Hjælp til Hi-Jack This Log

Jeg ser på det, øjeblik

Det ser meget mærkeligt ud. Inden jeg ser den grundig igennem, så skal du lige fortælle mig om du f.eks. har mappen C:WINDOWSSYSTEM\?

Det har jeg ikke...

Men er det ikke fordi der mangler nogle \ ?? Skal der ikke stå C:\Windows\System\

Prøver lige igen... Nu skulle der gerne være alle \ med:

Logfile of HijackThis v1.99.1
Scan saved at 09:49:49, on 13-08-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
F:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\Programmer\ABIT\ABIT uGuru\uGuru.exe
F:\Programmer\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\intmonp.exe
F:\Programmer\Logitech\iTouch\iTouch.exe
F:\Programmer\Logitech\MouseWare\system\em_exec.exe
F:\Programmer\D-Tools\daemon.exe
F:\Programmer\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
F:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\intmon.exe
F:\Programmer\Norton Internet Security\IAMAPP.EXE
F:\Programmer\QuickTime\qttask.exe
C:\Programmer\Logitech\Video\LogiTray.exe
F:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Save\Save.exe
F:\Programmer\Pinnacle\PCTV USB2\Remote\Remoterm.exe
F:\Programmer\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Apache\Apache.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\VIA\RAID\raid_tool.exe
F:\Programmer\Billionton\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
F:\Programmer\Billionton\Bluetooth-software\BTTray.exe
C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
F:\Programmer\Norton AntiVirus\navapsvc.exe
F:\Programmer\Norton Internet Security\NISUM.EXE
F:\Programmer\mausWay2k.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
F:\Programmer\Norton Internet Security\SymProxySvc.exe
C:\Apache\Apache.exe
F:\Programmer\Norton Internet Security\NISSERV.EXE
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Messenger\msmsgs.exe
D:\Dokumenter(Heino)\exe- og ace-filer\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp4778.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programmer\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ABIT uGuru] F:\Programmer\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] F:\Programmer\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RemoteControl] F:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WhenUSave] "C:\Programmer\Save\Save.exe"
O4 - HKLM\..\Run: [PCTVUSB2Remote] F:\Programmer\Pinnacle\PCTV USB2\Remote\Remoterm.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "F:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Samurize.lnk = F:\Programmer\Samurize\Client.exe
O4 - Startup: mausWay2k.lnk = F:\Programmer\mausWay2k.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = F:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: Send til &Bluetooth - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apache - Unknown owner - C:\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Apache2 - Unknown owner - C:\apache\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - F:\Programmer\Billionton\Bluetooth-software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - F:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - F:\Programmer\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - F:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Programmer\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - F:\Programmer\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Det ser meget mere forståeligt ud. Nu ser jeg den igennem.

Takker :D

Her er lige et lille godt tip.
Du har jo ikke nogen sikkerhed mod spyware/virus fordi du har firewall - Det er en generel misforståelse som mange har- lige bortset fra et par enkelte virus som benytter bestemte porte- Din firewall beskytter dig mod hacking udefra....
Det du skal anvende er antivirus og et antispyprogram og så skal du huske at tømme dine Ie temp mapper og windows temp ,samt cookies- det er nemlig her du får al dit snavs og spyware.
Derfor er mit tip at bruge Ie privacy keeper til at tømme de mapper automatisk og filtrere cookies - men du vil hurtigt opdage at Levich vil bede dig tømme de mapper også....
http://www.browsertools.net/downloads/IEPrivacyKeeper.exe Ie privacy keeper
http://www.spywarefri.dk/privacymanual.htm         Ie privacy keeper guide
- fortsat med på en lytter *s

Læs alle punkterne inden du gør noget.
Bemærk de to kommentarer i paranteser (** tekst **)

(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Hent scannereren http://www.spywareinfo.dk/download/mwav.exe.

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp4778.tmp
O4 - HKLM\..\Run: [WhenUSave] "C:\Programmer\Save\Save.exe"
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - Startup: mausWay2k.lnk = F:\Programmer\mausWay2k.exe (** med mindre du genkender navnet **)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge-c139.cab

(4)
Åbn en tilfældig mappe, i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende filer:
C:\WINDOWS\SYSTEM\blank.htm
C:\WINDOWS\system32\hp4778.tmp
C:\WINDOWS\system32\msmsgs.exe
C:\WINDOWS\system32\intell32.exe
F:\Programmer\mausWay2k.exe (** med mindre du genkender navnet **)
... og følgende mapper:
C:\Programmer\Save\

(5)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(6)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt tage nogen tid.

