Popup-helvede - Hijack this log

-- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og opdater programmet. Vent med at scanne.

-- Hent Brute Force Uninstaller, og pak det ud til sin egen mappe (c:\BFU):
http://www.merijn.org/files/bfu.zip

-- Højreklik på følgende link, og vælg "Gem som" for at downloade Alcan Remover. Gem det i samme mappe som du gemte Brute Force Uninstaller i (c:\BFU):
http://metallica.geekstogo.com/alcanshorty.bfu

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Klik på "Min computer", og naviger frem til c:\BFU mappen. Dobbeltklik på BFU.exe. I det vindue som nu dukker frem skal du copy/paste denne linie ind:
c:\bfu\alcanshorty.bfu

Klik herefter på "execute", og lad programmet gøre sit arbejde. Vent and let it do it’s job. Når scriptet er færdig, klikker du på OK, og derefter på EXIT.

-- Kør en fuld scanning med Ewido, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra Ewido.

Hej Tonny

Tak for svaret.
Jeg fik hentet programmerne her til morgen, men havde ikke tid til at sætte dem i værk.
Har du en mistanke om, hvad der kunne være mit problem?

Ja, din pc er inficeret med "Alcan".
Her er en beskrivelse af infektionen. Du må ikke klikke på nogle links på siden, blot læs hvad der står om infektionen !.
http://www.spywareremovalnews.com/news/article-368.html

De ses her:
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard14.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad14.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname14.exe

Førnævnte procedure er den vi er blevet enige om er den bedste til at fjerne præcis den infektion.

Den er igang med Ewido. :)

Inde på hardwareonline.dk fik jeg denne rådgivning:
"#4 du har ikke engang service pack 1 inde.

Hent og installere (husk at vælge det sprog din xp har)
http://www.microsoft.com/windowsxp/downloads/updat...

--Kør så en diskoprydning.
(Start=> Programmer=> Tilbehør=> Systemværktøjer=> Diskoprydning. Sæt flueben ved temp-filer, temporary internet files og papirkurv).

--Hent
Kaspersky Scanner
http://www.spywareinfo.dk/download/mwav.exe

Installer og kør derefter Kaspersky scanneren.
(Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
- og prik i følgende: All local drives og Scan all files. Klik på scan.)

Denne scanning kan godt tage et par timer alt efter hvor meget du har liggende på din computer. Når scanningen er færdig, og har slettet dine evt. virus. Klik på Ok. Klik på exit, klik på exit igen, hvis du ikke ønsker at købe programmet.

TIP: du skal ikke klikke på Add to Startup folders, så scannes din maskine hver gang du starter Windows op.



--Installere og opdatere eWido og kør en komplet scan med det.
http://www.ewido.net/en/download/

--Så starter du hijackthis programmet op og vælger "do a system scan" (du skal IKKE kører hjt fra temp mappen, pak den i stedet ud på skrivebordet eller roden c:))

--så vælger du "save log" og den gemmer du på skrive bordet.

---Så uploader du loggen her http://www.peecee.dk/ hvis den siger fejl, så omdød til .txt dokument med notepad, åbne og gem som.(eksempel, navnpåminfill.txt)"

Det er en lidt anden procedure, kan jeg forstå. Er dette også en løsning på mit alcan-problem eller er dette en mere forebyggende metode, så jeg i fremtiden vil undgå samme problemer?

Tusind tak for svaret igen, Tonny.

Velbekomme. Du får skam også at vide af mig at du bør opdatere med servicepack, men jeg ville vente til den var ren og så anbefale servicepack 2.

De 2 scannere er gode og kan måske fjerne infektionen i fællesskab, men mit info er direkte målrettet efter den specifikke infektion du har. Det har vist sig at der stadig er efterladenskaber efter at scannere har fjernet infektionerne, og det burde der ikke være med min procedure.

Derfor:
Du har ikke opdateret dit Windows XP til ServicePack2 (SP2).
"Ubeskyttede pc’er holder i 20 minutter]":
http://forum.mib-eu.dk/forum_posts.asp?TID=44

Det er ikke så godt, for så er du ikke sikret mod mange af de vira, der suser rundt på nettet og kigger efter uopdaterede maskiner.
Good Luck... men først når putter er erklæret 'ren' ...

Følg guiden fra <tonnybrandt> - du er i gode fingre...

Der opstod et ret stort problem, tror jeg. Jeg forsøgte at køre den fulde scanning, men TO gange efter ca. 60% og 30 mins scan gik skærmen i blå.
Jeg fik en meddelelse om at windows havde truffet et alvorligt problem, som den ville undgå ved at lukkes...
Derfor blev det kun til en hurtig scanning - Er det måske incitament nok til at lave en komplet formatering?

