Hjælp til hijack log

Gå i tilføj/fjern programmer og afinstaller mywebsearch/mysearch hvis du kan finde den.

Installer og kør Ewido.
http://shop.element5.com/product.html?productid=531168&backlink=http%3A%2F%2Fwww.spywarefri.dk&cookies=1&affiliateid=200010704

(Vælg Demo download)

Opdater straks efter installationen programmet, (men lad være med at scanne endnu).
Genstart i fejlsikret tilstand. Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange. Kør nu en fuld scanning med Ewido.
Programmet laver en lille log, som du skal kopiere herind sammen med en ny HiJackThis log.

Så ser vi om der skulle være mere tilbage til den tid.

Så blev den færdig. Her er Ewido loggen

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            10:19:46, 19-07-2005
+ Report-Checksum:        D88D49FC

+ Scan result:

    HKLM\SOFTWARE\Bargains -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{0962DA67-DB64-465C-8CD7-CBB357CAF825} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{356B2BD0-D206-4E21-8C85-C6F49409C6A9} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{52ADD86D-9561-4C40-B561-4204DBC139D1} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{018C5406-AEE6-4A68-980F-2CEB1E9416FB} -> Spyware.DesktopTraffic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{0A7FC040-F84A-4AD7-9439-798B6C0F861E} -> Spyware.DesktopTraffic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{20F13844-04BC-4987-9964-2502F0DA54D3} -> Spyware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668} -> Spyware.DesktopTraffic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{3E43040C-73C1-4898-A4F8-E2C9428B1167} -> Spyware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A} -> Spyware.DesktopTraffic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31} -> Spyware.DesktopTraffic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B} -> Spyware.DesktopTraffic : Cleaned with backup
    HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.amo -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.amo\CLSID -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.amo\CurVer -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.iiittt -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.iiittt\CLSID -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.iiittt\CurVer -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.momo -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.momo\CLSID -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.momo\CurVer -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.ohb -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.ohb\CLSID -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\trfdsk.ohb\CurVer -> Spyware.Begin2Search : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} -> Spyware.DesktopTraffic : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{EE6F3F6A-AD8E-48DA-9B1D-D5204B2D227D} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Spyware.BargainBuddy : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Spyware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSearch -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
    HKLM\SOFTWARE\WhenUSearch -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\WhenUSearch\WHSE -> Spyware.SaveNow : Cleaned with backup
    HKU\S-1-5-21-1292428093-1957994488-1060284298-1003\Software\drelkge789AEF5 -> Spyware.DesktopTraffic : Cleaned with backup
    HKU\S-1-5-21-1292428093-1957994488-1060284298-1003\Software\VB and VBA Program Settings\VBouncer -> Spyware.VirtualBouncer : Cleaned with backup
    HKU\S-1-5-21-1292428093-1957994488-1060284298-1003\Software\VB and VBA Program Settings\VBouncer\Settings -> Spyware.VirtualBouncer : Cleaned with backup
    C:\counter.cab/counter.exe -> TrojanDropper.Small.ls : Error during cleaning
    C:\Documents and Settings\Kristian Jensen\Cookies\kristian jensen@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Cookies\kristian jensen@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Cookies\kristian jensen@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Cookies\kristian jensen@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Cookies\kristian jensen@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Cookies\kristian jensen@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Cookies\kristian jensen@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Lokale indstillinger\Temp\Cookies\kristian jensen@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Lokale indstillinger\Temp\installer_MARKETING18.exe -> TrojanDownloader.Adload.a : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Lokale indstillinger\Temp\ps_install-mt.exe -> Trojan.Scapur : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Lokale indstillinger\Temp\ptf_0025.exe -> Spyware.Pacer : Cleaned with backup
    C:\Documents and Settings\Kristian Jensen\Lokale indstillinger\Temp\wu.exe -> Adware.SaveNow : Cleaned with backup
    C:\Programmer\WhenUSearch\search.dll -> Adware.SaveNow : Cleaned with backup
    C:\Programmer\WhenUSearch\Search.exe -> Adware.SaveNow : Cleaned with backup
    C:\WINDOWS\cfgmgr51.dll -> Spyware.BookedSpace : Cleaned with backup
    C:\WINDOWS\system32\246765-ventura-hot.exe -> Spyware.HotSearchBar.e : Cleaned with backup
    C:\WINDOWS\system32\bs51-eginwl51-vb.exe -> Spyware.BookedSpace.e : Cleaned with backup
    C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\exp.exe -> TrojanDownloader.Small.abd : Cleaned with backup
    C:\WINDOWS\system32\hdrv.exe -> TrojanDownloader.PurityScan.i : Cleaned with backup
    C:\WINDOWS\system32\installer_MARKETING18.exe -> TrojanDropper.Agent.hl : Cleaned with backup
    C:\WINDOWS\system32\msbe.dll_tobedeleted -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\mt-uninstaller.exe -> Spyware.PurityScan.u : Cleaned with backup
    C:\WINDOWS\system32\nstC6.dll -> Spyware.Beginto : Cleaned with backup
    C:\WINDOWS\system32\nvms.dll_tobedeleted -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\PopOops.dll -> Spyware.VirtualBouncer : Cleaned with backup
    C:\WINDOWS\system32\PopOops2.dll -> Spyware.VirtualBouncer : Cleaned with backup
    C:\WINDOWS\system32\psoft1.exe -> Spyware.Pacer : Cleaned with backup
    C:\WINDOWS\system32\SWLAD1.dll -> Spyware.VirtualBouncer : Cleaned with backup
    C:\WINDOWS\system32\SWLAD2.dll -> Spyware.VirtualBouncer : Cleaned with backup
    C:\WINDOWS\system32\TFTP4752 -> Backdoor.SdBot.mb : Cleaned with backup
    C:\WINDOWS\system32\TFTP4856 -> Backdoor.Rbot.15 : Cleaned with backup
    C:\WINDOWS\system32\thin-138-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
    C:\WINDOWS\system32\wintask.exe -> TrojanDownloader.Small.abd : Cleaned with backup
    C:\WINDOWS\system32\wrapperouter.exe -> TrojanDropper.Agent.hl : Cleaned with backup