(7)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.

(8)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.

Vent lige et øjeblik, der er en lille rettelse.

Undskyld, jeg havde overset nogle filer som skal slettes. I punkt (4) i ovenstående vejledning, skal følgende filer slettes:
C:\WINDOWS\SYSTEM\blank.htm
C:\WINDOWS\system32\hp4778.tmp
C:\WINDOWS\system32\msmsgs.exe
C:\WINDOWS\system32\intell32.exe
F:\Programmer\mausWay2k.exe (** med mindre du genkender navnet **)
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\system32\intmon.exe

Tak. Det prøver jeg lige. Det mausWay2k.exe er et program jeg kender. Bare et lille program som måler hvor langt musen har kørt og sådan. Det har ikke skabt problemer før.

Skal jeg installere den scanner i punkt 2 inden jeg starter i fejlsikret?

Scanneret skal ikke installeres - det skal bare køres?

Så kom jeg det hele igennem, men tilsyneladende uden nytte... Der var en del af de filer, som du skrev jeg skulle slette i Windows-mappen, som ikke kunne findes! Jeg har fjernet fluebenet ved "Skjul beskyttede operativfiler" og "Skjul filtypenavne for kendte filtyper" samt "Vis skjulte filer og mapper". Jeg slettede dog de filer den kunne finde. Kan det skyldes at det var i fejlsikret tilstand at de ikke var der?
Virusscan tog næsten en time (!!) og den fandt 23 vira, som den reparerede/slettede, men jeg har stadig den mærkelig baggrund på skrivebordet og jeg kan ikke ændre den!

Her er så HJT-loggen som den ser ud nu:
Logfile of HijackThis v1.99.1
Scan saved at 14:06:52, on 13-08-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
F:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\intmon.exe
F:\Programmer\ABIT\ABIT uGuru\uGuru.exe
F:\Programmer\Messenger Plus! 3\MsgPlus.exe
F:\Programmer\Logitech\MouseWare\system\em_exec.exe
F:\Programmer\Logitech\iTouch\iTouch.exe
F:\Programmer\D-Tools\daemon.exe
F:\Programmer\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
F:\PROGRA~1\NORTON~1\navapw32.exe
F:\Programmer\Norton Internet Security\IAMAPP.EXE
F:\Programmer\QuickTime\qttask.exe
C:\Programmer\Logitech\Video\LogiTray.exe
F:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
F:\Programmer\Pinnacle\PCTV USB2\Remote\Remoterm.exe
F:\Programmer\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Apache\Apache.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\VIA\RAID\raid_tool.exe
F:\Programmer\Billionton\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
F:\Programmer\Billionton\Bluetooth-software\BTTray.exe
F:\Programmer\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\LVComS.exe
F:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
F:\Programmer\mausWay2k.exe
C:\Apache\Apache.exe
C:\WINDOWS\system32\svchost.exe
F:\Programmer\Norton Internet Security\SymProxySvc.exe
F:\Programmer\Norton Internet Security\NISSERV.EXE
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Messenger\msmsgs.exe
D:\Dokumenter(Heino)\exe- og ace-filer\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
F2 - REG:system.ini: Shell=
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp48D0.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programmer\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ABIT uGuru] F:\Programmer\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] F:\Programmer\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RemoteControl] F:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCTVUSB2Remote] F:\Programmer\Pinnacle\PCTV USB2\Remote\Remoterm.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "F:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Samurize.lnk = F:\Programmer\Samurize\Client.exe
O4 - Startup: mausWay2k.lnk = F:\Programmer\mausWay2k.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = F:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: Send til &Bluetooth - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apache - Unknown owner - C:\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Apache2 - Unknown owner - C:\apache\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - F:\Programmer\Billionton\Bluetooth-software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - F:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - F:\Programmer\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - F:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Programmer\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - F:\Programmer\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Kiggede lige efter og kan stadig ikke finde de filer du siger jeg skal slette, selvom det ikke er fejlsikret tilstand. De filer det drejer sig om er:
C:\WINDOWS\SYSTEM\blank.htm
C:\WINDOWS\system32\hp4778.tmp
C:\WINDOWS\system32\intell32.exe

Desuden har den genoprettet filerne:
C:\WINDOWS\system32\intmonp.exe og C:\WINDOWS\system32\intmon.exe, selvom jeg slettede dem i fejlsikret tilstand.

Der skal fjernes mere. Jeg får måske tid til at se på det om 1 time.

