Hijack og Spyware scan log. har en masse roderi

Jooo - der RE (stadig) Uønskede elementer i dit system...

---------------------------------------------------------------------

Hent denne engangsscanner:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Dr.Web (Gem programmet på skrivebordet, så du let kan finde det til senere brug)

Hvis din firewall blokerer for ftp adresser, kan du hente programmet her:
http://spywareinfo.dk/download/drweb-cureit.exe
(Du skal ikke aktivere den endnu)
---------------------------------------------------------------------

Hent AVG Antispyware http://www.spywarefri.dk/downloads1/avgas-setup-7.5.0.47.exe
Manual til Ewido http://www.spywarefri.dk/manualer/ewido-manual.htm AVG Antispyware hed tidligere Ewido. Du kan stadig bruge denne manual, men vi får snart tilpasset en ny manual til programmet.

Opdater straks efter installationen programmet. Lad være med at slette noget med AVG Antispyware fra normal tilstand. Vent til du kommer i fejlsikret tilstand. Du kan evt. højreklikke på ikonet E nede ved uret, og klikke på shutdown guard, så er du sikker på, at programmet venter med at fjerne snavs, til du er i fejlsikret tilstand.

---------------------------------------------------------------------

Tøm dine TEMP mapper:
Hent den lille batfil, dobbeltklik på filen, og der går et split sek. Så er temp renset.
www.spywareinfo.dk/download/cleantempxp2k.bat

---------------------------------------------------------------------

Genstart i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm
---------------------------------------------------------------------

Kør en fuld scanning med AVG Antispyware, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.
Programmet opretter en lille log, som du skal kopiere herind i dit næste svar.
---------------------------------------------------------------------

DrWeb - Dobbeltklik på cureit exe filen laver den en kort startup/express scan.
Lad den fixe hvad den finder (Say Yes to all)
Derefter skal du klikke på Options -> Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Move.
Fjern flueben ved - Prompt on action.
Ved Move Path sletter du hvad der står, og skriver: c:\infected
Tryk på Anvend og derefter på OK.

Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.
Tryk så på den grønne pil nederst  til højre, så scanner den, og fixer problemerne.

Når scanningen er færdig, gå op i file - Tryk på - Save Report list.
Så ligger der en en fil der her hedder drweb.csv (åbnes med Notebook/Notepad) - på skrivebordet.
Luk Programmet
---------------------------------------------------------------------

Efter genstart -

Kopier loggen fra AVG Antispyware/Ewido og loggen fra DrWeb (drweb.csv) herind i tråden sammen med en frisk Log fra HiJackThis...

okie, gør det imorgen tidlig, håber du har tid da til at kigge på nye logs :-) på forhånd tak

(Fortsat fra http://www.eksperten.dk/spm/758686 !!!)

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    16:44:35 29-01-2007

+ Scan result:   



