Hent og kør Shootthemessenger, det burde tage livet af de popups.
http://grc.com/stm/shootthemessenger.htm
Derefter følger du denne vejledning, punkt 1-4.
http://www.spywarefri.dk/hjtanv.htm

Jeg har et problem, når jeg bruger Hijack. Når jeg har gemt loggen, kommer der en masse ting på min computer. Den skifter startside m.m. Det samme sker, når jeg prøver at åbne det gemte. Hvad skal jeg gøre ?

Hvis du ikke kan åbne hijackthislogfilen, så send den som en vedhæftet fil til:
from09sej (at) webspeed.dk
Erstat (at) med @.
Skriv 4292 i emne, så jeg ved hvor den hører til.

Er sendt.

Logfil fra FS.

Logfile of HijackThis v1.98.0
Scan saved at 19:13:28, on 05-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/SOINTGR.EXE
C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/ICQLite/ICQLite.exe
C:/WINDOWS/system32/inetsrv/services.exe
C:/WINDOWS/System32/beovyg.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/Fælles filer/Real/Update_OB/rnathchk.exe
C:/WINDOWS/System32/nvsvc32.exe
C:/WINDOWS/System32/wovbj.exe
C:/Documents and Settings/Bruger/Application Data/esdo.exe
C:/WINDOWS/System32/RUNDLL32.EXE
C:/Documents and Settings/All Users/Menuen Start/Programmer/Start/BQLF.EXE
C:/WINDOWS/system32/pctspk.exe
C:/Programmer/Internet Explorer/iexplore.exe
D:/Documents and Settings/Bruger/Dokumenter/hijackthis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://tdconline.dk/
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.tiscali.dk/
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = http://www.opasia.dk/msie_search.html
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page_bak = http://tdconline.dk/
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Window Title = Microsoft Internet Explorer provided by Tiscali
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:/WINDOWS/Downloaded Program Files/ycomp5_3_16_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:/Programmer/MyWay/myBar/1.bin/MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: (no name) - {38FC6F73-BA42-2EC7-D157-615504A12C1B} - C:/WINDOWS/System32/xml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Programmer/Spybot - Search & Destroy/SDHelper.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: &SearchBar; - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:/Programmer/MyWay/myBar/1.bin/MYBAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:/WINDOWS/Downloaded Program Files/ycomp5_3_16_0.dll
O4 - HKLM/../Run: [S3TRAY2] S3tray2.exe
O4 - HKLM/../Run: [SO5 Integrator Pass Two] C:/WINDOWS/SOINTGR.EXE
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe” -osboot
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [ICQ Lite] C:/Programmer/ICQLite/ICQLite.exe -minimize
O4 - HKLM/../Run: [SuperBar.Component] C:/WINDOWS/system32/inetsrv/services.exe
O4 - HKLM/../Run: [AdRotator.Application] C:/WINDOWS/system32/drivers/csrss.exe
O4 - HKLM/../Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:/WINDOWS/system32/wbem/svchost.exe
O4 - HKLM/../Run: [ylxqsgonpz] C:/WINDOWS/System32/beovyg.exe
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKCU/../Run: [MsnMsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - HKCU/../Run: [Ifqvfb] C:/WINDOWS/System32/wovbj.exe
O4 - HKCU/../Run: [Cdns] C:/Documents and Settings/Bruger/Application Data/esdo.exe
O4 - HKCU/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU/../RunOnce: [ICQ Lite] C:/Programmer/ICQLite/ICQLite.exe -trayboot
O4 - Global Startup: BQLF.EXE
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions present
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:/Programmer/ICQLite/ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:/Programmer/ICQLite/ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.dk/
O15 - Trusted Zone: http://*.mt-download.com
O15 - Trusted Zone: http://*.xxxtoolbar.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/dk/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22ae73b1c832cd921305/netzip/RdxIE2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab

Flyt Hijackthis til en mappe oprettet til formålet.

Deaktiver systemgendannelse:
http://www.spywarefri.dk/virusscannere.htm#alle

Hent denne scanner, den skal du bruge senere.
http://www.mwti.net/antivirus/free_utilities.asp - Virusscanner.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret(Tryk <F8> under opstart) og slet filerne listet nederst.
Dobbelttjek, så alt kommer med.