Det er ligesom om det trods alt er stilnet lidt af. Norton går ikke amok over vira når man starter op, men hvis jeg højreklikker på skrivebordet og vælger Egenskaber, har jeg kun Pauseskærm og Indstillinger tilbage som valgmuligheder! Så der må være noget galt stadigvæk.

Og har så også lige observeret at der stadig kommer Pop-ups af og til, ligesom der er kommet en mappe der hedder Links i min Foretrukne, som ikke har været der før. Ved ikke om det kan hjælpe med at identificere problemet?

Det er helt normalt at du ikke kan finde nogle af filerne.

Jeg går ud fra, at du selv har installeret programmerne samurize og apache?
Hvis ja, så følg nedenstående procedure. Hvis nej, så laver jeg en ny.

Læs alle punkterne inden du gør noget.

(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Hent scannereren http://www.spywareinfo.dk/download/mwav.exe.

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
F2 - REG:system.ini: Shell=
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp48D0.tmp

(4)
Åbn en tilfældig mappe, i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende filer:
C:\WINDOWS\system32\hp48D0.tmp
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\system32\intmon.exe

(5)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(6)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt tage nogen tid.

(7)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.

(8)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.

Jo, både Samurize og Apache er programmer jeg selv har installeret. Prøver at gøre som du siger og så håber jeg det bedste :P

Så ser det sådan ud:

Logfile of HijackThis v1.99.1
Scan saved at 20:14:48, on 13-08-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
F:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
F:\Programmer\ABIT\ABIT uGuru\uGuru.exe
F:\Programmer\Messenger Plus! 3\MsgPlus.exe
F:\Programmer\Logitech\iTouch\iTouch.exe
F:\Programmer\Logitech\MouseWare\system\em_exec.exe
F:\Programmer\D-Tools\daemon.exe
F:\Programmer\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
F:\PROGRA~1\NORTON~1\navapw32.exe
F:\Programmer\Norton Internet Security\IAMAPP.EXE
F:\Programmer\QuickTime\qttask.exe
C:\Programmer\Logitech\Video\LogiTray.exe
F:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
F:\Programmer\Pinnacle\PCTV USB2\Remote\Remoterm.exe
F:\Programmer\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Apache\Apache.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
F:\Programmer\Billionton\Bluetooth-software\bin\btwdins.exe
F:\Programmer\Billionton\Bluetooth-software\BTTray.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
F:\Programmer\Norton AntiVirus\navapsvc.exe
F:\Programmer\mausWay2k.exe
F:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\svchost.exe
F:\Programmer\Norton Internet Security\SymProxySvc.exe
F:\Programmer\Norton Internet Security\NISSERV.EXE
C:\Apache\Apache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Messenger\msmsgs.exe
D:\Dokumenter(Heino)\exe- og ace-filer\hijackthis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programmer\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ABIT uGuru] F:\Programmer\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] F:\Programmer\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RemoteControl] F:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCTVUSB2Remote] F:\Programmer\Pinnacle\PCTV USB2\Remote\Remoterm.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "F:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Samurize.lnk = F:\Programmer\Samurize\Client.exe
O4 - Startup: mausWay2k.lnk = F:\Programmer\mausWay2k.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = F:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: Send til &Bluetooth - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apache - Unknown owner - C:\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Apache2 - Unknown owner - C:\apache\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - F:\Programmer\Billionton\Bluetooth-software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - F:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - F:\Programmer\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - F:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Programmer\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - F:\Programmer\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Men jeg mangler altså stadig nogle af fanebladene i Egenskaber på skrivebordet! Hvordan får jeg dem igen?

1. Hent og dobbeltklik på smitRem.exe

http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

Programmet pakker sig ud til mappen smitRem.

2. Hent Ad-aware

http://spywarefri.dk/vaerktoj.htm#ad-aware

Installer programmet, start det og opdater online, du skal IKKE scanne endnu.
Indstil Ad-Aware efter denne vejledning:
http://www.spywarefri.dk/manualer/adaware-manual.htm
Luk Ad-Aware igen.

3. Hent Ewido:

http://www.spywarefri.dk/forum/links/ewido.htm

Klik på Demo download.
Installer og kør Ewido - Opdater straks efter installationen programmet (men lad være med at scanne endnu).

4. Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:

http://fromsej.dk/html/xpfejl.html

5. Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på "Fix checked":

Det er gjort, så bare spring det over.

6. Åbn mappen smitRem, og dobbeltklik på RunThis.bat (Følg vejledningen i vinduet.)