C:\Programmer\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Cleaned.
C:\Programmer\Common Files\Companion Wizard\compwiz.exe -> Adware.Companion : Cleaned.
C:\Programmer\Fælles filer\WinAntiVirus Pro 2006\WapCHK.dll -> Adware.Companion : Cleaned.
HKU\S-1-5-21-790525478-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-790525478-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-790525478-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} -> Adware.MWSearch : Cleaned.
HKU\S-1-5-21-790525478-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} -> Adware.MWSearch : Cleaned.
HKU\S-1-5-21-790525478-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F65B197F-8260-4D52-909A-F70118E646EB} -> Adware.MWSearch : Cleaned.
C:\System Volume Information\_restore{DE9D805C-2F38-4A7E-A648-660BA4EA0496}\RP213\A0038122.dll -> Adware.PurityScan : Cleaned.
C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned.
[1028] C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned.
[1112] C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned.
[1284] C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned.
[1300] C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned.
[1396] C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned.
[236] C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned.
[816] C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned.
[868] C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned.
[880] C:\WINDOWS\system32\msconfig.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{DE9D805C-2F38-4A7E-A648-660BA4EA0496}\RP213\A0038121.dll -> Adware.Solution : Cleaned.
HKU\S-1-5-21-790525478-1454471165-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned.
C:\Documents and Settings\Jesper Hansen\Lokale indstillinger\Temporary Internet Files\Content.IE5\4TCFS3YF\YSB_DOWNLOADS_MANAGER[1].0TM -> Downloader.IstBar.j : Cleaned.
C:\Documents and Settings\Jesper Hansen\Lokale indstillinger\Temporary Internet Files\Content.IE5\EFWNYNQL\YSB_DOWNLOADS_MANAGER[1].0TM -> Downloader.IstBar.j : Cleaned.
C:\Documents and Settings\Jesper Hansen\Lokale indstillinger\Temporary Internet Files\Content.IE5\EFWNYNQL\YSB_DOWNLOADS_MANAGER[2].0TM -> Downloader.IstBar.j : Cleaned.
C:\Documents and Settings\Jesper Hansen\Lokale indstillinger\Temporary Internet Files\Content.IE5\NYRJZVDA\YSB_DOWNLOADS_MANAGER[1].0TM -> Downloader.IstBar.j : Cleaned.
C:\Documents and Settings\Jesper Hansen\Lokale indstillinger\Temporary Internet Files\Content.IE5\NYRJZVDA\YSB_DOWNLOADS_MANAGER[1].1TM -> Downloader.IstBar.j : Cleaned.
C:\Documents and Settings\Jesper Hansen\Lokale indstillinger\Temp\!UPDATE.0XE -> Downloader.PurityScan.co : Cleaned.
C:\Documents and Settings\Jesper Hansen\Lokale indstillinger\Temporary Internet Files\Content.IE5\NYRJZVDA\!update-4295[1].0000 -> Downloader.PurityScan.co : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018839.0xe -> Downloader.Small.jg : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018840.0xe -> Downloader.Small.jg : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018841.0xe -> Downloader.Small.jg : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018838.0xe -> Downloader.Small.jl : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP86\A0020014.0xe -> Downloader.Small.jl : Cleaned.
C:\Programmer\Fælles filer\fwiw\fwiwd\vocabulary -> Downloader.TSUpdate.j : Cleaned.
C:\System Volume Information\_restore{DE9D805C-2F38-4A7E-A648-660BA4EA0496}\RP213\A0038124.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.233:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.234:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.235:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.236:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.274:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.390:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.590:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.604:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.288:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.289:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.400:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.401:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.421:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.410:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.411:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.478:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.479:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.480:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.481:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.482:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.483:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.11:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.12:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.60:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.61:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.218:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.219:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.220:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.225:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.25:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.499:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.613:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.614:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.438:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.85:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.412:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.73:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.112:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.113:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.114:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.320:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.321:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.322:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.323:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.139:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.126:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.127:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.128:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.199:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.216:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.217:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.473:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.579:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Ditte Kofod\Cookies\ditte kofod@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.268:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.142:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Ditte Kofod\Cookies\ditte kofod@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.187:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.188:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.130:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.131:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.74:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.75:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.76:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.77:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.210:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.211:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.212:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.527:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.528:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.529:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.100:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.101:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.102:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.515:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.516:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.94:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.95:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.96:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.97:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.98:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.99:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.449:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.450:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.451:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.452:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.110:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.111:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.112:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.113:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.114:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.391:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.392:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.393:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.394:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.395:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.396:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.645:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.102:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.103:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.105:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.355:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.371:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Ditte Kofod\Cookies\ditte kofod@php.sales.tfag[1].txt -> TrackingCookie.Tfag : Cleaned.
:mozilla.245:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.247:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.65:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.66:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.67:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.140:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.477:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.117:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.221:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.520:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.100:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.101:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.82:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.83:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.84:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.94:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.95:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.99:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.115:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.116:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.117:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.118:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.119:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.120:C:\Documents and Settings\Jesper Hansen\Application Data\Mozilla\Firefox\Profiles\vphhvd9y.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.81:C:\Documents and Settings\Ditte Kofod\Application Data\Mozilla\Firefox\Profiles\7yyit4wh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{DE9D805C-2F38-4A7E-A648-660BA4EA0496}\RP213\A0038125.vbs -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{DE9D805C-2F38-4A7E-A648-660BA4EA0496}\RP213\A0038126.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{DE9D805C-2F38-4A7E-A648-660BA4EA0496}\RP213\A0038127.vbs -> Trojan.Small : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP77\A0018333.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018812.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018813.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018814.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018815.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018816.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018817.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018818.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018819.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018820.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018821.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018822.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018823.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018824.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018825.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018826.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018827.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018828.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018829.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018830.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018831.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018832.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018833.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018834.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018835.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018836.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018868.0xe -> Worm.Apsiv : Cleaned.
E:\System Volume Information\_restore{D4BC7865-0CAE-44F3-930B-88D68D31BCB6}\RP83\A0018867.0xe -> Worm.Tibick.d : Cleaned.


