Logfile of HijackThis v1.98.2 Scan saved at 21:06:59, on 11-10-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:ProgrammerFælles filerSymantec SharedccSetMgr.exe C:ProgrammerFælles filerSymantec SharedSNDSrvc.exe C:ProgrammerFælles filerSymantec SharedSPBBCSPBBCSvc.exe C:WINDOWSSystem32hphmon04.exe C:ProgrammerHewlett-PackardHP Share-to-Webhpgs2wnd.exe C:ProgrammerFælles filerSymantec SharedccEvtMgr.exe C:ProgrammerHewlett-PackardHP Share-to-Webhpgs2wnf.exe C:ProgrammerISTsvcistsvc.exe C:Program FilesInternet Optimizeroptimize.exe C:WINDOWSSystem32opiiyug.exe C:Program FilesWindows SyncroAdSyncroAd.exe C: empmsbb.exe C:Program FilesInternet Optimizeractalert.exe C:WINDOWSSystem32crsss.exe C:ProgrammerFælles filerSymantec SharedccApp.exe C:ProgrammerMessengermsmsgs.exe C:Documents and SettingsKroneApplication Datauoas.exe C:ProgrammerDeluxPS2 Keyboard English Edition 2.0kb_2k.exe C:WINDOWSsystem32spoolsv.exe C:ProgrammerNorton AntiVirus avapsvc.exe C:ProgrammerNorton AntiVirusIWPNPFMntor.exe C:ProgrammerFælles filerSymantec SharedCCPD-LCsymlcsvc.exe C:ProgrammerWeb_RebatesWebRebates1.exe C:ProgrammerWeb_RebatesWebRebates0.exe c:v3.exe C:ProgrammerInternet Exploreriexplore.exe C:WINDOWSSystem32HPHipm11.exe C:Documents and SettingsKroneSkrivebordHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.couldnotfind.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.couldnotfind.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.slotch.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.couldnotfind.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.jubii.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:WINDOWS em219.dll (file missing) O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:WINDOWSlocalNRD.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll (file missing) O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:WINDOWSwsem302.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammerNorton AntiVirusNavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:ProgrammerISTbaristbar.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton AntiVirusNavShExt.dll O4 - HKLM..Run: [SmcService] C:PROGRA~1SygateSPFSmc.exe -startgui O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb07.exe O4 - HKLM..Run: [HPHmon04] C:WINDOWSSystem32hphmon04.exe O4 - HKLM..Run: [HPHUPD04] "C:ProgrammerHP Photosmart 11hphinstallUniPatchhphupd04.exe" O4 - HKLM..Run: [Share-to-Web Namespace Daemon] C:ProgrammerHewlett-PackardHP Share-to-Webhpgs2wnd.exe O4 - HKLM..Run: [Microsoft Update] mupdate.exe O4 - HKLM..Run: [EFAD6055] C:WINDOWSSystem32wfbswjbfallxu.exe O4 - HKLM..Run: [ImInstaller] C:DOCUME~1KroneLOKALE~1TempImInstallerIncrediMailimloader.exe -product IncrediMail O4 - HKLM..Run: [Micro Update] dailin.exe O4 - HKLM..Run: [IST Service] C:ProgrammerISTsvcistsvc.exe O4 - HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe" O4 - HKLM..Run: [txdaevoqp] C:WINDOWSSystem32opiiyug.exe O4 - HKLM..Run: [conscorr] C:WINDOWSconscorr.exe O4 - HKLM..Run: [Windows SyncroAd] C:Program FilesWindows SyncroAdSyncroAd.exe O4 - HKLM..Run: [msbb] c: empmsbb.exe O4 - HKLM..Run: [gvgdax] C:WINDOWSgvgdax.exe O4 - HKLM..Run: [WebRebates0] "C:ProgrammerWeb_RebatesWebRebates0.exe" O4 - HKLM..Run: [Windows media service] crsss.exe O4 - HKLM..Run: [ccApp] "C:ProgrammerFælles filerSymantec SharedccApp.exe" O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe O4 - HKLM..Run: [SSC_UserPrompt] C:ProgrammerFælles filerSymantec SharedSecurity CenterUsrPrmpt.exe O4 - HKLM..RunServices: [Microsoft Update] mupdate.exe O4 - HKLM..RunServices: [5B52AC69] C:WINDOWSSystem32wfbswjbfallxu.exe O4 - HKLM..RunServices: [Micro Update] dailin.exe O4 - HKLM..RunServices: [Windows media service] crsss.exe O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengermsmsgs.exe" /background O4 - HKCU..Run: [Microsoft Update] mupdate.exe O4 - HKCU..Run: [Micro Update] dailin.exe O4 - HKCU..Run: [Ohta] C:Documents and SettingsKroneApplication Datauoas.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O4 - Global Startup: PS2 Keyboard English Edition 2.0.