Men her er begge logs:
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            17:31:36, 25-04-2006
+ Report-Checksum:        298DD8F4

+ Scan result:

    [640] C:\WINDOWS\system32\vrhelper.dll -> Spyware.Look2Me : Error during cleaning
    [768] C:\WINDOWS\system32\vrhelper.dll -> Spyware.Look2Me : Error during cleaning
    C:\WINDOWS\system32\fp4203hoe.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\hrp8057ue.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
    C:\WINDOWS\system32\pebase.dll -> Spyware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\wkpui.dll -> Spyware.Look2Me : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfk4ghc5oeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfk4gnc5kkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfk4qiczgep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfk4unazwbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkikkc5caq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkiqkc5wap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkiqlajsfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkiujdjgep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkocgazcdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkoqkcjsgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkouicpoco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkoukdjigo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkowgdjolo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkowodjmbo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkyahd5mao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkyghdjklp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfkysncpgdo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfl4cpazgbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfl4kicpiaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfl4kmdjskp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfl4qkcjibp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfl4wnd5ihq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wflighc5gho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfliohdpcko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfloaiazgfo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wflocgajeko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wflocodpmdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wflysgcjslp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfmiklc5ofq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfmygid5kko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfmysjczkdq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wfmysmczwgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wgkikoazifq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wgkoehcpkdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wgkoejcpakp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wgkoekcjwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wgkykjd5eao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wgl4kgdpelp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wgl4kkc5okp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wgl4oiazico.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wglignd5icp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjk4apajskp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjk4cpajigo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjk4ekd5whq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjk4opd5slp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjkoeidzmbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjkoqodjmlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjkoqpc5eko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjkyahcjghq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjkycjd5kdq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjkykpazsdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjkyskcjago.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjkysodzgcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjl4sodpkdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjliqpajihp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjlisgdpkho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjlocldpkho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjloghcjiap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjlokhazscq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjloogazihp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjloohdpwdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjlyancpmgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjlyokd5eeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjlysiczkcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjlysldpscq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjmiagajgbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjmiokczgfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjmiomcjmho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjmiuld5mdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjmyclazmco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjmyegd5akq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjmyeld5wfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjmygpczmgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjmykkc5mlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjmyoodjkcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjny-1jd5gd.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjnycodpscp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjnyoncpako.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjnyond5wlo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@e-2dj6wjnyumajoaq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@metacafe.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@pay4klick[1].txt -> Spyware.Cookie.Pay4klick : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@wrigley.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@www.adtrak[1].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Jeppe Aaen.JEPPE\Cookies\jeppe aaen@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup


::Report End"

Ny hijack

Logfile of HijackThis v1.99.1
Scan saved at 17:36:42, on 25-04-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\ewido\security suite\ewidoguard.exe
C:\DOCUME~1\JEPPEA~1.JEP\LOCALS~1\Temp\Rar$EX00.015\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130786710311
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130786701639
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\enjol1131.dll
O23 - Service: ewido security suite control - ewido networks - C:\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Det virker dog om om de 4 linjer, som Tonny postede tidligere er borte. Jeg får dog stadig popups.
Et forslag til næste trin.

Jeg kan se, at I allerede har brugt meget tid på mig, og at jeg kun giver 30 point for en besvarelse. Jeg skal med glæde oprette en ny tråd senere, så I kan blive belønnet bedre.
Tak for det igen.

Jeppe

Det bliver en geninstallation af windows. Får lige service packs ind også.
Fordømt :)

Er du gået igang med geninstallation ?

Ellers er her proceduren som gerne skulle fjerne den look2me infektion som den også er inficeret med:

Hent Look2Me-Destroyer herfra:

http://www.atribune.org/ccount/click.php?id=7

...og gem værktøjet på dit Skrivebord.

2. Luk alle åbne programvinduer - inklusiv Internet Explorer.

3. Dobbeltklik på Look2Me-Destroyer, sæt et flueben i "Run this program as a task". Du får en meddelelse om, at Look2Me-Destroyer vil lukke og åbne efter 10 sekunder - klik på OK.

Når Look2Me-Destroyer genåbner - klik på "Scan for L2M" - dine ikoner forsvinder - klik "Remove L2M". Klik OK når du får meddelelsen "Done scanning".

Nu får du meddelelsen "Done removing infected files!. Programmet vil lukke din computer - klik OK. Nu skal du finde filen C:\Look2Me-Destroyer.txt og kopiere indholdet herind, sammen med en frisk HijackThis log.

4. Hvis din firewall vil blokere Look2Me-Destroyers adgang til nettet, så skal du lade programmet få adgang.

Hvis du får en runtime error 339, så skal du hente MSWINSCK.OCX herfra:

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

...og placere den i mappen C:\Windows\System32 .

Ja, jeg har formateret og det meste er geninstalleret. Jeg har også lagt en virusscanner ind nu.

Hvordan lukker jeg dette spørgsmål - og hvordan giver jeg point?

Tusind tak for din tid.

... har du så nu fået FULD WindowsUpdate ?
Ref.: [25/04-2006 17:10:25]

(Tja - hvis du ikke får dette gennemført ses vi nok snart igen...i virus kategorien?)

Du kan lukke spørgsmålet ved at markere mit navn ovre til venstre og trykke accepter.

Surt at en rensning skal ende med en geninstallation, men det sker desværre at maskinen er så inficeret at rensningen får maskinen til at gå ned. Det er sjældent, men det sker.

Takker for point :)