---

Hej Alle.

Jeg er ved at hjælpe en kammerat med at få hans computer på ret køl igen. Nogen (Arlet?) der vil løbe denne HijackThis logfile igennem, og fortælle mig hvad der skal slettes:



Logfile of HijackThis v1.96.4
Scan saved at 18:00:25, on 13-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\program files\altnet\points manager\points manager.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\SM1BG.EXE
C:\Programmer\Common files\updmgr\updmgr.exe
C:\Programmer\DIGStream\digstream.exe
C:\windows\system32\sncntr.exe
C:\WINDOWS\hz7mX938.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Programmer\ISTsvc\istsvc.exe
C:\Program Files\GMSoft\Dialers\EasyDates_dk\EasyDates_dk.exe
C:\WINDOWS\System32\SahAgent.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
C:\docume~1\lassek~1\lokale~1\temp\EYMhHf.exe
C:\docume~1\lassek~1\lokale~1\temp\Wq8q.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WHENUS~1\Search.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Lasse Kristensen\Application Data\tacw.exe
C:\WINDOWS\System32\wintsvtr.exe
C:\Programmer\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\AzhHb.exe
C:\WINDOWS\System32\Sxu5.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lasse Kristensen\Dokumenter\Modtagne filer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50094
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50094
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {55B75BC0-930E-4149-9571-83F45E5FEB11} - C:\WINDOWS\x99Qs0KN.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\FÆLLES~1\WinTools\btiein.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem217.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: URSEARCH Toolbar. Release 2. - {92F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Programmer\ursearch\ursearch.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [websx] C:\Programmer\websx\int339890.exe -auto
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [QTXUWAGJT] C:\WINDOWS\QTXUWAGJT.exe
O4 - HKLM\..\Run: [DIGStream] C:\Programmer\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Hot_nl] C:\Program Files\GMSoft\Dialers\Hot_nl\Hot_nl.exe /dontdial
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [tChW8FkNJ] C:\WINDOWS\hz7mX938.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [EasyDates_dk] C:\Program Files\GMSoft\Dialers\EasyDates_dk\EasyDates_dk.exe /dontdial
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [buxerkf] C:\WINDOWS\buxerkf.exe
O4 - HKLM\..\Run: [xqn] C:\WINDOWS\xqn.exe
O4 - HKLM\..\Run: [EYMhHf] C:\docume~1\lassek~1\lokale~1\temp\EYMhHf.exe
O4 - HKLM\..\Run: [Wq8q] C:\docume~1\lassek~1\lokale~1\temp\Wq8q.exe
O4 - HKLM\..\Run: [z9N0uF] C:\docume~1\lassek~1\lokale~1\temp\z9N0uF.exe
O4 - HKLM\..\Run: [updater] C:\Programmer\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [3BCPN8@3JPYCDM] C:\WINDOWS\System32\Xdj7.exe
O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyDVDPlayer] "C:\Programmer\EasyDVD\EasyDVD.EXE /min"
O4 - HKCU\..\Run: [Smra] C:\Documents and Settings\Lasse Kristensen\Application Data\tacw.exe
O4 - HKCU\..\Run: [WCPT] C:\WINDOWS\System32\wintsvtr.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DVD@ccess.lnk = ?
O8 - Extra context menu item: &search with URSEARCH Toolbar - res://C:\Programmer\ursearch\ursearch.dll/SEARCH.HTML
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Nordea Online investering - https://www.onlineinvestering.nordea.dk/oiclient.nsf/files/client/$FILE/oiclient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} (limmyloding.limmyform) - http://bins.roings.com/mp3.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.0417708333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab




den ser slem ud i mine øjne, men jeg er jo ikke prof

Mvh Niels

---

Løber den igennem

---

Tøm denne temp mappe -> C:\docume~1\lassek~1\lokale~1\temp

gå i tilføj/fjern og slet p2p

Hent og kør CWSHredder herfra: http://www.arlet.dk/special.htm
genstart og ny hijackthis log

---

Det lyder rigtig godt Arlet, du er virkelig til stor hjælp!
Tak!

---

Min kammerat er lige til fodbold, og sidder ved min egen pc, så det bliver lidt svært at viderebringe opgaven før i morgen..

Jeg bad ham tidligere køre SpyBot, som vidstnok fjernede en del snavs... (men der er åbenbart meget mere)

CWSHredder er vel et program der sikrer at man ikke ødelægger computeren ved at slette de mange ting via hijackThis, ikke? Kan man ikke bare pille ved systemgendannelsen?

Mvh Niels

---

p2p = kazaa??

---

Cwshredder er et removal tools, der fjerner en del grimme ting, bl.a den ændrede startside..

så den skal han køre.

Hvis vi skal rense den computer helt skal kazaa væk..
Brug dette program: http://www.arlet.dk/kazaabegone.exe

Efter alt dette her, skal jeg se en ny log, for der er MEGET mere snavs i den log

---

Det siger jeg til ham!! Igen, tak for hjælpen!

Er det i orden, hvis jeg indsætter den nye log her i morgen? Eller vil du hellere have, at jeg opretter et nyt spørgsmål i morgen med den?