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O8 - Extra context menu item: Web Rebates - file://C:ProgrammerWeb_RebatesSy1150Tp1150scri1150a.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com[...] O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com[...] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com[...] O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com[...] O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com[...] O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...] O17 - HKLMSystemCCSServicesTcpip..{C463375B-A564-4CD8-95E8-8845D585BE9F}: NameServer = 193.162.153.164 194.239.134.83
--
ASUS P4PE, Celeron 2000, GeForce 4 TI4200, 3 x 80 GB HD 7200 RPM, 1024 DDR2700. DVD+CD rom

Hej Igen Jeg poster lige en nu log, hvor jeg har fjernet det mest åbenbare. Håber der er en der kan fortælle mig om jeg har gjort det rigtigt. Logfile of HijackThis v1.98.2 Scan saved at 21:25:46, on 11-10-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:ProgrammerFælles filerSymantec SharedccSetMgr.exe C:ProgrammerFælles filerSymantec SharedSNDSrvc.exe C:ProgrammerFælles filerSymantec SharedSPBBCSPBBCSvc.exe C:WINDOWSSystem32hphmon04.exe C:ProgrammerHewlett-PackardHP Share-to-Webhpgs2wnd.exe C:ProgrammerFælles filerSymantec SharedccEvtMgr.exe C:ProgrammerHewlett-PackardHP Share-to-Webhpgs2wnf.exe C:ProgrammerISTsvcistsvc.exe C:Program FilesInternet Optimizeroptimize.exe C:WINDOWSSystem32opiiyug.exe C:Program FilesWindows SyncroAdSyncroAd.exe C: empmsbb.exe C:Program FilesInternet Optimizeractalert.exe C:WINDOWSSystem32crsss.exe C:ProgrammerFælles filerSymantec SharedccApp.exe C:ProgrammerMessengermsmsgs.exe C:Documents and SettingsKroneApplication Datauoas.exe C:ProgrammerDeluxPS2 Keyboard English Edition 2.0kb_2k.exe C:WINDOWSsystem32spoolsv.exe C:ProgrammerNorton AntiVirus avapsvc.exe C:ProgrammerNorton AntiVirusIWPNPFMntor.exe C:ProgrammerFælles filerSymantec SharedCCPD-LCsymlcsvc.exe C:ProgrammerInternet Exploreriexplore.exe C:WINDOWSSystem32HPHipm11.exe C:ProgrammerWeb_RebatesWebRebates1.exe C:ProgrammerWeb_RebatesWebRebates0.exe C:ProgrammerInternet Exploreriexplore.exe C:WINDOWSSystem32wuauclt.exe C:WINDOWSSystem32wuauclt.exe C:Documents and SettingsKroneSkrivebordHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.jubii.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:WINDOWS em219.dll (file missing) O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:WINDOWSlocalNRD.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll (file missing) O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:WINDOWSwsem302.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammerNorton AntiVirusNavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:ProgrammerISTbaristbar.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton AntiVirusNavShExt.dll O4 - HKLM..Run: [SmcService] C:PROGRA~1SygateSPFSmc.exe -startgui O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb07.exe O4 - HKLM..Run: [HPHmon04] C:WINDOWSSystem32hphmon04.exe O4 - HKLM..Run: [HPHUPD04] "C:ProgrammerHP Photosmart 11hphinstallUniPatchhphupd04.exe" O4 - HKLM..Run: [Share-to-Web Namespace Daemon] C:ProgrammerHewlett-PackardHP Share-to-Webhpgs2wnd.exe O4 - HKLM..Run: [Microsoft Update] mupdate.exe O4 - HKLM..Run: [EFAD6055] C:WINDOWSSystem32wfbswjbfallxu.exe O4 - HKLM..Run: [ImInstaller] C:DOCUME~1KroneLOKALE~1TempImInstallerIncrediMailimloader.exe -product IncrediMail O4 - HKLM..Run: [Micro Update] dailin.exe O4 - HKLM..Run: [IST Service] C:ProgrammerISTsvcistsvc.exe O4 - HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe" O4 - HKLM..Run: [txdaevoqp] C:WINDOWSSystem32opiiyug.exe O4 - HKLM..Run: [conscorr] C:WINDOWSconscorr.exe O4 - HKLM..Run: [Windows SyncroAd] C:Program FilesWindows SyncroAdSyncroAd.exe O4 - HKLM..Run: [msbb] c: empmsbb.exe O4 - HKLM..Run: [gvgdax] C:WINDOWSgvgdax.exe O4 - HKLM..Run: [Windows media service] crsss.exe O4 - HKLM..Run: [ccApp] "C:ProgrammerFælles filerSymantec SharedccApp.exe" O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe O4 - HKLM..Run: [SSC_UserPrompt] C:ProgrammerFælles filerSymantec SharedSecurity CenterUsrPrmpt.exe O4 - HKLM..Run: [WebRebates0] "C:ProgrammerWeb_RebatesWebRebates0.exe" O4 - HKLM..RunServices: [Microsoft Update] mupdate.exe O4 - HKLM..RunServices: [5B52AC69] C:WINDOWSSystem32wfbswjbfallxu.exe O4 - HKLM..RunServices: [Micro Update] dailin.exe O4 - HKLM..RunServices: [Windows media service] crsss.exe O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengermsmsgs.exe" /background O4 - HKCU..Run: [Microsoft Update] mupdate.exe O4 - HKCU..Run: [Micro Update] dailin.exe O4 - HKCU..Run: [Ohta] C:Documents and SettingsKroneApplication Datauoas.