Hent og opdater Ad-Aware: http://www.spywarefri.dk/vaerktoj.htm#adaware
Hent CWShredder, læg det i sin egen mappe.
http://danborg.org/spy/CWS/cwshredder.exe
Hent Aboutbuster, læg det i sin egen mappe.
http://www.atribune.org/downloads/AboutBuster.zip
Hent denne scanner:
http://www.mwti.net/antivirus/free_utilities.asp
Det er ligegyldigt hvilket af de 7 links du downloader fra.
Inde i opsætningen sætter du den til at scanne alt.

Genstart i fejlsikret tilstand. Du trykker <F8> nogle gange mens windows starter op.
Fix disse med HijackThis:

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = about:NavigationFailure
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = about:NavigationFailure
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = about:NavigationFailure
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = about:NavigationFailure
R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = about:NavigationFailure
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = about:NavigationFailure
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page_bak = about:blank
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {67EFA486-9550-40D1-8FDC-F5ECA59920BE} - C:/WINNT/system32/mnedaia.dll
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:/Programmer/Logitech/Desktop Messenger/8876480/Program/LDMConf.exe
O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:/WINNT/System32/msxword.dll (file missing)
O18 - Filter: text/html - {72E1F255-63D9-42ED-9DF4-05CAFBB7CAB5} - C:/WINNT/system32/mnedaia.dll
O18 - Filter: text/plain - {72E1F255-63D9-42ED-9DF4-05CAFBB7CAB5} - C:/WINNT/system32/mnedaia.dll

For at kunne se alle filer, følg denne vejledning:
Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.

Find og slet, stadig i fejlsikret:
C:/WINNT/system32/mnedaia.dll
C:/WINNT/System32/msxword.dll -> Den burde være væk.
msxword.* Brug start->Søg
—————————————————
Nu kører du en scanning med Ad-Aware og CWShredder og fjerner, hvad de finder.

Angående CWShredder:
Kør programmet, afbryd din internetforbindelse fysisk (stikket ud), luk alle vinduer undtaget cwshredder, klik på Fix, den scanner nu, når den er færdig, klik på Next, klik på Exit.

Så skal du lige en tur i registrerings databasen:
Start->Kør, skriv- regedit klik OK.

Klik dig frem til:
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main
Tjek om der en nøgle/tekst der hedder-About:blank, hvis ja, så slet den
Klik på - Denne Computer, i regedit vinduet, klik- rediger-søg, skriv: About:blank tryk- Enter. Slet den, tryk F3 -slet - F3 -slet indtil søgningen er færdig.
Samme fremgangsmåde med-HomeOldSP

Og slet indholdet i midlertidige internet filer-kontrolpanel-internetindstillinger-generelt-slet filer og cookies

Så slutter du af med at køre scanneren fra Kaspersky
Kør scan/clean.

Genstart.
Så bliver du nødt til at komme med en log mere til kontrol :O)

“http://www.mwti.net/antivirus/free_utilities.asp” linket virker ikke.

scanneren fra Kaspersky, hvor finder jeg den?

OK - det er linket til scanneren fra Kaspersky, der ikke virker.

Nogen forslag?

Egentlig ikke, det virker her. Har du forsøgt alle 7 links?

Så har jeg foretaget som beskrevet af FromSej i indlæget 21/09/2004 : 20:20:32.

Følgende at bemærke:
  “C:/WINNT/System32/mnedia.dll” var der ikke

  Regedit - “HomeOldSP” blev overhovedet ikke fundet.

Frisk log:

Logfile of HijackThis v1.98.2
Scan saved at 18:12:35, on 22-09-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/LEXBCES.EXE
C:/WINNT/system32/spoolsv.exe
C:/WINNT/system32/LEXPPS.EXE
C:/PROGRA~1/Grisoft/AVG6/avgserv.exe
C:/WINNT/System32/svchost.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/mspmspsv.exe
C:/WINNT/system32/BRMFRSMG.EXE
C:/WINNT/system32/svchost.exe
C:/WINNT/Explorer.EXE
C:/progra~1/scansoft/paperp~1/pptd40nt.exe
C:/Programmer/Logitech/iTouch/iTouch.exe
C:/Program Files/MUSICMATCH/MUSICMATCH Jukebox/mm_tray.exe
C:/Programmer/Logitech/MouseWare/system/em_exec.exe
C:/Programmer/Logitech/Video/LogiTray.exe
C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe
C:/WINNT/system32/internat.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/ScanSoft/PaperPort/PopUp/SmartUI.exe
C:/Programmer/Microsoft Office/Office/1030/OLFSNT40.EXE
C:/Programmer/WinZip/WZQKPICK.EXE
C:/Programmer/Microsoft Office/Office/1030/msoffice.exe
C:/WINNT/System32/LVComS.exe
C:/Programmer/ScanSoft/PaperPort/Pplinks.exe
C:/Programmer/Internet Explorer/IEXPLORE.EXE
C:/SS/Hijackthis/HijackThis.exe