Mvh Niels

---

Nej, da. Vi kører igennem her i loggen.

---

i orden! Vi snakkes ved igen i morgen, når jeg har viderebragt programmerne og oplysningerne!
Tak..

---

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

ligger oxo kun og fylder...

---

Hej Arlet

Uden at vide det, har du også hjulpet mig meget. Jeg har brugt en temmelig stor del af påsken til "manuelt" at fjerne bl.a. "CoolWebSearch" samt en hel masse andet skidt, jeg pludselig havde fået.
Det lykkedes også delvist, men efter at ha' kørt

http://www.arlet.dk/special.htm

kan jeg se, at resten er fjernet. Og computeren kører helt fint/normalt igen.
Min kone er også glad, for nu er hun fri for at høre på, at jeg sidder og små-bander.Det er jeg dig meget taknemmelig for.
Jeg havde et af mine børnebørn på besøg i påsken, og da hun hørte mine eder, hun sad på mit computerværelse og spillede på en af mine andre computere,spurgte spurgte hun meget forsigtigt, (hun er 7 år) "Morfar, har du fået virus"?
Så for at jeg ikke skal nasse på NielsPT's tråd, har jeg oprettet en ny tråd, som jeg kalder "Tak til Arlet", da jeg også gerne vil give point for din besvarelse, som har hjulpet mig meget. Det er smadder irriterende, at ens søgeside hele tiden ændres, især fordi jeg i HTM har lavet min egen, med links til alt hvad min kone og jeg har brug for. Endnu engang tak, Arlet.

De venligste hilsener
Frank

---

Der er også mulighed for at få hjælp hos www.spywarefri.dk
De ser også gerne ens log igennem og hjælper med det samme hvis man er oprettet som bruger i deres forum.
Venlig hilsen Bimse

---

Hej Arlet.

Nu har min ven kørt de to programmer (SWShredder og Kazaabegone), og her er en ny HijackThis logfile:





Logfile of HijackThis v1.96.4
Scan saved at 17:52:37, on 14-04-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\program files\altnet\points manager\points manager.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\SM1BG.EXE
C:\Programmer\Common files\updmgr\updmgr.exe
C:\Programmer\DIGStream\digstream.exe
C:\windows\system32\sncntr.exe
C:\WINDOWS\hz7mX938.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Programmer\ISTsvc\istsvc.exe
C:\Program Files\GMSoft\Dialers\EasyDates_dk\EasyDates_dk.exe
C:\WINDOWS\System32\SahAgent.exe
C:\docume~1\lassek~1\lokale~1\temp\EYMhHf.exe
C:\docume~1\lassek~1\lokale~1\temp\Wq8q.exe
C:\docume~1\lassek~1\lokale~1\temp\z9N0uF.exe
C:\PROGRA~1\WHENUS~1\Search.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Lasse Kristensen\Application Data\tacw.exe
C:\WINDOWS\System32\wintsvtr.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\Sxu5.exe
C:\WINDOWS\System32\AzhHb.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Winamp\Winamp.exe
C:\Documents and Settings\Lasse Kristensen\Dokumenter\Modtagne filer\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50094
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50094
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {55B75BC0-930E-4149-9571-83F45E5FEB11} - C:\WINDOWS\x99Qs0KN.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\FÆLLES~1\WinTools\btiein.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem217.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: URSEARCH Toolbar. Release 2. - {92F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Programmer\ursearch\ursearch.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [websx] C:\Programmer\websx\int339890.exe -auto
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [QTXUWAGJT] C:\WINDOWS\QTXUWAGJT.exe
O4 - HKLM\..\Run: [DIGStream] C:\Programmer\DIGStream\digstream.exe
O4 - HKLM\..\Run: [Hot_nl] C:\Program Files\GMSoft\Dialers\Hot_nl\Hot_nl.exe /dontdial
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [tChW8FkNJ] C:\WINDOWS\hz7mX938.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programmer\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [EasyDates_dk] C:\Program Files\GMSoft\Dialers\EasyDates_dk\EasyDates_dk.exe /dontdial
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [buxerkf] C:\WINDOWS\buxerkf.exe
O4 - HKLM\..\Run: [xqn] C:\WINDOWS\xqn.exe
O4 - HKLM\..\Run: [EYMhHf] C:\docume~1\lassek~1\lokale~1\temp\EYMhHf.exe
O4 - HKLM\..\Run: [Wq8q] C:\docume~1\lassek~1\lokale~1\temp\Wq8q.exe
O4 - HKLM\..\Run: [z9N0uF] C:\docume~1\lassek~1\lokale~1\temp\z9N0uF.exe
O4 - HKLM\..\Run: [updater] C:\Programmer\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [3BCPN8@3JPYCDM] C:\WINDOWS\System32\Xdj7.exe
O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyDVDPlayer] "C:\Programmer\EasyDVD\EasyDVD.EXE /min"
O4 - HKCU\..\Run: [Smra] C:\Documents and Settings\Lasse Kristensen\Application Data\tacw.exe
O4 - HKCU\..\Run: [WCPT] C:\WINDOWS\System32\wintsvtr.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DVD@ccess.lnk = ?
O8 - Extra context menu item: &search with URSEARCH Toolbar - res://C:\Programmer\ursearch\ursearch.dll/SEARCH.HTML
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Nordea Online investering - https://www.onlineinvestering.nordea.dk/oiclient.nsf/files/client/$FILE/oiclient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} (limmyloding.limmyform) - http://bins.roings.com/mp3.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.0417708333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

---

ok, går igang med at tjekke den, men forbered ham på et chok over hvor meget snavs jeg finder.