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O4 - Global Startup: PS2 Keyboard English Edition 2.0.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com[...] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com[...] O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com[...] O17 - HKLMSystemCCSServicesTcpip..{C463375B-A564-4CD8-95E8-8845D585BE9F}: NameServer = 193.162.153.164 194.239.134.83
--
ASUS P4PE, Celeron 2000, GeForce 4 TI4200, 3 x 80 GB HD 7200 RPM, 1024 DDR2700. DVD+CD rom

Hejsa, Der er et par småting som lige skal fixes. Start med at deaktivere systemgendannelse. Højreklik på "Denne Computer" på skrivebordet, vælg egenskaber og fanebladet "Systemgendannelse" og sæt flueben i "Deaktiver systemgendannelse". Klik ok og genstart. Kør en ny scanning med HJT og sæt flueben ved disse: R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.jubii.dk[...] R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:WINDOWSnem219.dll (file missing) O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:WINDOWSlocalNRD.dll O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll (file missing) O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:WINDOWSwsem302.dll O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:ProgrammerISTbaristbar.dll (file missing) O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [Microsoft Update] mupdate.exe O4 - HKLM..Run: [EFAD6055] C:WINDOWSSystem32wfbswjbfallxu.exe O4 - HKLM..Run: [Micro Update] dailin.exe O4 - HKLM..Run: [IST Service] C:ProgrammerISTsvcistsvc.exe O4 - HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe" O4 - HKLM..Run: [txdaevoqp] C:WINDOWSSystem32opiiyug.exe O4 - HKLM..Run: [conscorr] C:WINDOWSconscorr.exe O4 - HKLM..Run: [Windows SyncroAd] C:Program FilesWindows SyncroAdSyncroAd.exe O4 - HKLM..Run: [msbb] c:tempmsbb.exe O4 - HKLM..Run: [gvgdax] C:WINDOWSgvgdax.exe O4 - HKLM..Run: [Windows media service] crsss.exe O4 - HKLM..Run: [WebRebates0] "C:ProgrammerWeb_RebatesWebRebates0.exe" O4 - HKLM..RunServices: [Microsoft Update] mupdate.exe O4 - HKLM..RunServices: [5B52AC69] C:WINDOWSSystem32wfbswjbfallxu.exe O4 - HKLM..RunServices: [Micro Update] dailin.exe O4 - HKLM..RunServices: [Windows media service] crsss.exe O4 - HKCU..Run: [Microsoft Update] mupdate.exe O4 - HKCU..Run: [Micro Update] dailin.exe O4 - HKCU..Run: [Ohta] C:Documents and SettingsKroneApplication Datauoas.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com[...] Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart i fejlsikret tilstand (tryk F8 efter POST skærmen). Find og slet disse filer & mapper (husk at ændre mappeindstillinger så du kan se skjulte filer samt systemfiler): C:\WINDOWS\localNRD.dll C:\WINDOWS\wsem302.dll C:\Programmer\ISTbar\ C:\WINDOWS\System32\wfbswjbfallxu.exe C:\Programmer\ISTsvc\ C:\Program Files\Internet Optimizer\ C:\WINDOWS\System32\opiiyug.exe C:\WINDOWS\conscorr.exe C:\WINDOWS\System32\crsss.exe C:\Program Files\Windows SyncroAd\ c:\temp\msbb.exe C:\WINDOWS\gvgdax.exe C:\Programmer\Web_Rebates\ C:\Documents and Settings\Krone\Application Data\uoas.exe C:\WINDOWS\System32\mupdate.exe C:\WINDOWS\System32\dailin.exe Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]

Mange tak for hjælpen. Jeg har ikke mulighed for at poste en log lige med det samme, men jeg er sikker på at det virker. Det plejer det jo at gøre når du har haft fingerene i det. Wessler
--
ASUS P4PE, Celeron 2000, GeForce 4 TI4200, 3 x 80 GB HD 7200 RPM, 1024 DDR2700. DVD+CD rom