R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page =
R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyOverride = localhost
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINNT/System32/msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:/Programmer/MSN Toolbar/01.01.1629.0/da/msntb.dll
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [NeroCheck] C:/WINNT/System32/NeroCheck.exe
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [PaperPort PTD] c:/progra~1/scansoft/paperp~1/pptd40nt.exe
O4 - HKLM/../Run: [SetDefPrt] C:/Programmer/Brother/BRMFLPRO/SetDefPrt.exe
O4 - HKLM/../Run: [zBrowser Launcher] C:/Programmer/Logitech/iTouch/iTouch.exe
O4 - HKLM/../Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM/../Run: [MMTray] C:/Program Files/MUSICMATCH/MUSICMATCH Jukebox/mm_tray.exe
O4 - HKLM/../Run: [LogitechVideoRepair] C:/Programmer/Logitech/Video/ISStart.exe
O4 - HKLM/../Run: [LogitechVideoTray] C:/Programmer/Logitech/Video/LogiTray.exe
O4 - HKLM/../Run: [AVG_CC] C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe /STARTUP
O4 - HKCU/../Run: [internat.exe] internat.exe
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:/Programmer/ScanSoft/PaperPort/PopUp/SmartUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office/OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:/Programmer/Microsoft Office/Office/1030/OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:/Programmer/WinZip/WZQKPICK.EXE
O12 - Plugin for .afp: C:/Programmer/Internet Explorer/PLUGINS/Npoafp32.dll
O16 - DPF: {504AD934-6BD1-11D5-97B5-400000914003} (AFPprojekt.ctlListe) - file://C:/PBS/PBSPRINT/PBSprint.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

Skulle lige prøve “søge”-knappen på tastaturet og susede lige ind på “http://super-gals.com/?id=my-teens2”.

Det er sørme meget træls. Smider lige en log til:

Logfile of HijackThis v1.98.2
Scan saved at 18:20:37, on 22-09-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/LEXBCES.EXE
C:/WINNT/system32/spoolsv.exe
C:/WINNT/system32/LEXPPS.EXE
C:/PROGRA~1/Grisoft/AVG6/avgserv.exe
C:/WINNT/System32/svchost.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/mspmspsv.exe
C:/WINNT/system32/BRMFRSMG.EXE
C:/WINNT/system32/svchost.exe
C:/WINNT/Explorer.EXE
C:/progra~1/scansoft/paperp~1/pptd40nt.exe
C:/Programmer/Logitech/iTouch/iTouch.exe
C:/Program Files/MUSICMATCH/MUSICMATCH Jukebox/mm_tray.exe
C:/Programmer/Logitech/MouseWare/system/em_exec.exe
C:/Programmer/Logitech/Video/LogiTray.exe
C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe
C:/WINNT/system32/internat.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/ScanSoft/PaperPort/PopUp/SmartUI.exe
C:/Programmer/Microsoft Office/Office/1030/OLFSNT40.EXE
C:/Programmer/WinZip/WZQKPICK.EXE
C:/Programmer/Microsoft Office/Office/1030/msoffice.exe
C:/WINNT/System32/LVComS.exe
C:/Programmer/ScanSoft/PaperPort/Pplinks.exe
C:/Programmer/Internet Explorer/IEXPLORE.EXE
C:/SS/Hijackthis/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank
R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyOverride = localhost
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {2B2B1A8D-D95B-4DB2-A0AD-ABDEAD100162} - C:/WINNT/system32/ododb.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINNT/System32/msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:/Programmer/MSN Toolbar/01.01.1629.0/da/msntb.dll
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [NeroCheck] C:/WINNT/System32/NeroCheck.exe
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [PaperPort PTD] c:/progra~1/scansoft/paperp~1/pptd40nt.exe
O4 - HKLM/../Run: [SetDefPrt] C:/Programmer/Brother/BRMFLPRO/SetDefPrt.exe
O4 - HKLM/../Run: [zBrowser Launcher] C:/Programmer/Logitech/iTouch/iTouch.exe
O4 - HKLM/../Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM/../Run: [MMTray] C:/Program Files/MUSICMATCH/MUSICMATCH Jukebox/mm_tray.exe
O4 - HKLM/../Run: [LogitechVideoRepair] C:/Programmer/Logitech/Video/ISStart.exe
O4 - HKLM/../Run: [LogitechVideoTray] C:/Programmer/Logitech/Video/LogiTray.exe
O4 - HKLM/../Run: [AVG_CC] C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe /STARTUP
O4 - HKCU/../Run: [internat.exe] internat.exe
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:/Programmer/ScanSoft/PaperPort/PopUp/SmartUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office/OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:/Programmer/Microsoft Office/Office/1030/OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:/Programmer/WinZip/WZQKPICK.EXE
O12 - Plugin for .afp: C:/Programmer/Internet Explorer/PLUGINS/Npoafp32.dll
O16 - DPF: {504AD934-6BD1-11D5-97B5-400000914003} (AFPprojekt.ctlListe) - file://C:/PBS/PBSPRINT/PBSprint.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}
O18 - Filter: text/html - {42BF13B8-18DE-4610-B4CC-3B6BE342D7A3} - C:/WINNT/system32/ododb.dll
O18 - Filter: text/plain - {42BF13B8-18DE-4610-B4CC-3B6BE342D7A3} - C:/WINNT/system32/ododb.dll

