1. Hent CWSschredder her:

http://www.spywareinfo.com/downloads/tools/CWShredder.exe

2. For at kunne se alle filer:

Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.

3. Genstart i Fejlsikret tilstand (ved at taste F8 under opstart).

4. Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik “Fix checked”:

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=136299
R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = about:blank
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page_bak = C:/WINDOWS/System32/IEsp.mht
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0B519E07-7824-4adc-8890-93D5EABBF285} - C:/WINDOWS/System32/msadocm32.dll
O2 - BHO: {EE100319-D560-41AF-94B8-CF13D32F33DF} - {EE100319-D560-41AF-94B8-CF13D32F33DF} - C:/WINDOWS/1089019237.dll
O4 - HKLM/../Run: [Windows SA] C:/Program Files/WindowsSA/omniscient.exe
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O21 - SSODL: System - {B9C9422F-A407-4C46-BBE0-06DFA5A952EB} - C:/WINDOWS/system32/system32.dll (file missing)

5. Find og slet:

C:/WINDOWS/System32/IEsp.mht
C:/WINDOWS/System32/msadocm32.dll
C:/WINDOWS/1089019237.dll
C:/Program Files/WindowsSA/ <<—hele mappen

6. Kør CWShredder (som du downloadede før), luk alle vinduer, undtaget CWSschredder, klik på “Fix”, den scanner nu, når den er færdig klik på “Next”, klik på “Finish”.

Genstart din computer, kør HijackThis, scan og læg en frisk log herind.

Jeg kan ikke DL CWSschredder..!

Så må du tage den herfra ... http://home8.inet.tele.dk/fbj/CWShredder.exe

Det virkede…[:X]

Logfile of HijackThis v1.98.0
Scan saved at 19:21:26, on 09-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/LEXBCES.EXE
C:/WINDOWS/system32/spoolsv.exe
C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
C:/WINDOWS/system32/LEXPPS.EXE
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/system32/dla/tfswctrl.exe
C:/Programmer/Dell/Media Experience/PCMService.exe
C:/WINDOWS/System32/DSentry.exe
C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe
C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
C:/Programmer/MusicMatch/MusicMatch Jukebox/mm_tray.exe
C:/Programmer/NuCam Corp/CamCheck/CamCheck.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/Messenger/msmsgs.exe
C:/Programmer/Lexmark X1100 Series/lxbkbmgr.exe
C:/Programmer/Lexmark X1100 Series/lxbkbmon.exe
C:/WINDOWS/System32/RUNDLL32.EXE
C:/Programmer/SpywareGuard/sgmain.exe
C:/Programmer/SpywareGuard/sgbhp.exe
C:/WINDOWS/twain_32/SiPix/SCBlink2/Srvany.exe
C:/Programmer/Norton AntiVirus/navapsvc.exe
C:/WINDOWS/twain_32/SiPix/SCBlink2/USBPNP.exe
C:/WINDOWS/System32/nvsvc32.exe
C:/WINDOWS/System32/svchost.exe
C:/Temp/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=136299
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.jubii.dk/
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.euro.dell.com/
R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = about:blank
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page_bak = C:/WINDOWS/System32/IEsp.mht
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:/Programmer/SpywareGuard/dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Programmer/Spybot - Search & Destroy/SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:/WINDOWS/system32/dla/tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Programmer/Norton AntiVirus/NavShExt.dll
O2 - BHO: {EE100319-D560-41AF-94B8-CF13D32F33DF} - {EE100319-D560-41AF-94B8-CF13D32F33DF} - C:/WINDOWS/1089019237.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Programmer/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:/WINDOWS/Downloaded Program Files/googlenav.dll
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [dla] C:/WINDOWS/system32/dla/tfswctrl.exe
O4 - HKLM/../Run: [PCMService] “C:/Programmer/Dell/Media Experience/PCMService.exe”
O4 - HKLM/../Run: [DVDSentry] C:/WINDOWS/System32/DSentry.exe
O4 - HKLM/../Run: [ccApp] “C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe”
O4 - HKLM/../Run: [ccRegVfy] “C:/Programmer/Fælles filer/Symantec Shared/ccRegVfy.exe”
O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
O4 - HKLM/../Run: [MMTray] C:/Programmer/MusicMatch/MusicMatch Jukebox/mm_tray.exe
O4 - HKLM/../Run: [CamCheck] C:/Programmer/NuCam Corp./CamCheck/CamCheck.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [Lexmark X1100 Series] “C:/Programmer/Lexmark X1100 Series/lxbkbmgr.exe”
O4 - HKLM/../Run: [NeroCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NvMcTray.dll,NvTaskbarInit
O4 - HKCU/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = C:/Programmer/SpywareGuard/sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:/Programmer/Logitech/Desktop Messenger/8876480/Program/LDMConf.exe
O8 - Extra context menu item: &Google; Search - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links; - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed; Snapshot of Page - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:/PROGRA~1/MICROS~3/OFFICE11/EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar; Pages - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/System32/msjava.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/System32/msjava.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~3/OFFICE11/REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O12 - Plugin for .spop: C:/Programmer/Internet Explorer/Plugins/NPDocBox.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab

