Hej shekarn og velkommen

Det er helt spændende at læse tingene på den måde, men træls for dig.

Har den lavet det nummer i lang tid [?]

Følg denne anvisning punkt 1-4 http://www.spywarefri.dk/forum/links/hjtanv.htm
resultatet skal du kopier ind i denne tråd. Det gør du ved at klikke på- Svar på emne- knappen, og så kopier det herind.

Så tager vi tingene derfra

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
C:\Programmer\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\Programmer\Norman\bin\NJEEVES.EXE
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Norman\Nvc\BIN\nipsvc.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearchIndexer.exe
C:\Documents and Settings\Jan Rosenqvist\Skrivebord\hijackthis.exe
C:\Programmer\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programmer\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmer\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programmer\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Programmer\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] “C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temporary Internet Files\Content.IE5\KMU64FAK\WinFixerScannerInstall[1].exe” -nag
O4 - HKLM\..\Run: [BearShare] “C:\Programmer\BearShare\BearShare.exe” /pause
O4 - HKLM\..\Run: [SemanticInsight] C:\Programmer\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] “C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe”
O4 - HKLM\..\Run: [Adobe Photo Downloader] “C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programmer\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [Error Safe] C:\Programmer\Error Safe Free\ers.exe /scan
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] “C:\Programmer\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: [MsnMsgr] ~“C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WinFixer2005] “C:\Programmer\WinFixer 2005\UWFX5.exe” /scan
O4 - HKCU\..\Run: [Skype] “C:\Programmer\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU\..\Run: [SweetIM] C:\Programmer\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ErrorSafe] “C:\Programmer\Error Safe Free\ers.exe” /scan
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google; Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN; Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: &Search; - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZR
O8 - Extra context menu item: &Translate; English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?1271637aa4ff4b8293f59c8f5bc15443
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?1271637aa4ff4b8293f59c8f5bc15443
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131087183187
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programmer\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Programmer\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Programmer\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe

tak-for-hjælpen-men-hvad-gør-vi-så-nu?-
mvh
shekarn

Hej shekarn

Jeg kan se, at du ikke har fulgt anvisningen fra Magic. Du har ikke installeret og kørt Ewido. Du bliver nødt til at følge vores vejledninger, hvis du skal slippe for dine mange infektioner.

Sørg for at få Ewido installeret og kørt. Vi skal se loggen fra Ewido fra dig.

Dernæst skal du have afinstalleret flere programmer.

Gå i start - kontrolpanelet - tilføj/fjern programmer og afinstaller:

MyWebSearch
Macrogaming
SweetIMBarForIE
ShopperReports
Need2Find
Error Safe Free
BearShare
RXToolBar
WinFixer 2005

Genstart. Måske skal du genstarte flere gange under alle disse afinstallationer

Download free Trial af SuperAntiSpyware Proff til Skrivebordet, nederst på siden HER

Installer den, og lad den opdatere med nyeste opdateringer.

Så vil den spørge om din mail adresse, det er op til dig selv om du vil udfylde det.Tryk så på Næste og Næste igen -Udfør.

Dansk vejledning HER

Genstart i Fejlsikret tilstand

Start superantispyware ved at højreklikke på den gule og sorte bille ved uret

Tryk på - Scan for, Adware,Malware - linjen
Tryk på - Preference - Knappen.
Fjern flueben ved -Start SuperAntiSpyware when Windows starts.

Tryk på Fanebladet -Scanning control.

Ved scanning options, skal der kun være flueben i de to nederste

Fanebladet- Real Time Protections. Fjerner du fluben ved - Enable Real Time Protection

Tryk så på Close

Tryk på - Scan Your computer - Knappen. sæt flueben ved de drev der skal scannes. Det er vigtigt at drev hvor Windows (systemdrevet) ligger, har et flueben.

Flyt så prikken ved- Perform quick Scan, ned til - Perform complete Scan.

Tryk på Næste, så går den i gang med at scanne.

Det kan godt tage lang tid hvis du har meget på computeren

Når scanninngen er færdig popper der en boks op, tryk OK.

Sæt flueben ved alt den har fundet- næste. Så vil den fixe/slette infektionerne.

Lad den genstarte.

Efter genstart -

Klik på “Start” - Vælg “Søg”.
Klik på linket “Skift indstillinger”.
Klik på “Skift søgefunktioner for filer og mapper”
Sæt prik i “Avanceret” og klik OK.
Klik på “Alle filer og mapper”
Klik på “Flere avancerede indstillinger”
Sæt flueben i de tre øverste.
Find:
superantispyware scan log

Kopier denne log herind, sammen med loggen fra Ewido, samt en ny frisk log fra Hijackthis.