---

Ja, kan godt selv fornemme at den er slem! Han brokkede sig også noget over en masse mærkeligt der skete på sin pc..

Jeg forbereder ham

Mange tak!

---

Øhhh, jeg fandt en lille smule...

Flyt først filen Hijackthis til en mappe oprettet kun til den.

Du skal nu til at i gang med at fixe:

Deaktiver systemgendannelse:
http://www.arlet.dk/systemgendannelsen.htm

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50094
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50094
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {55B75BC0-930E-4149-9571-83F45E5FEB11} - C:\WINDOWS\x99Qs0KN.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\FÆLLES~1\WinTools\btiein.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem217.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem214.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: URSEARCH Toolbar. Release 2. - {92F02779-6D88-4958-8AD3-83C12D86ADC7} - C:\Programmer\ursearch\ursearch.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll

O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [websx] C:\Programmer\websx\int339890.exe -auto
O4 - HKLM\..\Run: [updmgr] C:\Programmer\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [QTXUWAGJT] C:\WINDOWS\QTXUWAGJT.exe
O4 - HKLM\..\Run: [Hot_nl] C:\Program Files\GMSoft\Dialers\Hot_nl\Hot_nl.exe /dontdial
O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm
O4 - HKLM\..\Run: [tChW8FkNJ] C:\WINDOWS\hz7mX938.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IST Service] C:\Programmer\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [EasyDates_dk] C:\Program Files\GMSoft\Dialers\EasyDates_dk\EasyDates_dk.exe /dontdial
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [buxerkf] C:\WINDOWS\buxerkf.exe
O4 - HKLM\..\Run: [xqn] C:\WINDOWS\xqn.exe
O4 - HKLM\..\Run: [EYMhHf] C:\docume~1\lassek~1\lokale~1\temp\EYMhHf.exe
O4 - HKLM\..\Run: [Wq8q] C:\docume~1\lassek~1\lokale~1\temp\Wq8q.exe
O4 - HKLM\..\Run: [z9N0uF] C:\docume~1\lassek~1\lokale~1\temp\z9N0uF.exe
O4 - HKLM\..\Run: [updater] C:\Programmer\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [3BCPN8@3JPYCDM] C:\WINDOWS\System32\Xdj7.exe
O4 - HKLM\..\Run: [WhenUSearch] C:\PROGRA~1\WHENUS~1\Search.exe
O4 - HKCU\..\Run: [Smra] C:\Documents and Settings\Lasse Kristensen\Application Data\tacw.exe
O4 - HKCU\..\Run: [WCPT] C:\WINDOWS\System32\wintsvtr.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DVD@ccess.lnk = ?

O8 - Extra context menu item: &search with URSEARCH Toolbar - res://C:\Programmer\ursearch\ursearch.dll/SEARCH.HTML

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} (limmyloding.limmyform) - http://bins.roings.com/mp3.cab


--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

--------------------------------------------------------------------

Find og slet i fejlsikret(f8 ved opstart):


C:\program files\altnet <-hele mappen
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking <-hele mappen
C:\Programmer\Common files\updmgr\updmgr.exe
C:\windows\system32\sncntr.exe
C:\WINDOWS\hz7mX938.exe
C:\Program Files\Internet Optimizer <-hele mappen
C:\Programmer\ISTsvc <-hele mappen
C:\Program Files\GMSoft\Dialers <-hele mappen
C:\WINDOWS\System32\SahAgent.exe
C:\docume~1\lassek~1\lokale~1\temp\EYMhHf.exe
C:\docume~1\lassek~1\lokale~1\temp\Wq8q.exe
C:\docume~1\lassek~1\lokale~1\temp\z9N0uF.exe
C:\PROGRA~1\WHENUS~1\Search.exe
C:\Documents and Settings\Lasse Kristensen\Application Data\tacw.exe
C:\WINDOWS\System32\wintsvtr.exe
C:\PROGRA~2\Altnet <-hele mappen
C:\WINDOWS\System32\Sxu5.exe
C:\WINDOWS\System32\AzhHb.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Internet Optimizer <-hele mappen



Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må du aktiver din systemgendannelse igen.

---

tak.. Jeg sender det videre, og sender derefter en ny logfil herind!

---

En lille smule? Den her log burde da komme i Hall of Fame!

---

Mange tak for hjælpen, arlet!!
Jeg opretter lige et nyt spørgsmål en gang, med en (forhåbentlig) ren log, så du evt. lige kan eftertjekke!

Mvh Niels

Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.