Hent disse programmer:
https://beta.activeupdate.trendmicro.com/fixtool/fixagentv1.0007.zip
http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix (Samme som nedenstående)
http://www.rokop-security.de/main/download.php?op=getit&lid=59(Samme som ovenstående)
http://danborg.org/spy/CWS/cwshredder.exe
Pak zipfilerne ud i hver sin mappe.

Kør først Fixagent, derefter sphjfix.exe-filen her skal du klikke på knappen: Desinfektion starten”
Herefter skal computeren genstartes. Cleaneren starter nu automatisk for at afslutte desinfektionen.
Herefter køres CWShredder, da den lige skal fjerne en enkelt registrering, afbryd din internetforbindelse fysisk(stikket ud), deaktiver ALLE sikkerhedsprogrammer (f.eks Antivirus, Firewall, SpywareGuard mm), luk alle vinduer undtaget cwshredder, klik på Fix, den scanner nu, når den er færdig klik på Next, klik på Exit.

Prøv så en tur med Regedit.
Klik på Start - Kør skriv: regedit og klik OK.
Du får et vindue lidt ligesom stifinder.
Klik dig i venstre side frem til:

HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/Main
Tjek om der ligger en nøgle/tekst der hedder “HOMEOldSP”, gør der det slet den.
Ligger der herinde nogle filer under search page, search bar som ender på noget ..../sp. Skal du også slette dem.

Gå i rediger - ned i søg - i linjen skriver du: HOMEOldSP
Klik på find næste. Delete filen hvis den findes. Tast f3 for at finde næste (der er sikkert kun en)
Samme fremgangsmåde med søgeordet About:blank
Luk på X når du får at vide der ikke er flere filer at finde.

Du skal nu til at i gang med at fixe. Først skal du slå systemgendannelse fra. NB. Gælder kun for dem som kører med Windows XP eller ME. Der er ikke systemgendannelse i Win98 samt Win2000. Hvis du ikke ved, hvordan du gør det så kig her: http://www.spywarefri.dk/virusscannere.htm#alle

Kør en scanning med Hijackthis, så du kan se alle filer.
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked. Efter fix skal du genstarte din computer.

Det er disse, som skal fixes:

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Bar = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R1 - HKCU/Software/Microsoft/Internet Explorer/Search,SearchAssistant = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = file://C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/sp.html
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {2B2B1A8D-D95B-4DB2-A0AD-ABDEAD100162} - C:/WINNT/system32/ododb.dll
O18 - Filter: text/html - {42BF13B8-18DE-4610-B4CC-3B6BE342D7A3} - C:/WINNT/system32/ododb.dll
O18 - Filter: text/plain - {42BF13B8-18DE-4610-B4CC-3B6BE342D7A3} - C:/WINNT/system32/ododb.dll

—————————————————————————————————-
For at kunne se alle filer og mapper, så følg denne vejledning:
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.