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:/Programmer/MyWay/myBar/1.bin/MYBAR.DLL
O3 - Toolbar: &SearchBar; - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:/Programmer/MyWay/myBar/1.bin/MYBAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:/WINDOWS/Downloaded Program Files/ycomp5_3_16_0.dll
O4 - HKLM/../Run: [SuperBar.Component] C:/WINDOWS/system32/inetsrv/services.exe
O4 - HKLM/../Run: [AdRotator.Application] C:/WINDOWS/system32/drivers/csrss.exe
O4 - HKLM/../Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:/WINDOWS/system32/wbem/svchost.exe
O4 - HKLM/../Run: [ylxqsgonpz] C:/WINDOWS/System32/beovyg.exe
O4 - HKCU/../Run: [Ifqvfb] C:/WINDOWS/System32/wovbj.exe
O4 - HKCU/../Run: [Cdns] C:/Documents and Settings/Bruger/Application Data/esdo.exe
O4 - Global Startup: BQLF.EXE
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Restrictions present
O6 - HKCU/Software/Policies/Microsoft/Internet Explorer/Control Panel present
O15 - Trusted Zone: http://*.mt-download.com
O15 - Trusted Zone: http://*.xxxtoolbar.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22ae73b1c832cd921305/netzip/RdxIE2.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab

———————————————————-
Sletning af filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.
Brug af Start->Søg.
Klik på “Alle filer og mapper”
Klik på “Avancerede indstillinger”
Sæt flueben i de tre øverste.
—————————-
Mapper:
C:/Programmer/MyWay/
—————————-
Filer:Vær opmærksom på den mappe filen du sletter ligger i, der er legale filer af samme navn i andre mapper.
C:/WINDOWS/system32/inetsrv/services.exe
C:/WINDOWS/system32/drivers/csrss.exe
C:/WINDOWS/system32/wbem/svchost.exe
C:/WINDOWS/System32/beovyg.exe
C:/WINDOWS/System32/wovbj.exe
C:/Documents and Settings/Bruger/Application Data/esdo.exe
BQLF.EXE <<<- Brug Start->Søg.
———————————————————-
Så kører du engangsskanneren fra Kaspersky - Aktiver det hele i opsætningen derinde, så den kan skanne alt igennem.

———————————————————-
Du skal også lige hente og installere programmet Ad-aware hvis du da ikke har det i forvejen. Opdater det straks efter installationen, og inden du kører en scanning med denne. Fjern alt hvad den finder. Programmet samt brugervejledning på dansk finder du her: http://www.spywarefri.dk/vaerktoj.htm#adaware
Følg også vejledningen her til udvidet søgning: http://www.spywarefri.dk/tipsogtricks.htm#adaware
———————————————————-
Genstart og kom med en ny logfil, så jeg kan se om alt er med.

Jeg må have gjort et eller andet galt. Da jeg havde sat fluebenene ud for de dårlige ting, og trykket på FIX-knappen, startede jeg i fejlsikret tilstand. Da jeg så kørte igennem, så det også ud til, at de var væk. Men da jeg trykkede på Save Log, kom de tilbage, ændrede startsiden m.m. Hvad kan jeg gøre forkert ?

Jeg har fremsendt dem mulige nye log.

Log 2.

