Msn og internet explore død?

Download hijackthis herfra og gem det i en folder for sig selv på dit skrivebord
http://downloadportal.dk/showdownload.asp?rid=4212&sp=Hijackthis
eller
http://www.downloadportal.dk/showdownload.asp?rid=4234&sp=title

Start programmet og vælge, at udføre en scan samt gemme en log fil.
Når hijackthis er færdig med, at scanne vil den bede dig om en placering hvor du vil gemme "hijackthis" en tekst fil.
Gem den i samme folder som hijackthis. Når du har sagt okay hopper der et nyt vindue frem nemlig notepad med en masse tekst linjer. Marker alle linjerne og kopir dem herind så jeg kan kigge på dem. Du må ikke selv begynde, at fikse noget i hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 18:50:58, on 06-03-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\taskman.exe
C:\Programmer\Messenger\msmsgs.exe
C:\RECYCLER\S-1-5-21-0606982848-1057904186-854245398-1003\service.exe
C:\RECYCLER\S-1-5-21-0606982848-1057904186-854245398-1003\service.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\regsvr32.exe
E:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Programmer\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
C:\Programmer\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
E:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\CfgWiz.exe
C:\DOCUME~1\FC-KOM~1\LOKALE~1\Temp\symlcsv1.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\FC-Komodo\Dokumenter\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ekstrabladet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\FC-Komodo\Application Data\Mozilla\Profiles\default\wm9iq34c.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [eDonkey2000] "E:\eDonkey2000\edonkey2000.exe" -t
O4 - HKLM\..\Run: [Task manager] taskman.exe
O4 - HKLM\..\Run: [Msn Messengers] msnmsgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmer\Fælles filer\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] E:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\RunServices: [Msn Messengers] msnmsgr.exe
O4 - HKLM\..\RunServices: [Task Manager] taskman.exe
O4 - HKLM\..\RunServices: [HUS service] hus.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Msn Messengers] msnmsgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winmatrix.exe] C:\Programmer\WinMatrix XP\WinMatrixXP.exe
O4 - HKCU\..\RunServices: [Msn Messengers] msnmsgr.exe
O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Programmer\GhostSurf\info.allow.html
O8 - Extra context menu item: Allow popups on this site - file://C:\Programmer\GhostSurf\popup.allow.html
O8 - Extra context menu item: Allow this advertisement - file://C:\Programmer\GhostSurf\menu.allowimg.html
O8 - Extra context menu item: Block personal info from this site - file://C:\Programmer\GhostSurf\info.block.html
O8 - Extra context menu item: Block popups on this site - file://C:\Programmer\GhostSurf\popup.block.html
O8 - Extra context menu item: Block this advertisement - file://C:\Programmer\GhostSurf\menu.blockimg.html
O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Programmer\GhostSurf\LaunchPCC.exe (file missing)
O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Programmer\GhostSurf\LaunchPCC.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106053388062
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/236/webolr/OCX/FlashAX.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.cheat-projekt.de/InstallationsAssistent.ocx
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Microsoft Global Services (itnalispy) - Unknown owner - C:\RECYCLER\S-1-5-21-0606982848-1057904186-854245398-1003\service.exe
O23 - Service: Microsoft Global Backup Services (itnalispy666) - Unknown owner - C:\RECYCLER\S-1-5-21-0606982848-1057904186-854245398-1003\service.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - E:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows TM (Win32Sys) - Unknown owner - C:\WINDOWS\system32\Win32Sys.exe (file missing)

ser på den:)

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.
Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer - klik "Fix checked":

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O4 - HKLM\..\Run: [Task manager] taskman.exe
O4 - HKLM\..\RunServices: [Task Manager] taskman.exe
O4 - HKLM\..\RunServices: [HUS service] hus.exe
O4 - HKLM\..\Run: [Msn Messengers] msnmsgr.exe
O4 - HKLM\..\RunServices: [Msn Messengers] msnmsgr.exe
O4 - HKCU\..\Run: [Msn Messengers] msnmsgr.exe
04 - HKCU\..\RunServices: [Msn Messengers] msnmsgr.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/236/webolr/OCX/FlashAX.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.cheat-projekt.de/InstallationsAssistent.ocx
O23 - Service: Microsoft Global Services (itnalispy) - Unknown owner - C:\RECYCLER\S-1-5-21-0606982848-1057904186-854245398-1003\service.exe
O23 - Service: Microsoft Global Backup Services (itnalispy666) - Unknown owner - C:\RECYCLER\S-1-5-21-0606982848-1057904186-854245398-1003\service.exe
O23 - Service: Windows TM (Win32Sys) - Unknown owner - C:\WINDOWS\system32\Win32Sys.exe (file missing)

Kigge på disse IP numre.. fix dem du ikke kender. Går ud fra nummer 2 er god nok.
O15 - Trusted IP range: 67.19.185.246
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212



Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Slet alt den finder..

Genstart normalt og kopir en ny log herind så vi kan tage det sidste.. for vi er ikke færdige.

tøm forresten din papirskurv

Det virker sq....
Lig et svar. og få nogle point :D

svar:) men helst også ny log så vi kan få den helt ren:)

forresten... for, at give mig point skal du først markere mit navn nede i venstre hjørne og så trykker på accepter herefter:)

hehe tak til stor hjælp

selv tak:) og husk en ny log er velkommen:)

ja men nu virker det, er overlykkelig.