---

Jeg, blandt mange, har en seach-bar i toppen af mit browser-vindue... Det er mildest talt pisse-irriterende.

Hvordan fjerner jeg det totalt?

Plus det er "WeatherCast"-software.

---

Hent Spybot og Hijackthis her : http://www.arlet.dk/spybothjt.htm

---

Er det nok at køre et spy-ware-cleaner program?

---

nej, derefter skal vi igang med hijackthis, som vi fjerner den searchbar med.

spybot renser bare lidt ud, så hijackthis loggen ikke bliver så lang

---

Arlet, jeg kan på stien, og navnene hvad det er jeg skal slette.

Jeg er erfaren bruger, så jeg går bare igang selv.. Tak for det..

---

            

---

Ok, det bestemmer du selv..

Men husk!!! En forkert fil og det kan betyde format c:

---

Jeps, jeg ved det... Kender godt selv programmet... Ved ikke hvorfor jeg ikke havde tænkt på det...

Men fortæl mig:O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

Det er den man bruger som "software" til MSN-chat på deres hjemmesider... Kan jeg slette den, så den automatisk geninstallere, som den ville hvis jeg ikke havde haft det før?

---

Logfile of HijackThis v1.97.7
Scan saved at 20:06:14, on 06-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
H:\Programmer\Logitech\SetPoint\KEM.exe
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\FLAW32~1\scrtrayexit.exe
C:\Programmer\QuickTime\qttask.exe
H:\Programmer\AnalogX\Capture\capture.exe
H:\Programmer\BullGuard\bdmcon.exe
H:\Programmer\BullGuard\bgnewsag.exe
C:\WINDOWS\System32\ctfmon.exe
H:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\WeatherCast\Weather.exe
C:\Programmer\Messenger\msmsgs.exe
H:\Programmer\UnH Solutions\Easy Go Back\EasyGoBack.exe
H:\PROGRAMMER\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Programmer\Fælles filer\BullGuard\BullGuard Scan Server\bdss.exe
C:\WINDOWS\system32\taskmgr.exe
H:\Programmer\BullGuard\vsserv.exe
H:\Programmer\Logitech\SetPoint\MediaPlayerMgr.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
H:\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://heroes.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - H:\Programmer\FTP\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {9D7B26FA-CDC5-FAA6-537C-D308AD230255} - C:\PROGRA~1\HIDERE~1\burn slow.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Noun error mpeg - {D8BBD97C-7328-2751-4055-68EB1D88B591} - C:\PROGRA~1\HIDERE~1\burn slow.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Programmer\Creative\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\PROGRA~1\Creative\SPLASH~1\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [SecureShield] "C:\Programmer\Secure Shield\run.bat" "C:\Programmer\Secure Shield"
O4 - HKLM\..\Run: [KEM] H:\Programmer\Logitech\SetPoint\KEM.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [TeamView] C:\PROGRA~1\FLAW32~1\scrtrayexit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Screenshot] H:\Programmer\AnalogX\Capture\capture.exe
O4 - HKLM\..\Run: [Overnet] C:\Programmer\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [BDMCon] H:\Programmer\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [BGNewsAgent] H:\Programmer\BullGuard\bgnewsag.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] H:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EasyGoBack] "H:\Programmer\UnH Solutions\Easy Go Back\EasyGoBack.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Genvej til taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Adgang for alle fjernbetjening (HKLM)
O9 - Extra 'Tools' menuitem: Adgang for alle fjernbetjening (HKLM)
O9 - Extra button: @btrez.dll,-4015 (HKLM)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37994.3799189815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?314
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FDD45E53-99AC-48D1-839A-AB4B79BD8A59} (UniqueClientKey.UniqueKey) - http://www.aknightsgame.dk/UniqueClientKey.CAB



Den search bar er der stadig´...

---

C:\Programmer\WeatherCast\Weather.exe
O3 - Toolbar: Noun error mpeg - {D8BBD97C-7328-2751-4055-68EB1D88B591} - C:\PROGRA~1\HIDERE~1\burn slow.dll

Det må være de 2

---

Men den øverste er en running process...