Logfile of HijackThis v1.98.0
Scan saved at 20:47:37, on 05-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/Explorer.EXE
C:/Programmer/Windows NT/Tilbehør/wordpad.exe
C:/WINDOWS/system32/arpa.exe
C:/WINDOWS/services.exe
C:/Programmer/ISTsvc/istsvc.exe
C:/Documents and Settings/Bruger/Application Data/esdo.exe
C:/Programmer/Internet Explorer/iexplore.exe
c:/programmer/180solutions/msbb.exe
C:/Programmer/Internet Explorer/iexplore.exe
D:/Documents and Settings/Bruger/Dokumenter/Hijack/hijackthis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=144207
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=144207
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.slotch.com/?&account_id=144207
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.tiscali.dk/
R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=144207
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = http://www.opasia.dk/msie_search.html
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page_bak = http://tdconline.dk/
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Window Title = Microsoft Internet Explorer provided by Tiscali
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:/WINDOWS/twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: (no name) - {38FC6F73-BA42-2EC7-D157-615504A12C1B} - C:/WINDOWS/System32/xml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Programmer/Spybot - Search & Destroy/SDHelper.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:/WINDOWS/Downloaded Program Files/CONFLICT.2/bridge.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:/Programmer/ISTbar/istbar.dll
O4 - HKLM/../Run: [S3TRAY2] S3tray2.exe
O4 - HKLM/../Run: [SO5 Integrator Pass Two] C:/WINDOWS/SOINTGR.EXE
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe” -osboot
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [ICQ Lite] C:/Programmer/ICQLite/ICQLite.exe -minimize
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [SuperBar.Component] C:/WINDOWS/system32/inetsrv/services.exe
O4 - HKLM/../Run: [AdRotator.Application] C:/WINDOWS/system32/drivers/csrss.exe
O4 - HKLM/../Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:/WINDOWS/system32/wbem/svchost.exe
O4 - HKLM/../Run: [IST Service] C:/Programmer/ISTsvc/istsvc.exe
O4 - HKLM/../Run: [msbb] c:/programmer/180solutions/msbb.exe
O4 - HKLM/../Run: [Power Scan] C:/Programmer/Power Scan/powerscan.exe
O4 - HKLM/../Run: [bwt] C:/WINDOWS/bwt.exe
O4 - HKLM/../Run: [RunDLL] rundll32.exe “C:/WINDOWS/Downloaded Program Files/CONFLICT.2/bridge.dll”,Load
O4 - HKCU/../Run: [MsnMsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - HKCU/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU/../Run: [WNSI] C:/WINDOWS/System32/wnscpcc.exe
O4 - HKCU/../Run: [Cdns] C:/Documents and Settings/Bruger/Application Data/esdo.exe
O4 - Global Startup: BQLF.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:/Programmer/ICQLite/ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:/Programmer/ICQLite/ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.dk/
O15 - Trusted Zone: http://*.flingstone.com
O15 - Trusted Zone: http://*.mt-download.com
O15 - Trusted Zone: http://*.xxxtoolbar.com
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/dk/win/QuickTimeInstaller.exe
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

Hmm, nu kom der nye infektioner, lad os se om ikke vi får ram på dem.

Fixes:

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=144207
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=144207
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.slotch.com/?&account_id=144207
R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=144207
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:/WINDOWS/twaintec.dll
O2 - BHO: (no name) - {38FC6F73-BA42-2EC7-D157-615504A12C1B} - C:/WINDOWS/System32/xml.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:/Programmer/ISTbar/istbar.dll
O4 - HKLM/../Run: [SuperBar.Component] C:/WINDOWS/system32/inetsrv/services.exe
O4 - HKLM/../Run: [AdRotator.Application] C:/WINDOWS/system32/drivers/csrss.exe
O4 - HKLM/../Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:/WINDOWS/system32/wbem/svchost.exe
O4 - HKLM/../Run: [IST Service] C:/Programmer/ISTsvc/istsvc.exe
O4 - HKLM/../Run: [msbb] c:/programmer/180solutions/msbb.exe
O4 - HKLM/../Run: [bwt] C:/WINDOWS/bwt.exe
O4 - HKLM/../Run: [RunDLL] rundll32.exe “C:/WINDOWS/Downloaded Program Files/CONFLICT.2/bridge.dll”,Load
O4 - HKCU/../Run: [WNSI] C:/WINDOWS/System32/wnscpcc.exe
O4 - HKCU/../Run: [Cdns] C:/Documents and Settings/Bruger/Application Data/esdo.exe
O4 - Global Startup: BQLF.EXE
O15 - Trusted Zone: http://*.flingstone.com
O15 - Trusted Zone: http://*.mt-download.com
O15 - Trusted Zone: http://*.xxxtoolbar.com
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

