Gå ind her og hent Spybot og Hijackthis.
Spybot: http://danborg.org/spyware/Spybot/spybotsd12.exe
Spybotopdatering: http://danborg.org/spyware/Spybot/spybotsd_includes.exe - Opdatering.
Spybotopdatering: http://danborg.org/spyware/Spybot/spybotsd_tools.exe - Opdatering.
Hijackthis: http://danborg.org/spyware/HJT/hijackthis.exe

Installer Spybot, installer opdateringerne , scan, afhjælp valgte problemer, genstart.
Derefter udpakker og kører du Hijackthis, scan, save log og kopier logfilen herind, så kigger vi på den.
Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.

Hvis du selv har slettet noget med HijackThis har du givetvis ikke fået alt med for ellers dukker yellow-pages ikke op igen

Her er så logfilen

Logfile of HijackThis v1.97.7
Scan saved at 20:36:28, on 19-02-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/System32/inetsrv/inetinfo.exe
C:/Programmer/Network Associates/Common Framework/FrameworkService.exe
C:/Programmer/Network Associates/VirusScan/Mcshield.exe
C:/WINDOWS/Explorer.EXE
C:/Programmer/Network Associates/VirusScan/VsTskMgr.exe
C:/WINDOWS/System32/nvsvc32.exe
C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
C:/Programmer/Network Associates/VirusScan/SHSTAT.EXE
C:/Programmer/Ahead/InCD/InCD.exe
C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe
C:/WINDOWS/System32/ctfmon.exe
C:/WINDOWS/System32/RUNDLL32.EXE
C:/WINDOWS/System32/olehelp.exe
C:/Programmer/Internet Explorer/iexplore.exe
C:/Documents and Settings/Datadesign/Skrivebord/HijackThis.exe

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://search.yellow-pages.ws/
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = http://yellow-pages.ws/
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://yellow-pages.ws/
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.msn.dk
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = http://search.yellow-pages.ws/
R1 - HKCU/Software/Microsoft/Internet Explorer/SearchURL,(Default) = http://yellow-pages.ws/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 6.0/Reader/ActiveX/AcroIEHelper.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [SystemTray] SysTray.Exe
O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
O4 - HKLM/../Run: [ShStatEXE] “C:/Programmer/Network Associates/VirusScan/SHSTAT.EXE” /STANDALONE
O4 - HKLM/../Run: [NeroCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [InCD] C:/Programmer/Ahead/InCD/InCD.exe
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe” -osboot
O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/System32/ctfmon.exe
O4 - HKCU/../Run: [MSMSGS] “C:/Programmer/Messenger/msmsgs.exe” /background
O4 - HKCU/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU/../Run: [olehelp] C:/WINDOWS/System32/olehelp.exe
O4 - HKCU/../Run: [defragm_check] C:/WINDOWS/System32/defragment.exe
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office/OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O9 - Extra button: Related (HKLM)
O9 - Extra ‘Tools’ menuitem: Show &Related; Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Flyt først filen Hijackthis til en mappe oprettet kun til den.

Deaktiver systemgendannelse:
http://www.spywarefri.dk/virusscannere.htm#alle

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret(Tryk <F8> under opstart) og slet filerne listet nederst.
Dobbelttjek, så alt kommer med.

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Bar = http://search.yellow-pages.ws/
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Search Page = http://yellow-pages.ws/
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://yellow-pages.ws/
R0 - HKLM/Software/Microsoft/Internet Explorer/Search,SearchAssistant = http://search.yellow-pages.ws/
R1 - HKCU/Software/Microsoft/Internet Explorer/SearchURL,(Default) = http://yellow-pages.ws/
O4 - HKLM/../Run: [TkBellExe] “C:/Programmer/Fælles filer/Real/Update_OB/realsched.exe” -osboot
O4 - HKCU/../Run: [olehelp] C:/WINDOWS/System32/olehelp.exe
O4 - Global Startup: Microsoft Office.lnk = C:/Programmer/Microsoft Office/Office/OSA9.EXE

———————————————————-
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.

———————————————————-
Slettes i fejlsikret.
C:/WINDOWS/System32/olehelp.exe << filen.
———————————————————-
Du skal også lige hente og installere programmet Ad-aware. Opdater det straks efter installationen, og inden du kører en scanning med denne. Fjern alt hvad den finder. Programmet samt brugervejledning på dansk finder du her: http://www.spywarefri.dk/vaerktoj.htm#adaware

Genstart og kom med en ny logfil, så jeg kan se om alt er med.

Her er så den nye logfil

Logfile of HijackThis v1.97.7
Scan saved at 17:14:14, on 20-02-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/System32/inetsrv/inetinfo.exe
C:/Programmer/Network Associates/Common Framework/FrameworkService.exe
C:/Programmer/Network Associates/VirusScan/Mcshield.exe
C:/WINDOWS/Explorer.EXE
C:/Programmer/Network Associates/VirusScan/VsTskMgr.exe
C:/WINDOWS/System32/nvsvc32.exe
C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
C:/Programmer/Network Associates/VirusScan/SHSTAT.EXE
C:/Programmer/Ahead/InCD/InCD.exe
C:/WINDOWS/System32/ctfmon.exe
C:/WINDOWS/System32/RUNDLL32.EXE
C:/Documents and Settings/Datadesign/Skrivebord/HijackThis.exe

R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = http://www.msn.dk
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Programmer/Adobe/Acrobat 6.0/Reader/ActiveX/AcroIEHelper.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O4 - HKLM/../Run: [SystemTray] SysTray.Exe
O4 - HKLM/../Run: [EM_EXEC] C:/PROGRA~1/Logitech/MOUSEW~1/SYSTEM/EM_EXEC.EXE
O4 - HKLM/../Run: [ShStatEXE] “C:/Programmer/Network Associates/VirusScan/SHSTAT.EXE” /STANDALONE
O4 - HKLM/../Run: [NeroCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [InCD] C:/Programmer/Ahead/InCD/InCD.exe
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/System32/ctfmon.exe
O4 - HKCU/../Run: [MSMSGS] “C:/Programmer/Messenger/msmsgs.exe” /background
O4 - HKCU/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU/../Run: [defragm_check] C:/WINDOWS/System32/defragment.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O9 - Extra button: Related (HKLM)
O9 - Extra ‘Tools’ menuitem: Show &Related; Links (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Din log er ren nu, for at holde den ren har vi lavet en pakke du kan kigge lidt på.
http://www.spywarefri.dk/pakken.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Mvh:
Fromsej/Team Spywarefri.

Takker meget