::Report End

Og her er hijack loggen

Logfile of HijackThis v1.99.1
Scan saved at 10:21:16, on 19-07-2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Kristian Jensen\Skrivebord\spyware\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://results.cafefind.net/exact/rotate/ES_Slider_Music/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F3 - REG:win.ini: load=C:\\msnistehrwn.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [mmtask] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VVSN] C:\Programmer\VVSN\VVSN.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Stue] C:\Documents and Settings\Kristian Jensen\Application Data\hdor.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmer\Nikon\NkView6\NkvMon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00614BD01021} (N›rresundby Banks Netbank) - https://www.nrsbank.dk/snrsbankibp1401ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00615BD00021} (N›rresundby Banks Netbank) - https://www.nrsbank.dk/snrsbankibp1500ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00617BD00021} (N›rresundby Banks Netbank) - https://www.nrsbank.dk/snrsbankibp1700ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00620BD00021} (N›rresundby Banks Netbank) - https://www.nrsbank.dk/snrsbankibp2000ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00625BD00021} (N›rresundby Banks Netbank) - https://www.nrsbank.dk/snrsbankibp2500ib100.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe

Genstart i fejlsikker tilstand og log ind med samme bruger som du logger ind med i normal tilstand.

Fix disse i HiJackThis:
F3 - REG:win.ini: load=C:\\msnistehrwn.exe
O4 - HKLM\..\Run: [VVSN] C:\Programmer\VVSN\VVSN.exe
O4 - HKCU\..\Run: [Stue] C:\Documents and Settings\Kristian Jensen\Application Data\hdor.exe

Åbn så en stifinder og slet disse filer, hvis hijackthis ikke allerede har slettet dem:
C:\Documents and Settings\Kristian Jensen\Application Data\hdor.exe
C:\msnistehrwn.exe

Samt denne mappe:
C:\Programmer\VVSN

Genstart normalt og kom med en ny log til kontrol.

Logfile of HijackThis v1.99.1
Scan saved at 11:48:04, on 19-07-2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmer\NavNT\vptray.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programmer\Fælles filer\Aminova\WordSeeker\WordSeeker.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ICO.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Kristian Jensen\Skrivebord\spyware\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://results.cafefind.net/exact/rotate/ES_Slider_Music/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [mmtask] C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmer\Nikon\NkView6\NkvMon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00614BD01021} (N›rresundby Banks Netbank) - https://www.nrsbank.dk/snrsbankibp1401ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00615BD00021} (N›rresundby Banks Netbank) - https://www.nrsbank.dk/snrsbankibp1500ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00617BD00021} (N›rresundby Banks Netbank) - https://www.nrsbank.dk/snrsbankibp1700ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00620BD00021} (N›rresundby Banks Netbank) - https://www.nrsbank.dk/snrsbankibp2000ib100.cab
O16 - DPF: {1A8790BD-AEBD-11BD-A2BD-00625BD00021} (N›rresundby Banks Netbank) - https://www.nrsbank.dk/snrsbankibp2500ib100.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe

Så er loggen ren.