Der var en del af dem jeg skulle slette, som ikke kom frem under fejlsikret tilstand, deriblandt R1 og O15. Der var også en fil jeg ikke kunne slette C:/Windows/1089019237..!

Men når jeg starter min browser op, så skifter den ikke side. som den gjore førhen..

Vi er ikke færdige endnu, men vi skal nok få ram på den Du bliver nødt til at gentage følgende:

Genstart i fejlsikret tilstand (ved at taste F8 under opstart).

Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik “Fix checked”:

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=136299
R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = about:blank
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page_bak = C:/WINDOWS/System32/IEsp.mht
R3 - Default URLSearchHook is missing
O2 - BHO: {EE100319-D560-41AF-94B8-CF13D32F33DF} - {EE100319-D560-41AF-94B8-CF13D32F33DF} - C:/WINDOWS/1089019237.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com

Find og slet: C:/WINDOWS/1089019237.dll og C:/WINDOWS/System32/IEsp.mht

Genstart i Normal tilstand, kør HijackThis, scan og læg en frisk log herind.

Logfile of HijackThis v1.98.0
Scan saved at 19:53:06, on 09-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/LEXBCES.EXE
C:/WINDOWS/system32/spoolsv.exe
C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
C:/WINDOWS/system32/LEXPPS.EXE
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/system32/dla/tfswctrl.exe
C:/Programmer/Dell/Media Experience/PCMService.exe
C:/WINDOWS/System32/DSentry.exe
C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe
C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
C:/Programmer/MusicMatch/MusicMatch Jukebox/mm_tray.exe
C:/Programmer/NuCam Corp/CamCheck/CamCheck.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/Messenger/msmsgs.exe
C:/Programmer/Lexmark X1100 Series/lxbkbmgr.exe
C:/Programmer/Lexmark X1100 Series/lxbkbmon.exe
C:/WINDOWS/twain_32/SiPix/SCBlink2/Srvany.exe
C:/WINDOWS/System32/RUNDLL32.EXE
C:/Programmer/Norton AntiVirus/navapsvc.exe
C:/WINDOWS/twain_32/SiPix/SCBlink2/USBPNP.exe
C:/WINDOWS/System32/nvsvc32.exe
C:/Programmer/SpywareGuard/sgmain.exe
C:/Programmer/SpywareGuard/sgbhp.exe
C:/WINDOWS/System32/svchost.exe
C:/Temp/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=136299
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.jubii.dk/
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.euro.dell.com/
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page_bak = C:/WINDOWS/System32/IEsp.mht
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:/Programmer/SpywareGuard/dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Programmer/Spybot - Search & Destroy/SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:/WINDOWS/system32/dla/tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Programmer/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Programmer/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:/WINDOWS/Downloaded Program Files/googlenav.dll
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [dla] C:/WINDOWS/system32/dla/tfswctrl.exe
O4 - HKLM/../Run: [PCMService] “C:/Programmer/Dell/Media Experience/PCMService.exe”
O4 - HKLM/../Run: [DVDSentry] C:/WINDOWS/System32/DSentry.exe
O4 - HKLM/../Run: [ccApp] “C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe”
O4 - HKLM/../Run: [ccRegVfy] “C:/Programmer/Fælles filer/Symantec Shared/ccRegVfy.exe”
O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
O4 - HKLM/../Run: [MMTray] C:/Programmer/MusicMatch/MusicMatch Jukebox/mm_tray.exe
O4 - HKLM/../Run: [CamCheck] C:/Programmer/NuCam Corp./CamCheck/CamCheck.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [Lexmark X1100 Series] “C:/Programmer/Lexmark X1100 Series/lxbkbmgr.exe”
O4 - HKLM/../Run: [NeroCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NvMcTray.dll,NvTaskbarInit
O4 - HKCU/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = C:/Programmer/SpywareGuard/sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:/Programmer/Logitech/Desktop Messenger/8876480/Program/LDMConf.exe
O8 - Extra context menu item: &Google; Search - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links; - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed; Snapshot of Page - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:/PROGRA~1/MICROS~3/OFFICE11/EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar; Pages - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/System32/msjava.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/System32/msjava.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~3/OFFICE11/REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O12 - Plugin for .spop: C:/Programmer/Internet Explorer/Plugins/NPDocBox.dll
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab

Det eneste der mangler er de to filer der skulle slettes, den ene var der ikke..?? Og den anden kunne jeg ikke slette..!!