DrWeb:
fsdfwd.exe;c:\programmer\tdc kabel tv sikkerhedspakke\fwes\program;Probably BACKDOOR.Trojan;;
npclntax.dll;C:\Programmer\Mozilla Firefox\plugins;Adware.Zango;Moved.;
A0040159.dll;C:\System Volume Information\_restore{DE9D805C-2F38-4A7E-A648-660BA4EA0496}\RP214;Adware.ClickSpring;Moved.;
A0040165.dll;C:\System Volume Information\_restore{DE9D805C-2F38-4A7E-A648-660BA4EA0496}\RP214;Adware.Zango;Moved.;
__delete_on_reboot__m_s_c_o_n_f_i_g_._d_l_l_;C:\WINDOWS\system32;Adware.ClickSpring;Will be moved after reboot.;
mirc.exe;E:\Backup files\mIRC;Program.mIRC.612;;
De47.wmv;E:\RECYCLER\S-1-5-21-117609710-1708537768-839522115-1003;Trojan.DownLoader.1730;Deleted.;


Logfile of HijackThis v1.99.1
Scan saved at 18:30:46, on 29-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\FSGK32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fssm32.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FCH32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FAMEH32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsrw.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
C:\Programmer\MSI\Live Update 3\LMonitor.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\TDCKAB~1\ANTI-S~1\fsaw.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\fsguidll.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jesper Hansen\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://guilds.camelotherald.com/guilds/guild.php?s=Merlin&g=4742
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CA80AA3-FDB3-459D-8086-0EAF83D80FC1} - c:\Programmer\DetGodeProgram\DETGODEPROGRAMREMINDER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [LiveMonitor] "C:\Programmer\MSI\Live Update 3\LMonitor.exe"
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: TDC Kabel TV Sikkerhedspakke.lnk = C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra button: Klik her for at tilføje varen til din elektroniske ønskeliste. - {848C180B-F4AE-4485-A606-0EFCF00FFE2A} - c:\Programmer\DetGodeProgram\DETGODEPROGRAMREMINDER.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www4.king.com/midasa.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} (MultiUpload Class) - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www4.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jeopartyhansen.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161022979437
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{9152B106-C695-436E-9CE2-C2D7365C92EB}: NameServer = 89.150.129.4,89.150.129.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:        msconfig.dll     
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\i2nm0c51ef.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: TDC Kabel TV Sikkerhedspakke (BackWeb Plug-in - 7791805) - BackWeb Technologies Inc.                          - C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Well - der blev ædt enkelte ting. Lidt tilbage som vi klarer manuelt...

Klik på Start-> Kør skriv Services.msc og klik OK.
Find Tjenesten
* [Microsoft Windows System] syshost.exe
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www4.king.com/midasa.cab
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} (MultiUpload Class) - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www4.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jeopartyhansen.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O20 - AppInit_DLLs:        msconfig.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\i2nm0c51ef.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

For at kunne se alle filer og mapper, så følg denne vejledning:
http://www.spywareinfo.dk/tip-og-tricks/mappeindstillinger.htm

Genstart i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

Søg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

C:\WINDOWS\system32\sw20.exe
syshost.exe
msconfig.dll
C:\WINDOWS\system32\i2nm0c51ef.dll

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

NB: Inden næste kørsel med HiJackThis.exe skal du OMDØBE programfilen HiJackThis.exe til ALTERNATIV.exe , da visse uønskede elementer har en tendens til at skjule sig når der kører en process ved navn HiJackThis.exe !!!

------------------------------------------------------------------------

PS: Din ISP er vel http://www.fullrate.dk/ ?