Hvordan kører pc'en nu ?

<tonnybrandt>: Husk lige talen om SP2 - ellers ser vi snart <michael-k> igen ?

majsmarken  den bliver opdateret, bare rolig ;)

tonny  det ikke min computer men sådan umidelbart ser det ud til at gå bedre.

Ved du foresten hvordan man får den der logon skærm væk når man starter computeren. Han har nemlig ikke nogen koden han skal taste ind, så han taster bare ok, så han vil gerne hvis den bare starte win direktre uden det logon.

Og tak for hjælpen foresten, vel tjenete point til dig.

Velbekomme og takker for point *s*

Det med automatisk logon kan du se her:
http://www.supportweb.dk/support/vis_tip.asp?id=395
Udfør punkt 01 -> 08

Jeg kan ikke lige se hvorfor du skulle udføre 09 og opefter. Det virker lidt unødvendigt i mine øjne.

Jeg takker endnu engang, det sku fedt i gider. Min chef (det er hans computer) er meget forbavset over at sådan noget her kan lade sig gøre, han har stadig ikke fattet det ;)

Men han er også ægte vendelbo, så gøre noget "gratis" for andre, kan slet ikke diskuteres i hans verden, men han er nok heller ikke chef for ingenting ;)

Grunden til at det sker:
Eks.: [Ubeskyttede pc’er holder i 20 minutter] => http://forum.mib-eu.dk/forum_posts.asp?TID=44

Er oplevet maaaaange gange før...ikke kun her på eksperten...

Den må jeg vise ham.

Hvad programmer vil i anbefale man har på computeren. Og specielt når man tænker på det er hans computer. Så det vil sige det må gerne være nogle programmer som opdatere, scanner osv. automatisk.

Han er villig til at betale, så det behøves ikke være freeware programmer hvis der er nogle som koster som er bedre/nemmere at bruge.

... delte meninger om hvilke (beskyttelses)programmer der er bedst/smartest...
(Hver sin smag - nogle ka' li' rødhåret andre blondiner...)

Her kan du læse hvad danmarks proffer inden for området anbefaler:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Set i anden tråd:
http://www.kriminalitet.dk/vira.html

Men at holde sin Wintendo M$ opdateret (SP2) er en pænt stykke af vejen.
http://windowsupdate.microsoft.com/
SP2 ka' smartest sakses fra:
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/

samt desuden min anbefalning:
Microsoft® Windows AntiSpyware (Beta):
http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

Goood Luck...

Jeg kan se at Majsmarken og jeg er ret enige om Antispyware *s*

Jeg vil umiddelbart anbefale den gratis Microsoft Antispyware.

Jeg kører selv med den derhjemme og er meget godt tilfreds. Blot skal man lige være opmærksom på at den automatisk er sat til at ignorer nogle ganske bestemte infektioner, men den finder dem alligevel, og man sætter blot at den skal fjerne dem og det gør den så. Den har realtime protection, opdaterer automatisk og laver en fuld scanning default kl 2 om natten. (tidspunktet kan selvfølgelig ændres)

Mht Antivirus kan jeg se at der køres Norton, og muligvis Corporate versionen. Hvis det er den, så blot behold den. Det er den vi kører med på arbejdet og den er ikke så tosset. Opdater evt. til version 10 som har nogle helt nye features som vores sikkerhedsmand her på arbejdet er helt pjattet med *s*

Vi har en aftale vedr. antivirus ude på arbejdet, sikkert den han kører med, men problemet er at ham som skal stå for det, ikke rigtigt ved noget om det og har ikke tid til at sætte sig ind i det ;)  så det noget med den er udløbet, og de har vist ikke fået den opgraderet, men det kan da være en start.

Vil lige kigge nærmere på microsofts antivirus, lyder som i er enig der :)

Tak for det :)

antispyware sorry :)