Genstart i fejlsikret tilstand søg og slet det med fed:
C:/WINNT/system32/ododb.dll
C:/DOCUME~1/ADMINI~1/LOKALE~1/Temp/ - Tøm alt i mappen Temp, og derefter skal du tømme din papirkurv.

Husk at genaktivere dine sikkerhedsprogrammer inden du går på nettet.

Genstart, og kopier en ny log herind.

Problemet er at den fil, der laver balladen skifter navn efter en genstart.
Vi prøver lige en gang til, ellers må vi finde en anden løsning.

Jeg prøver allarede i aften.

Jeg er lidt usikker på hvormeget der skal foregå i “fejlskret tilstand”??

Foreløbig tak for hjælpen!

Kun sletning af filer i fejlsikret.

OK - så tror jeg vi fik den.

Efter 4-5 genstart virker søge-knappen stadig fint.

*Log-fil fra 1st genstart uden aktivering af IE:

Logfile of HijackThis v1.98.2
Scan saved at 21:26:00, on 22-09-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/LEXBCES.EXE
C:/WINNT/system32/spoolsv.exe
C:/WINNT/system32/LEXPPS.EXE
C:/PROGRA~1/Grisoft/AVG6/avgserv.exe
C:/WINNT/System32/svchost.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/mspmspsv.exe
C:/WINNT/system32/BRMFRSMG.EXE
C:/WINNT/system32/svchost.exe
C:/WINNT/Explorer.EXE
C:/progra~1/scansoft/paperp~1/pptd40nt.exe
C:/Programmer/Logitech/iTouch/iTouch.exe
C:/Program Files/MUSICMATCH/MUSICMATCH Jukebox/mm_tray.exe
C:/Programmer/Logitech/MouseWare/system/em_exec.exe
C:/Programmer/Logitech/Video/LogiTray.exe
C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe
C:/WINNT/system32/internat.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/ScanSoft/PaperPort/PopUp/SmartUI.exe
C:/Programmer/Microsoft Office/Office/1030/OLFSNT40.EXE
C:/Programmer/WinZip/WZQKPICK.EXE
C:/Programmer/Microsoft Office/Office/1030/msoffice.exe
C:/WINNT/System32/LVComS.exe
C:/Programmer/ScanSoft/PaperPort/Pplinks.exe
C:/SS/Hijackthis/HijackThis.exe

R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page =
R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyOverride = localhost
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINNT/System32/msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:/Programmer/MSN Toolbar/01.01.1629.0/da/msntb.dll
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [NeroCheck] C:/WINNT/System32/NeroCheck.exe
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [PaperPort PTD] c:/progra~1/scansoft/paperp~1/pptd40nt.exe
O4 - HKLM/../Run: [SetDefPrt] C:/Programmer/Brother/BRMFLPRO/SetDefPrt.exe
O4 - HKLM/../Run: [zBrowser Launcher] C:/Programmer/Logitech/iTouch/iTouch.exe
O4 - HKLM/../Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM/../Run: [MMTray] C:/Program Files/MUSICMATCH/MUSICMATCH Jukebox/mm_tray.exe
O4 - HKLM/../Run: [LogitechVideoRepair] C:/Programmer/Logitech/Video/ISStart.exe
O4 - HKLM/../Run: [LogitechVideoTray] C:/Programmer/Logitech/Video/LogiTray.exe
O4 - HKLM/../Run: [AVG_CC] C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe /STARTUP
O4 - HKCU/../Run: [internat.exe] internat.exe
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:/Programmer/ScanSoft/PaperPort/PopUp/SmartUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office/OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:/Programmer/Microsoft Office/Office/1030/OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:/Programmer/WinZip/WZQKPICK.EXE
O12 - Plugin for .afp: C:/Programmer/Internet Explorer/PLUGINS/Npoafp32.dll
O16 - DPF: {504AD934-6BD1-11D5-97B5-400000914003} (AFPprojekt.ctlListe) - file://C:/PBS/PBSPRINT/PBSprint.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

