Hijackthis log

tjekker den nu

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

----------------------

Ewido skal du downloade her: http://www.ewido.net/en/download/ ( Vi skal bruge den senere)
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet.

-----------------------

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nffckvjbrowxgksugmwbunci.com/zXW_9c/6r6rVyobVY4ZtA6FehOzGo5SMgmOyrrHfsHwIMK15RT018C_KDgsfo0mN.html

O2 - BHO: (no name) - {816F272C-9046-3032-EDD7-4C8E858BE828} - C:\DOCUME~1\Ejer\APPLIC~1\WAYPLA~1\Phone default.exe

O4 - HKLM\..\Run: [secondpingliestrust] C:\Documents and Settings\All Users\Application Data\Multi rdr second ping\bonebash.exe
O4 - HKCU\..\Run: [Poke flap] C:\DOCUME~1\Ejer\APPLIC~1\THIRDM~1\Settings comp.exe

--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)
Find og slet disse manuelt :

C:\DOCUME~1\Ejer\APPLIC~1\THIRDM~1\Settings comp.exe
C:\Documents and Settings\All Users\Application Data\Multi rdr second ping\bonebash.exe
C:\DOCUME~1\Ejer\APPLIC~1\WAYPLA~1\Phone default.exe

-----------------------------

Stadig i fejlsikret:
Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

-------------------------------

Stadig i fejlsikret:
Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Så genstarter du computeren normalt og laver en ny hijackthis log, som du lægger herind sammen med reporten fra Ewido

http://www.ewido.net/en/download/ er nede.. :(

så glem ewido

Logfile of HijackThis v1.99.1
Scan saved at 20:47:52, on 06-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programmer\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Kaspersky\mwavscan.com
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ejer\Skrivebord\hijackthis.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.evrqaythqzhhvsddjufqwkxm.org/zXW_9c/6r6rVyobVY4ZtA6FehOzGo5SMgmOyrrHfsHyNPfYl6fy5hy_KDgsfo0mN.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Nykredit Internetbank - http://195.249.127.11/NykBank.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Fandt Ewido alligevel:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            20:42:48, 06-07-2005
+ Report-Checksum:        E47800DE

+ Scan result:

    HKLM\SOFTWARE\Hotbar -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Hotbar\hotbar -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Hotbar\hotbar\Install -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Hotbar\hotbar\MachineInfo -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Hotbar\hotbar\PI -> Spyware.HotBar : Cleaned with backup
    HKLM\SOFTWARE\Hotbar\hotbar\PI\3.2 -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\Common -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\Common\Time -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\HostOI -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\HostOI\Updates -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\HostOL -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\HostOL\Updates -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\hotbar -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\hotbar\ImagesHistory -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\hotbar\links -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\hotbar\options -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\hotbar\Sample -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\hotbar\Sample\Hist -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\hotbar\Updates -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\Time -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\Time\HostIE -> Spyware.HotBar : Cleaned with backup
    HKU\.DEFAULT\Software\Hotbar\Time\HostIE\Updates -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1409082233-1580818891-854245398-1003\Software\Hotbar -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1409082233-1580818891-854245398-1003\Software\Hotbar\hotbar -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1409082233-1580818891-854245398-1003\Software\Hotbar\hotbar\Install -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1409082233-1580818891-854245398-1003\Software\Hotbar\hotbar\Options -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1409082233-1580818891-854245398-1003\Software\Hotbar\hotbar\UserInfo -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\Common -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\Common\Time -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\HostOI -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\HostOI\Updates -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\HostOL -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\HostOL\Updates -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\hotbar -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\hotbar\ImagesHistory -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\hotbar\links -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\hotbar\options -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\hotbar\Sample -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\hotbar\Sample\Hist -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\hotbar\Updates -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\Time -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\Time\HostIE -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-18\Software\Hotbar\Time\HostIE\Updates -> Spyware.HotBar : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@247realmedia[2].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Brian\Cookies\brian@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@66.220.17[1].txt -> Spyware.Cookie.66.220.17.154 : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@ayb.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@commissionpartner[1].txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@ehg-legonewyorkinc.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@ehg-nokiafin.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@ehg-samsungusa.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@ehg-sonyeu.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@hg1.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@j16078.bins.lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@lop[2].txt -> Spyware.Cookie.Lop : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@servedfor.valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@weborama[1].txt -> Spyware.Cookie.Weborama : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@www.qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Ejer\Cookies\ejer@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Frederik Brian\Cookies\frederik brian@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Programmer\C2Media\Setup.exe -> Spyware.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383405.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383406.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383407.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383411.TXT -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383413.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383414.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383415.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383419.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383426.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383438.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383439.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383442.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383445.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383448.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383449.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383462.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383463.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383466.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383467.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383468.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383469.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383482.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383483.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383484.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383485.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383486.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00383487.TXT -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384077.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384110.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384112.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384113.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384114.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384115.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384116.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384117.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384118.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384119.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384143.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384189.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384190.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384191.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384192.TXT -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384194.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384195.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384196.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384197.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384198.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384199.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384200.TXT -> Spyware.Cookie.Lop : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384233.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384234.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384235.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384236.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384251.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384252.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384253.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\RECYCLER\NPROTECT\00384258.TXT -> Spyware.Cookie.Lop : Cleaned with backup


::Report End

Fix i hijackthis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.evrqaythqzhhvsddjufqwkxm.org/zXW_9c/6r6rVyobVY4ZtA6FehOzGo5SMgmOyrrHfsHyNPfYl6fy5hy_KDgsfo0mN

så genstarter du og scanner med hijackthis igen, er den der stadig skal den fixes igen. Nogle gange skal den fixes 4-5 gange, før den forsvinder.

Når den er væk kommer du med en ny log

Logfile of HijackThis v1.99.1
Scan saved at 21:03:14, on 06-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Programmer\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Documents and Settings\Ejer\Skrivebord\hijackthis.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Kaspersky\mwavscan.com
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Kaspersky\kavss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\01.02.4000.1001\da\msntb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Programmer\MSN Apps\Updater\01.02.3000.1001\da\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Nykredit Internetbank - http://195.249.127.11/NykBank.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

Takker.. der blev godt nok fundet meget skidt og snavs....

Velbekommen..

Ja, der var lidt af hvert*S*