemfiler" (bare klik <Ok> til en eventuel advarsel)
Fjern flueben ved "Skjul filtypenavne for kendte filtyper"
Sæt prik i "Vis skjulte filer og mapper", tryk Ok og luk mappen.

Tøm alle dine TEMP mapper (søg på dem og TØM dem - slet dem IKKE)

Kør programmet HijackThis.
Sæt flueben ud for linierne listet herunder. Når du har gjort det så lukker du alle andre vinduer ned (også mappen du åbnede for at køre HijackThis). Det er meget vigtigt, at det eneste vindue som er åbent er HijackThis vinduet. Husk også at lukke dette vindue (din Internet browser) når du har markeret filerne. Nu må du fixe > Klik på <Fix cheked>.

Her er linierne du skal fixe. HUSK at dobbelttjekke så ALT kommer med:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestsearch.name/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestsearch.name/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestsearch.name/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestsearch.name/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bestsearch.name/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestsearch.name/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestsearch.name/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestsearch.name/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestsearch.name/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bestsearch.name/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestsearch.name/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestsearch.name/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestsearch.name/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestsearch.name/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestsearch.name/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestsearch.name/index.html

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Genstart i fejlsikker tilstand - finder og sletter de herunder listede filnavne - kopier og indsæt dem i søgefeltet ét af gangen:
Brug Start > Søg > Alle filer og mapper > Under "Flere avancerede indstillinger" skal der være flueben i de tre øverste > Indsæt derefter det listede i feltet og tryk på søg.
Slet ALLE forekomster der findes.

webrebates.exe
BargainBuddy
ShopAtHome
Sahat
PurityScan
ServiceRunner

Genstart normalt:

Gå ind her http://www.spywarefri.dk/vaerktoj.htm og hent Spybot, Ad-Aware:

Installer og kør Spybot og Ad-Aware, opdater online, scan, sæt flueben i de ting programmerne finder og afhjælp de valgte problemer, > genstart.

Scan med HijackThis > NY log tak *S*

Hmm, kan det passe at den kun kunne finde filen webrebates.exe ud af dem du listede der, victor?

Det kan det godt - jeg skrev blot resten for en sikkerhedsskyld :-)

Okay, både spybot og ad-aware fandt nogle ting som blev fixed/slettet.

-- Ny HijackThis log:

Logfile of HijackThis v1.99.0
Scan saved at 14:34:36, on 28-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Bo Mortensen\Desktop\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://billing.goa.com/swflash.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

Så vidt jeg kan bedømme, er loggen nu ren.

Så er det tid til lidt hovedrengøring - følg derfor nedenstående:

Sæt dine mappeindstillinger tilbage til standard:
Åbn en mappe, (ligegyldigt hvilken) klik i menuen øverst oppe på Funktioner > Mappeindstillinger > Vis
Sæt flueben ved "Skjul beskyttede operativsystemfiler"
Sæt flueben ved "Skjul filtypenavne for kendte filtyper"
Sæt prik i "Vis ikke skjulte filer og mapper" - slut af med at trykke <Ok>

Browser cachen skal renses - gør følgende:
1. Åbn din Internet Browser - Klik i menuen øverst oppe på Funktioner > Internetindstillinger
2. Under midlertidige filer, klik på "Slet cookies"
3. Under midlertidige filer, klik på "Slet filer" – sæt flueben i "Slet alt offline indhold"
4. Under Oversigten, klik på "Ryd oversigten"
5. Klik på "Ok"

Slut af med, at tømme papirkurven.

Til sidst skal du deaktivere systemgendannelsen - (http://www.spywarefri.dk/virusscannere.htm#alle) - genstarte din computer og aktivere systemgendannelsen igen. Derved oprettes der et nyt og "rent" gendannelsespunkt.

Et par velmente gode råd:
For at sikre din pc fremover ville det være en god idé at bruge nogle af programmerne fra pakken som du kan se her - http://www.spywarefri.dk/pakken.htm

Jeg anbefaler:
Spybot og Ad-Aware, SpywareBlaster, IE Privacy Keeper eller EmtyTempFolders, IE-Spyad og SpywareGuard som minimum. De er alle gratis, fylder ikke meget, sløver ikke din pc og konflikter ikke med dine øvrige programmer.

Ønsker du ikke mange små programmer kan du i stedet købe et program som Spy Sweeper. Det ligger også i pakken, hvor du kan læse lidt mere om det. Der ligger også et link til en dansk manual. Jeg kan varmt anbefale programmet.

Bemærk venligst, at ovenstående er et standard svar, da jeg ikke gider sidde og skrive alt det flere gange om dagen. Så nogle af de programmer jeg foreslår, har du måske allerede ;-)

Jamen jeg takker og bukker! Det var sgu en stor hjælp at få :) gad godt at have så meget styr på det hehe.

Velbekomme og mange tak for pointene ;-)