7. Kør en fuld scanning med Ad-Aware, fjern alt det finder.

8. Kør en fuld scanning med Ewido. Programmet laver en lille log, som du skal kopiere herind.

9. Klik på Start->Kontrolpanel->Skærm->Skrivebord->Tilpas Skrivebordet->Web fjern flueben i Security Info og View my Active desktop as a web page (Fortæl lige hvis de hedder noget andet).

10. Genstart almindeligt, kør denne onlinescanner:

http://www.pandasoftware.com/activescan/activescan.asp?Language=2&Country=63&Partner=1&Ref=EN-PR-AS-107 , (sæt den til Automatic removal).

11. Genstart og kom med en frisk Hijackthislog, samt loggen fra Ewido. Find smitfiles.txt via Start/Søg. Kopier også denne log ind.

Okay. Her er så alle de logs i bad om:

Logfile of HijackThis v1.99.1
Scan saved at 13:20:15, on 14-08-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
F:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apache\Apache.exe
F:\Programmer\Billionton\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
F:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Apache\Apache.exe
F:\Programmer\ewido\security suite\ewidoguard.exe
F:\Programmer\Norton AntiVirus\navapsvc.exe
F:\Programmer\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
F:\Programmer\Norton Internet Security\SymProxySvc.exe
F:\Programmer\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\Programmer\ABIT\ABIT uGuru\uGuru.exe
F:\Programmer\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
F:\Programmer\Messenger Plus! 3\MsgPlus.exe
F:\Programmer\Logitech\iTouch\iTouch.exe
F:\Programmer\Logitech\MouseWare\system\em_exec.exe
F:\Programmer\D-Tools\daemon.exe
F:\PROGRA~1\NORTON~1\navapw32.exe
F:\Programmer\Norton Internet Security\IAMAPP.EXE
F:\Programmer\QuickTime\qttask.exe
C:\Programmer\Logitech\Video\LogiTray.exe
F:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
F:\Programmer\Pinnacle\PCTV USB2\Remote\Remoterm.exe
F:\Programmer\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\VIA\RAID\raid_tool.exe
F:\Programmer\Billionton\Bluetooth-software\BTTray.exe
C:\Programmer\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
F:\Programmer\mausWay2k.exe
D:\Dokumenter(Heino)\exe- og ace-filer\hijackthis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programmer\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ABIT uGuru] F:\Programmer\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmer\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NAV Agent] F:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] F:\Programmer\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RemoteControl] F:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCTVUSB2Remote] F:\Programmer\Pinnacle\PCTV USB2\Remote\Remoterm.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "F:\Programmer\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [STYLEXP] C:\Programmer\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Samurize.lnk = F:\Programmer\Samurize\Client.exe
O4 - Startup: mausWay2k.lnk = F:\Programmer\mausWay2k.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = F:\Programmer\Microsoft Office\Office\1030\OLFSNT40.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: Send til &Bluetooth - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\Billionton\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apache - Unknown owner - C:\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Apache2 - Unknown owner - C:\apache\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - F:\Programmer\Billionton\Bluetooth-software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - F:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - F:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - F:\Programmer\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - F:\Programmer\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Programmer\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmer\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - F:\Programmer\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            12:13:48, 14-08-2005
+ Report-Checksum:        82F99349

+ Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
    C:\WINDOWS\SYSTEM32\oleext.dll -> Trojan.Small.ev : Cleaned with backup
    C:\WINDOWS\SYSTEM32\hhk.dll -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\WINDOWS\SYSTEM32\wppp.html -> Spyware.PSGuard : Cleaned with backup
    D:\Dokumenter(Heino)\exe- og ace-filer\hijackthis\backups\backup-20050813-124803-261.dll -> Spyware.Hijacker.Generic : Cleaned with backup
    D:\Dokumenter(Heino)\exe- og ace-filer\hijackthis\backups\backup-20050813-180953-664.dll -> Spyware.Hijacker.Generic : Cleaned with backup
    F:\Programmer\BearShare\Installer\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup


::Report End




  smitRem log file
    version 2.3

    by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll
wppp.html
ole32vbs.exe
hhk.dll
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

sites.ini


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll
wppp.html
ole32vbs.exe
hhk.dll
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

sites.ini


~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :)

Det ser bedre ud, er dit problem løst?

Jeps, det kører perfekt igen :D I må lige oprette nogen svar, så i kan få pointene.

Så gerne, men Levich skal have flest.*S*

Kan man give flere point til en? Deles pointene ikke altid ligeligt? Anyway, venter lige på at Levich smider et svar.

Nej, du kan godt vælge at give "ulige" point.
Eksperten svar: http://expfaq.1go.dk/?id=3#behandling_af_svar