Logfile of HijackThis v1.99.1
Scan saved at 21:58:47, on 29-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\FSGK32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FCH32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FAMEH32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsrw.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\MSI\Live Update 3\LMonitor.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\TDCKAB~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\fsguidll.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
C:\Documents and Settings\Jesper Hansen\Skrivebord\ALTERNATIV.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://guilds.camelotherald.com/guilds/guild.php?s=Merlin&g=4742
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CA80AA3-FDB3-459D-8086-0EAF83D80FC1} - c:\Programmer\DetGodeProgram\DETGODEPROGRAMREMINDER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [LiveMonitor] "C:\Programmer\MSI\Live Update 3\LMonitor.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: TDC Kabel TV Sikkerhedspakke.lnk = C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra button: Klik her for at tilføje varen til din elektroniske ønskeliste. - {848C180B-F4AE-4485-A606-0EFCF00FFE2A} - c:\Programmer\DetGodeProgram\DETGODEPROGRAMREMINDER.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161022979437
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9152B106-C695-436E-9CE2-C2D7365C92EB}: NameServer = 89.150.129.4,89.150.129.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: TDC Kabel TV Sikkerhedspakke (BackWeb Plug-in - 7791805) - BackWeb Technologies Inc.                          - C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Ja jeg har www.fullrate.dk som ISP

... så er der ikke mere at gi' af ifølge din Log...

Hvordan kører putter så nu ?

den er stadig ikke super hurtig i opstart, tager godt 3 min nu at være helt klar. Men den kører mere "smooth" når kører programmer når først den er logget helt på.

Yderliger tips: Brug DVALE funktionen !!!

En guide herfra -> http://www.eu-energystar.org/da/da_024.htm#win2kxp

Pointe: Et kort tryk på din PowerON/OFF knap og alt indhold i din fysiske RAM bliver skrevet i én stor fil (af samme størrelse som din fysiske RAM) - og PC'en slukker med det samme HELT. Overstået på ~20-30 sekunder.
Ved PowerON (gen)indlæses indholdet i førnævnte fil tilbage til RAM og vupti er alt hurtigt på plads igen... Overstået på ~20-30 sekunder.
Og du om så har gang i diverse programmer/dokumenter/hjemmeside/mail/musik/spil ... det er præcist hvor du var før...

Jeg vil foreslå at du får kørt sdfix.

-- Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind, sammen med en ny log fra Hijackthis.

@dr1: Jeg vil foreslå dig at kigge lidt på dette link:
http://downloads.andymanchesta.com/RemovalTools/SDFIX_README.txt

SDFix: Version 1.63

05-02-2007 - 11:38:51,04

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\emdat.tm - Deleted
C:\WINDOWS\emdat.tmp - Deleted
C:\WINDOWS\system32\bin29a.log - Deleted
C:\WINDOWS\system32\winsys.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