---

Flyt først filen Hijackthis til en mappe oprettet kun til den.

Du skal nu til at i gang med at fixe:

Deaktiver systemgendannelse:
http://www.arlet.dk/systemgendannelsen.htm

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.



O2 - BHO: (no name) - {9D7B26FA-CDC5-FAA6-537C-D308AD230255} - C:\PROGRA~1\HIDERE~1\burn slow.dll

O3 - Toolbar: Noun error mpeg - {D8BBD97C-7328-2751-4055-68EB1D88B591} - C:\PROGRA~1\HIDERE~1\burn slow.dll

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE


Find og slet i fejlsikret(f8 ved opstart):

C:\WINDOWS\UpdReg.EXE


Derefter genstarter du og sender en ny log herind, for at se om vi har fået den helt ren.
Først når din log er endelig godkendt, må du aktiver din systemgendannelse igen.


Den 016 kan du godt fixe, for som du siger rigtigt, så bliver den gendannet, når du skal bruge den. Det gælder for alle de 016 linjer

---

Ok, hvad er det "UpdReg" for noget?

---

Det er en reminder til noget Creative Labs, men den er under mistanke til at den lægger spy ind på computeren, derfor bliver den altid slettet

---

OK:

Logfile of HijackThis v1.97.7
Scan saved at 20:20:44, on 06-05-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Programmer\Fælles filer\BullGuard\BullGuard Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
H:\Programmer\BullGuard\vsserv.exe
H:\Programmer\Logitech\SetPoint\KEM.exe
C:\Programmer\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\FLAW32~1\scrtrayexit.exe
C:\Programmer\QuickTime\qttask.exe
H:\Programmer\AnalogX\Capture\capture.exe
H:\Programmer\BullGuard\bdmcon.exe
H:\Programmer\BullGuard\bgnewsag.exe
C:\WINDOWS\System32\ctfmon.exe
H:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programmer\Skype\Phone\Skype.exe
H:\PROGRAMMER\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\Programmer\Messenger\msmsgs.exe
H:\Programmer\UnH Solutions\Easy Go Back\EasyGoBack.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
H:\Programmer\Logitech\SetPoint\MediaPlayerMgr.exe
C:\Programmer\Internet Explorer\iexplore.exe
H:\My Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://heroes.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - H:\Programmer\FTP\WS_FTP Pro\wsbho2k0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Jet Detection] H:\Programmer\Creative\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\PROGRA~1\Creative\SPLASH~1\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [SecureShield] "C:\Programmer\Secure Shield\run.bat" "C:\Programmer\Secure Shield"
O4 - HKLM\..\Run: [KEM] H:\Programmer\Logitech\SetPoint\KEM.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [TeamView] C:\PROGRA~1\FLAW32~1\scrtrayexit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Screenshot] H:\Programmer\AnalogX\Capture\capture.exe
O4 - HKLM\..\Run: [Overnet] C:\Programmer\Overnet\eDonkey2000.exe -t
O4 - HKLM\..\Run: [BDMCon] H:\Programmer\BullGuard\\bdmcon.exe
O4 - HKLM\..\Run: [BGNewsAgent] H:\Programmer\BullGuard\bgnewsag.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] H:\Programmer\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Programmer\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EasyGoBack] "H:\Programmer\UnH Solutions\Easy Go Back\EasyGoBack.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Genvej til taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Adgang for alle fjernbetjening (HKLM)
O9 - Extra 'Tools' menuitem: Adgang for alle fjernbetjening (HKLM)
O9 - Extra button: @btrez.dll,-4015 (HKLM)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37994.3799189815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?314
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FDD45E53-99AC-48D1-839A-AB4B79BD8A59} (UniqueClientKey.UniqueKey) - http://www.aknightsgame.dk/UniqueClientKey.CAB

---

-har du en liste over filerne, eller er det udenadslære?

Bare go gammel visdom?:P

---

Så er du ren og kan aktiver din systemgendannelse igen

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

Mange af dem sidder i hovedet..
læs mere her: http://www.arlet.dk/index.htm?/tjekkehjt.htm

---

Har dem allerede....

Mange tak for hjælpen

Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.