Den skal åbenbart tages ét skridt af gangen.

1. Hent TheKillBox her:

http://home8.inet.tele.dk/fbj/TheKillBox.exe

Der ligger en brugsanvisning her:

http://home8.inet.tele.dk/fbj/TheKillBoxBrugsanvisning.htm

2. Genstart i Fejlsikret tilstand:

3. Hiv dit internetstik ud af computeren, så infektionen ikke kan få fat i internettet.

4. Kør CWShredder, luk alle vinduer, undtaget CWSschredder, klik på “Fix”, den scanner nu, når den er færdig klik på “Next”, klik på “Finish”.

5. Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik “Fix checked”:

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=136299
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page_bak = C:/WINDOWS/System32/IEsp.mht

6. Kør TheKillBox, kopier C:/WINDOWS/System32/IEsp.mht ind i tekstfeltet og klik på “Find and kill this file”. Hvis du får et negativt svar ud af det, så kopier C:/WINDOWS/System32/IEsp.mht ind i tekstfeltet igen, klik på den Grønne pil i nederste venstre hjørne, klik på Add File, klik på Remove on Reboot. Genstart.

7. Genstart i Normal tilstand, og læg en frisk HijackThis log herind.

Logfile of HijackThis v1.98.0
Scan saved at 20:37:27, on 09-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/LEXBCES.EXE
C:/WINDOWS/system32/spoolsv.exe
C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
C:/WINDOWS/system32/LEXPPS.EXE
C:/WINDOWS/system32/userinit.exe
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/system32/dla/tfswctrl.exe
C:/Programmer/Dell/Media Experience/PCMService.exe
C:/WINDOWS/System32/DSentry.exe
C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe
C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
C:/Programmer/MusicMatch/MusicMatch Jukebox/mm_tray.exe
C:/Programmer/NuCam Corp/CamCheck/CamCheck.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/Messenger/msmsgs.exe
C:/Programmer/Lexmark X1100 Series/lxbkbmgr.exe
C:/Programmer/Lexmark X1100 Series/lxbkbmon.exe
C:/WINDOWS/System32/RUNDLL32.EXE
C:/Programmer/SpywareGuard/sgmain.exe
C:/Programmer/SpywareGuard/sgbhp.exe
C:/WINDOWS/twain_32/SiPix/SCBlink2/Srvany.exe
C:/Programmer/Norton AntiVirus/navapsvc.exe
C:/WINDOWS/twain_32/SiPix/SCBlink2/USBPNP.exe
C:/WINDOWS/System32/nvsvc32.exe
C:/WINDOWS/System32/svchost.exe
C:/Temp/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=136299
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.jubii.dk/
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.euro.dell.com/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:/Programmer/SpywareGuard/dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Programmer/Spybot - Search & Destroy/SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:/WINDOWS/system32/dla/tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Programmer/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Programmer/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:/WINDOWS/Downloaded Program Files/googlenav.dll
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [dla] C:/WINDOWS/system32/dla/tfswctrl.exe
O4 - HKLM/../Run: [PCMService] “C:/Programmer/Dell/Media Experience/PCMService.exe”
O4 - HKLM/../Run: [DVDSentry] C:/WINDOWS/System32/DSentry.exe
O4 - HKLM/../Run: [ccApp] “C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe”
O4 - HKLM/../Run: [ccRegVfy] “C:/Programmer/Fælles filer/Symantec Shared/ccRegVfy.exe”
O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
O4 - HKLM/../Run: [MMTray] C:/Programmer/MusicMatch/MusicMatch Jukebox/mm_tray.exe
O4 - HKLM/../Run: [CamCheck] C:/Programmer/NuCam Corp./CamCheck/CamCheck.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [Lexmark X1100 Series] “C:/Programmer/Lexmark X1100 Series/lxbkbmgr.exe”
O4 - HKLM/../Run: [NeroCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NvMcTray.dll,NvTaskbarInit
O4 - HKCU/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = C:/Programmer/SpywareGuard/sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:/Programmer/Logitech/Desktop Messenger/8876480/Program/LDMConf.exe
O8 - Extra context menu item: &Google; Search - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links; - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed; Snapshot of Page - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:/PROGRA~1/MICROS~3/OFFICE11/EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar; Pages - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/System32/msjava.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/System32/msjava.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~3/OFFICE11/REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O12 - Plugin for .spop: C:/Programmer/Internet Explorer/Plugins/NPDocBox.dll
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab

Den ene R1 var der ikke..!!