                                Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:explorer"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:explorer"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Ditte Kofod\Lokale indstillinger\Application Data\Microsoft\Messenger\dittekofod@hotmail.com\Sharing Folders\dittevesth@hotmail.com\Thumbs.db
C:\Documents and Settings\Ditte Kofod\Lokale indstillinger\Application Data\Microsoft\Messenger\dittekofod@hotmail.com\Sharing Folders\schalburg1@hotmail.com\Thumbs.db
C:\Documents and Settings\Ditte Kofod\Lokale indstillinger\Application Data\Microsoft\Messenger\dittekofod@hotmail.com\Sharing Folders\schalburg1@hotmail.com\Billede_jpg-filer\Thumbs.db
C:\Documents and Settings\Ditte Kofod\Lokale indstillinger\Application Data\Microsoft\Messenger\dittekofod@hotmail.com\Sharing Folders\schalburg1@hotmail.com\bjarke 30 †rs f›desldag 02.09.06\Thumbs.db
C:\Documents and Settings\Ditte Kofod\Lokale indstillinger\Application Data\Microsoft\Messenger\dittekofod@hotmail.com\Sharing Folders\schalburg1@hotmail.com\Familie lejr 2006\Thumbs.db
C:\Documents and Settings\Ditte Kofod\Lokale indstillinger\Application Data\Microsoft\Messenger\dittekofod@hotmail.com\Sharing Folders\schalburg1@hotmail.com\norges tur\Thumbs.db
C:\Documents and Settings\Ditte Kofod\Lokale indstillinger\Application Data\Microsoft\Messenger\dittekofod@hotmail.com\Sharing Folders\schalburg1@hotmail.com\sommerhus\Thumbs.db
C:\Documents and Settings\Ditte Kofod\Lokale indstillinger\Application Data\Microsoft\Messenger\dittekofod@hotmail.com\Sharing Folders\schalburg1@hotmail.com\weekends tur til bornholm fra d.01.09.06 til d.03.09.06\Thumbs.db
C:\Documents and Settings\Jesper Hansen\Lokale indstillinger\Application Data\Microsoft\Messenger\jeopartyhansen@hotmail.com\Sharing Folders\martinharnisch@hotmail.com\Darkness\gfl.mft
C:\Documents and Settings\Jesper Hansen\Lokale indstillinger\Application Data\Microsoft\Messenger\jeopartyhansen@hotmail.com\Sharing Folders\martinharnisch@hotmail.com\Darkness\Thumbs.db
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\~WRL0001.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\Bachelor\~WRL0001.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\Bachelor\~WRL0005.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\Bachelor\~WRL0017.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\Bachelor\~WRL0557.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\Bachelor\~WRL1907.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\Bachelor\~WRL2360.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\Bachelor\~WRL2415.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\Bachelor\~WRL2535.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\Bachelor\~WRL3128.tmp
C:\Documents and Settings\Ditte Kofod\Dokumenter\Dokumenter\skole\Bachelor\~WRL3605.tmp

                                Finished
Logfile of HijackThis v1.99.1
Scan saved at 11:48:45, on 05-02-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\MSI\Live Update 3\LMonitor.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jesper Hansen\Skrivebord\FIXIT\ALTERNATIV.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://guilds.camelotherald.com/guilds/guild.php?s=Merlin&g=4742
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CA80AA3-FDB3-459D-8086-0EAF83D80FC1} - c:\Programmer\DetGodeProgram\DETGODEPROGRAMREMINDER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [LiveMonitor] "C:\Programmer\MSI\Live Update 3\LMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Klik her for at tilføje varen til din elektroniske ønskeliste. - {848C180B-F4AE-4485-A606-0EFCF00FFE2A} - c:\Programmer\DetGodeProgram\DETGODEPROGRAMREMINDER.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www4.king.com/ctl/kingcomie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161022979437
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

SDfix fandt et par filer, som den fixede. Men der er også nogle lidt mærkelige linier i logfilen, og jeg vil derfor bede dig prøve følgende:

Prøv at gå ind på følgende hjemmeside:
http://www.virustotal.com/en/indexx.html

Klik på Gennemse, og klik dig så frem til C:\WINDOWS\explorer.exe

Klik så Send. Så vil siden efter lidt tid begynde at scanne filen. Under scanningen vil der øverst på siden stå "STATUS: SCANNING". Når scanningen er færdig, vil der stå "STATUS: FINISHED". Kopier resultatet af scanningen herind i tråden (du kan markere teksten med musen, højreklikke på det markerede, og vælge "kopier"; herefter kan du paste indholdet herind).

Gentag herefter proceduren med denne fil:
C:\WINDOWS\system32\winlogon.exe


-------------
Hvordan kører computeren elleres nu?

Antivirus    Version    Update    Result
AntiVir    7.3.1.34    02.05.2007    no virus found
Authentium    4.93.8    02.03.2007    no virus found
Avast    4.7.936.0    02.05.2007    no virus found
AVG    386    02.04.2007    no virus found
BitDefender    7.2    02.05.2007    no virus found
CAT-QuickHeal    9.00    02.05.2007    no virus found
ClamAV    devel-20060426    02.05.2007    no virus found
DrWeb    4.33    02.05.2007    no virus found
eSafe    7.0.14.0    02.05.2007    no virus found
eTrust-InoculateIT    30.4.3370    02.05.2007    no virus found
eTrust-Vet    30.4.3370    02.05.2007    no virus found
Ewido    4.0    02.04.2007    no virus found
Fortinet    2.85.0.0    02.05.2007    no virus found
F-Prot    4.2.1.29    02.03.2007    no virus found
Ikarus    T3.1.0.31    02.05.2007    no virus found
Kaspersky    4.0.2.24    02.05.2007    no virus found
McAfee    4955    02.02.2007    no virus found
Microsoft    1.2101    02.05.2007    no virus found
NOD32v2    2037    02.05.2007    no virus found
Norman    5.80.02    02.02.2007    no virus found
Panda    9.0.0.4    02.04.2007    no virus found
Prevx1    V2    02.05.2007    no virus found
Sophos    4.13.0    02.05.2007    no virus found
Sunbelt    2.2.907.0    02.02.2007    no virus found
Symantec    10    02.05.2007    no virus found
TheHacker    6.1.6.052    02.05.2007    no virus found
UNA    1.83    02.03.2007    no virus found
VBA32    3.11.2    02.04.2007    no virus found
VirusBuster    4.3.19:9    02.05.2007    no virus found