*Log-fil efter sidste genstart og efter adskillige aktiveringer af søge-knappen:

Logfile of HijackThis v1.98.2
Scan saved at 21:45:21, on 22-09-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/LEXBCES.EXE
C:/WINNT/system32/spoolsv.exe
C:/WINNT/system32/LEXPPS.EXE
C:/PROGRA~1/Grisoft/AVG6/avgserv.exe
C:/WINNT/System32/svchost.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/mspmspsv.exe
C:/WINNT/system32/BRMFRSMG.EXE
C:/WINNT/system32/svchost.exe
C:/WINNT/Explorer.EXE
C:/progra~1/scansoft/paperp~1/pptd40nt.exe
C:/Programmer/Logitech/iTouch/iTouch.exe
C:/Program Files/MUSICMATCH/MUSICMATCH Jukebox/mm_tray.exe
C:/Programmer/Logitech/Video/LogiTray.exe
C:/Programmer/Logitech/MouseWare/system/em_exec.exe
C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe
C:/WINNT/system32/internat.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/ScanSoft/PaperPort/PopUp/SmartUI.exe
C:/Programmer/Microsoft Office/Office/1030/OLFSNT40.EXE
C:/Programmer/WinZip/WZQKPICK.EXE
C:/Programmer/Microsoft Office/Office/1030/msoffice.exe
C:/WINNT/System32/LVComS.exe
C:/Programmer/ScanSoft/PaperPort/Pplinks.exe
c:/programmer/internet explorer/iexplore.exe
C:/SS/Hijackthis/HijackThis.exe

R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page =
R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyOverride = localhost
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINNT/System32/msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:/Programmer/MSN Toolbar/01.01.1629.0/da/msntb.dll
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [NeroCheck] C:/WINNT/System32/NeroCheck.exe
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [PaperPort PTD] c:/progra~1/scansoft/paperp~1/pptd40nt.exe
O4 - HKLM/../Run: [SetDefPrt] C:/Programmer/Brother/BRMFLPRO/SetDefPrt.exe
O4 - HKLM/../Run: [zBrowser Launcher] C:/Programmer/Logitech/iTouch/iTouch.exe
O4 - HKLM/../Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM/../Run: [MMTray] C:/Program Files/MUSICMATCH/MUSICMATCH Jukebox/mm_tray.exe
O4 - HKLM/../Run: [LogitechVideoRepair] C:/Programmer/Logitech/Video/ISStart.exe
O4 - HKLM/../Run: [LogitechVideoTray] C:/Programmer/Logitech/Video/LogiTray.exe
O4 - HKLM/../Run: [AVG_CC] C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe /STARTUP
O4 - HKCU/../Run: [internat.exe] internat.exe
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:/Programmer/ScanSoft/PaperPort/PopUp/SmartUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office/OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:/Programmer/Microsoft Office/Office/1030/OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:/Programmer/WinZip/WZQKPICK.EXE
O12 - Plugin for .afp: C:/Programmer/Internet Explorer/PLUGINS/Npoafp32.dll
O16 - DPF: {504AD934-6BD1-11D5-97B5-400000914003} (AFPprojekt.ctlListe) - file://C:/PBS/PBSPRINT/PBSprint.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

*end

Kunne vi lade tråden hænge til i morgen aften, så har PC’en været i brug en hel dag.

MMAANNGGEE tak for hjælpen derinde, i gør et KANON STORT stykke arbejde.

De to her skal fixes:
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Start Page =
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

Genstart, surf lidt rundt, genstart, surf.
Gentag det 4-5 gange, lav så en ny log og læg herind.
I morgen aften er fint nok, så burde det være testet igennem.

Så blev de sidste to fix’ed og testet.
Hermed en ny log:

Logfile of HijackThis v1.98.2
Scan saved at 20:26:52, on 23-09-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINNT/System32/smss.exe
C:/WINNT/system32/winlogon.exe
C:/WINNT/system32/services.exe
C:/WINNT/system32/lsass.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/LEXBCES.EXE
C:/WINNT/system32/spoolsv.exe
C:/WINNT/system32/LEXPPS.EXE
C:/PROGRA~1/Grisoft/AVG6/avgserv.exe
C:/WINNT/System32/svchost.exe
C:/WINNT/system32/regsvc.exe
C:/WINNT/system32/MSTask.exe
C:/WINNT/system32/stisvc.exe
C:/WINNT/System32/WBEM/WinMgmt.exe
C:/WINNT/System32/mspmspsv.exe
C:/WINNT/system32/svchost.exe
C:/WINNT/system32/BRMFRSMG.EXE
C:/WINNT/Explorer.EXE
C:/progra~1/scansoft/paperp~1/pptd40nt.exe
C:/Programmer/Logitech/iTouch/iTouch.exe
C:/Program Files/MUSICMATCH/MUSICMATCH Jukebox/mm_tray.exe
C:/Programmer/Logitech/Video/LogiTray.exe
C:/Programmer/Logitech/MouseWare/system/em_exec.exe
C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe
C:/WINNT/system32/internat.exe
C:/Programmer/MSN Messenger/MsnMsgr.Exe
C:/Programmer/ScanSoft/PaperPort/PopUp/SmartUI.exe
C:/Programmer/Microsoft Office/Office/1030/OLFSNT40.EXE
C:/Programmer/WinZip/WZQKPICK.EXE
C:/Programmer/Microsoft Office/Office/1030/msoffice.exe
C:/WINNT/System32/LVComS.exe
C:/Programmer/ScanSoft/PaperPort/Pplinks.exe
c:/programmer/internet explorer/iexplore.exe
C:/SS/Hijackthis/HijackThis.exe

R1 - HKCU/Software/Microsoft/Windows/CurrentVersion/Internet Settings,ProxyOverride = localhost
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINNT/System32/msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:/Programmer/MSN Toolbar/01.01.1629.0/da/msntb.dll
O4 - HKLM/../Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM/../Run: [NeroCheck] C:/WINNT/System32/NeroCheck.exe
O4 - HKLM/../Run: [LoadQM] loadqm.exe
O4 - HKLM/../Run: [PaperPort PTD] c:/progra~1/scansoft/paperp~1/pptd40nt.exe
O4 - HKLM/../Run: [SetDefPrt] C:/Programmer/Brother/BRMFLPRO/SetDefPrt.exe
O4 - HKLM/../Run: [zBrowser Launcher] C:/Programmer/Logitech/iTouch/iTouch.exe
O4 - HKLM/../Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM/../Run: [MMTray] C:/Program Files/MUSICMATCH/MUSICMATCH Jukebox/mm_tray.exe
O4 - HKLM/../Run: [LogitechVideoRepair] C:/Programmer/Logitech/Video/ISStart.exe
O4 - HKLM/../Run: [LogitechVideoTray] C:/Programmer/Logitech/Video/LogiTray.exe
O4 - HKLM/../Run: [AVG_CC] C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe /STARTUP
O4 - HKCU/../Run: [internat.exe] internat.exe
O4 - HKCU/../Run: [msnmsgr] “C:/Programmer/MSN Messenger/MsnMsgr.Exe” /background
O4 - Global Startup: Brother SmartUI PopUp.lnk = C:/Programmer/ScanSoft/PaperPort/PopUp/SmartUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office/OSA9.EXE
O4 - Global Startup: Symantec WinFax Starter Port.lnk = C:/Programmer/Microsoft Office/Office/1030/OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:/Programmer/WinZip/WZQKPICK.EXE
O12 - Plugin for .afp: C:/Programmer/Internet Explorer/PLUGINS/Npoafp32.dll
O16 - DPF: {504AD934-6BD1-11D5-97B5-400000914003} (AFPprojekt.ctlListe) - file://C:/PBS/PBSPRINT/PBSprint.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Systemet ser ud til at være ok.
Er der ikke noget med at i henviser til “....................../pakken” for at holde sig “ren” fremover?

igen tak for hjælpen. Der er lidt på vej til jer.

Velbekomme, du får lige link til beskyttelsespakken.
Jeg siger tak for at du vil støtte os, det er med til at holde os kørende.

Så er din log ren.
For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/pakken.htm
http://fromsej.dk/html/avoid.html
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Mvh:
Fromsej/Team Spywarefri.

“pakken” bliver effektiveret meget snart.
Håber ikke jeg må vende tilbage, men DE venter jo derude.

Hold jer muntre….

Hej Sunner

Tak du må også holde dig munter - ja men. så håber vi da at vi ikke ser dig igen.

Lukker tråden, får du brug for os, så vender du bare tilbage i en ny tråd.