Tager du fis på mig

Find din hosts fil - C:/windows/system32/drivers/etc og omdøb den til hosts.bak

Fix denne linie med HijackThis:

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=136299

Hent Spybot - Search & Destroy:

http://security.kolla.de/index.php?lang=de&page=download

Installer programmet, opdater det med alle opdateringer. Luk alle winduer og scan med SpyBot - fix alt den markerer med rødt.

Læg en frisk HijackThis log herind når du har gjort det.

Logfile of HijackThis v1.98.0
Scan saved at 21:13:43, on 09-08-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/LEXBCES.EXE
C:/WINDOWS/system32/spoolsv.exe
C:/Programmer/Fælles filer/Symantec Shared/ccEvtMgr.exe
C:/WINDOWS/system32/LEXPPS.EXE
C:/WINDOWS/Explorer.EXE
C:/WINDOWS/system32/dla/tfswctrl.exe
C:/Programmer/Dell/Media Experience/PCMService.exe
C:/WINDOWS/System32/DSentry.exe
C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe
C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
C:/Programmer/MusicMatch/MusicMatch Jukebox/mm_tray.exe
C:/Programmer/NuCam Corp/CamCheck/CamCheck.exe
C:/Programmer/QuickTime/qttask.exe
C:/Programmer/Lexmark X1100 Series/lxbkbmgr.exe
C:/Programmer/Lexmark X1100 Series/lxbkbmon.exe
C:/WINDOWS/System32/RUNDLL32.EXE
C:/Programmer/SpywareGuard/sgmain.exe
C:/Programmer/SpywareGuard/sgbhp.exe
C:/WINDOWS/twain_32/SiPix/SCBlink2/Srvany.exe
C:/Programmer/Norton AntiVirus/navapsvc.exe
C:/WINDOWS/twain_32/SiPix/SCBlink2/USBPNP.exe
C:/WINDOWS/System32/nvsvc32.exe
C:/WINDOWS/System32/svchost.exe
C:/Programmer/Messenger/msmsgs.exe
C:/Temp/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.jubii.dk/
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.euro.dell.com/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:/Programmer/SpywareGuard/dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Programmer/Spybot - Search & Destroy/SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:/WINDOWS/system32/dla/tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Programmer/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Programmer/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:/WINDOWS/Downloaded Program Files/googlenav.dll
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [dla] C:/WINDOWS/system32/dla/tfswctrl.exe
O4 - HKLM/../Run: [PCMService] “C:/Programmer/Dell/Media Experience/PCMService.exe”
O4 - HKLM/../Run: [DVDSentry] C:/WINDOWS/System32/DSentry.exe
O4 - HKLM/../Run: [ccApp] “C:/Programmer/Fælles filer/Symantec Shared/ccApp.exe”
O4 - HKLM/../Run: [ccRegVfy] “C:/Programmer/Fælles filer/Symantec Shared/ccRegVfy.exe”
O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
O4 - HKLM/../Run: [MMTray] C:/Programmer/MusicMatch/MusicMatch Jukebox/mm_tray.exe
O4 - HKLM/../Run: [CamCheck] C:/Programmer/NuCam Corp./CamCheck/CamCheck.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Programmer/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [Lexmark X1100 Series] “C:/Programmer/Lexmark X1100 Series/lxbkbmgr.exe”
O4 - HKLM/../Run: [NeroCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NvMcTray.dll,NvTaskbarInit
O4 - HKCU/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: SpywareGuard.lnk = C:/Programmer/SpywareGuard/sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:/Programmer/Logitech/Desktop Messenger/8876480/Program/LDMConf.exe
O8 - Extra context menu item: &Google; Search - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links; - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed; Snapshot of Page - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:/PROGRA~1/MICROS~3/OFFICE11/EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar; Pages - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/System32/msjava.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:/WINDOWS/System32/msjava.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/PROGRA~1/MICROS~3/OFFICE11/REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Programmer/Messenger/MSMSGS.EXE
O12 - Plugin for .spop: C:/Programmer/Internet Explorer/Plugins/NPDocBox.dll
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab

Det ser ud til, at det lykkedes - din log er ren Du skal lige åbne din hosts fil, som nu hedder hosts.bak. Brug Notesblok/Notepad til at åbne den med. Kopier indholdet herind, så vi kan se om du kan “døbe den tilbage”.

Jeg takker mange gange, jeg smider kopien ind en af dagene, da jeg er væk fra min egen PC et par dage…

Men endnu engang mange tak

Martin