Slettes:
Mapper.
C:/Programmer/ISTbar/
C:/Programmer/ISTsvc/
c:/programmer/180solutions/
C:/WINDOWS/Downloaded Program Files/CONFLICT.2/
——————————
Filer.
C:/WINDOWS/twaintec.dll
C:/WINDOWS/System32/xml.dll
C:/WINDOWS/system32/inetsrv/services.exe
C:/WINDOWS/system32/drivers/csrss.exe
C:/WINDOWS/system32/wbem/svchost.exe
C:/WINDOWS/bwt.exe
C:/WINDOWS/System32/wnscpcc.exe
C:/Documents and Settings/Bruger/Application Data/esdo.exe
BQLF.EXE

Jeg skal bare lige være helt sikker: Jeg går ind i Hijack, og markerer det, der skal fixes, og trykker på fix-knappen. Derefter trykker jeg på genstart, og kører i fejlsikret tilstand. Derefter ordner jeg mapperne og filerne, og kører en ny Hijack-test ?

Ja, bortset fra at du skal genstarte i normal tilstand efter du har slettet filer og mapper.
Så laver du en ny hijacklog.

Så har jeg sendt den nye log. Når jeg trykker på Save Log kommer der hver eneste gang ‘Purity Scan’ og ‘Power Scan’ op.

Log 3.

Logfile of HijackThis v1.98.0
Scan saved at 22:37:54, on 05-07-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/System32/nvsvc32.exe
C:/WINDOWS/system32/pctspk.exe
C:/WINDOWS/SOINTGR.EXE
C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/ICQLite/ICQLite.exe
C:/Programmer/Fælles filer/Real/Update_OB/rnathchk.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/WINDOWS/System32/RUNDLL32.EXE
C:/Documents and Settings/All Users/Menuen Start/Programmer/Start/BQLF.EXE
D:/Documents and Settings/Bruger/Dokumenter/Hijack/hijackthis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://tdconline.dk/
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.tiscali.dk/
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = http://www.opasia.dk/msie_search.html
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page_bak = http://tdconline.dk/
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Window Title = Microsoft Internet Explorer provided by Tiscali
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: (no name) - {38FC6F73-BA42-2EC7-D157-615504A12C1B} - C:/WINDOWS/System32/xml.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Programmer/Spybot - Search & Destroy/SDHelper.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [S3TRAY2] S3tray2.exe
O4 - HKLM/../Run: [SO5 Integrator Pass Two] C:/WINDOWS/SOINTGR.EXE
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe” -osboot
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [ICQ Lite] C:/Programmer/ICQLite/ICQLite.exe -minimize
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [SuperBar.Component] C:/WINDOWS/system32/inetsrv/services.exe
O4 - HKLM/../Run: [AdRotator.Application] C:/WINDOWS/system32/drivers/csrss.exe
O4 - HKLM/../Run: [{357AA41A-B7A8-4632-A27D-5B980B25CF43}] C:/WINDOWS/system32/wbem/svchost.exe
O4 - HKLM/../Run: [RunDLL] rundll32.exe “C:/WINDOWS/Downloaded Program Files/CONFLICT.2/bridge.dll”,Load
O4 - HKLM/../Run: [pynwh] C:/WINDOWS/pynwh.exe
O4 - HKCU/../Run: [MsnMsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - HKCU/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU/../Run: [WNSI] C:/WINDOWS/System32/wnscpcc.exe
O4 - HKCU/../Run: [Cdns] C:/Documents and Settings/Bruger/Application Data/esdo.exe
O4 - HKCU/../RunOnce: [ICQ Lite] C:/Programmer/ICQLite/ICQLite.exe -trayboot
O4 - Global Startup: BQLF.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:/Programmer/ICQLite/ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:/Programmer/ICQLite/ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.dk/
O15 - Trusted Zone: http://*.mt-download.com
O15 - Trusted Zone: http://*.xxxtoolbar.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/dk/win/QuickTimeInstaller.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

Har du scannet med både Spybot og Ad-aware?
Prøv det en gang til så, og sørg for at de er fuldt opdaterede.