Aditional Information
File size: 1033216 bytes
MD5: da77b9561cc9ac54584c86cab36ebf25
SHA1: be43f420b72ebe567dd54fc6cefa1477d4091dc4


AntiVir    7.3.1.34    02.05.2007    no virus found
Authentium    4.93.8    02.03.2007    no virus found
Avast    4.7.936.0    02.05.2007    no virus found
AVG    386    02.04.2007    no virus found
BitDefender    7.2    02.05.2007    no virus found
CAT-QuickHeal    9.00    02.05.2007    no virus found
ClamAV    devel-20060426    02.05.2007    no virus found
DrWeb    4.33    02.05.2007    no virus found
eSafe    7.0.14.0    02.05.2007    no virus found
eTrust-InoculateIT    30.4.3370    02.05.2007    no virus found
eTrust-Vet    30.4.3370    02.05.2007    no virus found
Ewido    4.0    02.04.2007    no virus found
Fortinet    2.85.0.0    02.05.2007    no virus found
F-Prot    4.2.1.29    02.03.2007    no virus found
Ikarus    T3.1.0.31    02.05.2007    no virus found
Kaspersky    4.0.2.24    02.05.2007    no virus found
McAfee    4955    02.02.2007    no virus found
Microsoft    1.2101    02.05.2007    no virus found
NOD32v2    2037    02.05.2007    no virus found
Norman    5.80.02    02.02.2007    no virus found
Panda    9.0.0.4    02.04.2007    no virus found
Prevx1    V2    02.05.2007    no virus found
Sophos    4.13.0    02.05.2007    no virus found
Sunbelt    2.2.907.0    02.02.2007    no virus found
Symantec    10    02.05.2007    no virus found
TheHacker    6.1.6.052    02.05.2007    no virus found
UNA    1.83    02.03.2007    no virus found
VBA32    3.11.2    02.04.2007    no virus found
VirusBuster    4.3.19:9    02.05.2007    no virus found

Aditional Information
File size: 502272 bytes
MD5: 713ad65b9ff9cee0a43181b442d846eb
SHA1: e66973e8d607be10447a169436f77626fdc44415


Prøver lige en reboot efter har posted dette.

ok nu er den som en frisk geninstallering. Starter op på under 10 sec og alt er klar efter har valgt login bruger.

I gutter er bare guld værd.

smid lige et svar så kan give point ud. Så prøver jeg lykken med mit næste problem i en ny post under rette emne :p (kan ikke vælge baggrunds billede)

Jeg har heller ikke mere at komme efter. For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

Dr1 skal også lige lægge et svar. Så kan du herefter fordele point, som du finder rimeligt.

Angående baggrundsbilledet, kan du lige prøve om dette hjælper:

Hent dette lille værktøj, og gem det på dit skrivebord:
http://danborg.org/spy/download/Deskfix.vbs

Dobbeltklik på den nye fil. Der vil komme en melding om, at brugen er på eget ansvar. Her skal du acceptere for at komme videre. Herefter forsvinder alt indhold fra dit skrivebord og proceslinien for et kort øjeblik. Når programmet melder at det har rettet din registrering, klikker du på OK. Genstart så computeren, og se om du kan ændre på baggrundsbilledet.

den lille fix hjalp med desktop baggrund. takker. Mangler lige DR1 til at smide et svar.

Ping...
(Deles med andre...)