hijack log, 2 styrestystemer det ene er "nede."

Logfile of HijackThis v1.99.1
Scan saved at 19:18:47, on 11-06-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
D:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Programmer\Messenger\msmsgs.exe
D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmer\Norton AntiVirus\navapsvc.exe
D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Programmer\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\jesper\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.klubberne.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "D:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmer\Messenger\msmsgs.exe" /background
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - D:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

Ups - glemte lige loggen. Rainbow

Loggen er ren - har han stadig problemer?

John stigers har besvaret dit spørgsmål om at loggen er ren.

Prøv lige at køre disse 2 scannere:

Hent og kør denne meget effektive scanner fra Kaspersky : http://www.spywareinfo.dk/download/mwav.exe
Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

------------

Hent denne scanner:
Ewido kan du downloade her: http://www.ewido.net/en/download/
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet, (men lad være med at scanne endnu).
Genstart i fejlsikret tilstand. Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange. Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og kopier den report herind

Hej John og Arlet
Nej problemet er løst, manglede bare jeres "dom" over loggen.
Kører lige mwav scanneren og Ewido som arlet beskriver og sender reporten til jer senere.

Kommer her:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            20:16:53, 12-06-2005
+ Report-Checksum:        A1431A6E

+ Date of database:        12-06-2005
+ Version of scan engine:    v3.0

+ Duration:                34 min
+ Scanned Files:            80375
+ Speed:                39.32 Files/Second
+ Infected files:            35
+ Removed files:            35
+ Files put in quarantine:        35
+ Files that could not be opened:    0
+ Files that could not be cleaned:    0

+ Binder:        Yes
+ Crypter:        Yes
+ Archives:        Yes

+ Scanned items:
    C:\
    D:\
    E:\

+ Scan result:
    C:\Documents and Settings\jesper\Cookies\jesper@23030387[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@33781239[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@35487201[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@46842095[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@9263318[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@a.websponsors[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@ads.planetactive[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@ads18.bpath[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@a[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@buy.rpts[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@dcs1ssqzgoifwzbqbppmss3z8_1e1j[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@dcst86ivc21e5hinns3nrxalb_8c1s[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@dcsthox4bwievvrqnlq0n7lpo_3m5w[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@desktop.kazaa[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@ehg-sonyeu.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@myway[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@mywebsearch[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@S130376[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@S148884[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@S149247[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@S151261[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@S151420[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@S151421[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@sexsearchcom[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@ssa.kazaa[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@www.myaffiliateprogram[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Cookies\jesper@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\jesper\Lokale indstillinger\Temp\__unin__.exe -> Spyware.Altnet.b -> Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller -> Cleaned with backup
    D:\Documents and Settings\jesper\Cookies\jesper@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    D:\Documents and Settings\jesper\Cookies\jesper@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End

Så fik du ryddet godt op i bl.a. cookies, så nu er du hel ren..

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm


Husk at bede John Stigers om et svar, så du kan dele point ud, evt 40 til John Stigers og 20 til mig..

Tak for hjælpen. Hvordan deler man pointene?

Ved at jeg også laver et svar :)

Ok, og tak for jeres hjælp begge to. Rainbow