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CLSID -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CurVer -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl.1 -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKU\S-1-5-21-1606980848-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup
HKU\S-1-5-21-1606980848-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
[2340] C:\Programmer\Macrogaming\SweetIM\mghooking.dll -> Logger.Agent.gk : Error during cleaning
[2576] C:\Programmer\Macrogaming\SweetIM\mghooking.dll -> Logger.Agent.gk : Error during cleaning
C:\Documents and Settings\Jan Rosenqvist\Cookies\jan rosenqvist@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Cookies\jan rosenqvist@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Cookies\jan rosenqvist@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Cookies\jan rosenqvist@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Cookies\jan rosenqvist@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan rosenqvist@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan rosenqvist@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan .[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan rosenqvist@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan .[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan rosenqvist@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan .[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan rosenqvist@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan rosenqvist@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan rosenqvist@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temp\Cookies\jan .[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ehg-lexmark.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Downloads\OmarSharifBridge2Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\PokerSuperstarsSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\PokerSuperstarsSetup-dm[2].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\PokerSuperstarsSetup11021-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\ShapeShifterSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Downloads\VegasCasino2Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup
C:\Programmer\Casino Lux\CStart.exe -> Adware.Casino : Cleaned with backup
C:\Programmer\Fælles filer\WinFixer 2005\FCrXML.dll -> Adware.Winfixer : Cleaned with backup
C:\Programmer\Macrogaming\SweetIM\__delete_on_reboot__mghooking.dll -> Logger.Agent.gk : Cleaned with backup
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup

::Report End
undskyld-jeg-havde-ikke-forstået-brugsanvisningen-men-jeg-tror-at-det-er-denne-report-du-mener?-

Ja, og så lige en frisk hijackthis log

Scan saved at 14:50:26, on 10-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
C:\Programmer\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\Nvc\BIN\nipsvc.exe
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\Programmer\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmer\Norman\bin\ZLH.EXE
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\Error Safe Free\ers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Norman\Npf\BIN\npfmsg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearchIndexer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\MSN Toolbar Suite\SL\02.05.0001.1119\da-dk\msn_sl.exe
C:\Documents and Settings\Jan Rosenqvist\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programmer\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmer\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Programmer\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] “C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temporary Internet Files\Content.IE5\KMU64FAK\WinFixerScannerInstall[1].exe” -nag
O4 - HKLM\..\Run: [BearShare] “C:\Programmer\BearShare\BearShare.exe” /pause
O4 - HKLM\..\Run: [SemanticInsight] C:\Programmer\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] “C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe”
O4 - HKLM\..\Run: [Adobe Photo Downloader] “C:\Programmer\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programmer\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Error Safe] C:\Programmer\Error Safe Free\ers.exe /scan
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] “C:\Programmer\Messenger\msmsgs.exe” /background
O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU\..\Run: [WinFixer2005] “C:\Programmer\WinFixer 2005\UWFX5.exe” /scan
O4 - HKCU\..\Run: [Skype] “C:\Programmer\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU\..\Run: [ErrorSafe] “C:\Programmer\Error Safe Free\ers.exe” /min
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\da-dk\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google; Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN; Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll/search.htm
O8 - Extra context menu item: &Translate; English Word - res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/229?1271637aa4ff4b8293f59c8f5bc15443
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0000.1105\da-dk\msntabres.dll/230?1271637aa4ff4b8293f59c8f5bc15443
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131087183187
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programmer\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Programmer\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Programmer\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe

okey-der-er-nogen-af-programmerne-vi-ikke-kan-slette-for-de-er-fjernet-siger-den

Hej shekarn

Så fjerner vi bare de sidste manuelt.

Først skal du oprette en mappe på dit skrivebord. Højreklik og vælg ny - mappe - kald den hijackthis. Kom programmet hijackthis i denne mappe. Det er vigtigt, for ellers vil dit skrivebord blive fyldt med backupfiler af dine infektioner - når du nu om lidt skal til at fixe.

Åbn nu mappen, og kør en scanning med hijackthis.

Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Programmer\ShopperReports\Bin\1.1.0.0\ShprRprt.dll (file missing)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programmer\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)

O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416B-BCDB-33B3EF3617D3} - C:\Programmer\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)

O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] “C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temporary Internet Files\Content.IE5\KMU64FAK\WinFixerScannerInstall[1].exe” -nag
O4 - HKLM\..\Run: [BearShare] “C:\Programmer\BearShare\BearShare.exe” /pause
O4 - HKLM\..\Run: [SemanticInsight] C:\Programmer\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Error Safe] C:\Programmer\Error Safe Free\ers.exe /scan
O4 - HKCU\..\Run: [WinFixer2005] “C:\Programmer\WinFixer 2005\UWFX5.exe” /scan
O4 - HKCU\..\Run: [ErrorSafe] “C:\Programmer\Error Safe Free\ers.exe” /min

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programmer\RXToolBar\sfcont.dll

For at kunne se alle filer og mapper, så følg denne vejledning:
Se alle filer og mapper

Genstart i fejlsikret tilstand

Søg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll
C:\Programmer\ShopperReports\Bin\1.1.0.0\ShprRprt.dll
C:\Programmer\Need2Find\bar\1.bin\ND2FNBAR.DLL
C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temporary Internet Files\Content.IE5\KMU64FAK\WinFixerScannerInstall[1].exe” -nag
C:\Programmer\BearShare\BearShare.exe” /pause
C:\Programmer\RXToolBar\Semantic Insight\SemanticInsight.exe
C:\Programmer\Error Safe Free\ers.exe /scan

———————————————————————————————-

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

hjælp jeg må skrive fra en anden computer.
den har låst sig fast, da jeg skulle starte i fejlsikret tilstand låste pilene op og ned sig så jeg ikke kan komme videre, hvad gør jeg?
mvh
shekarn

Prøv at slukke din maskine på knappen og forsøg så igen.

det virker desværre ikke pilene vil ikke bevæge sig derinde, men de virker fint når computeren er tændt.
mvh
shekarn

Hvis du har et usb-tastatur kan det være grunden.

Prøv blot at lade den starte i normal tilstand og se om du kan få slettet de pgl filer og mapper.

Vi anbefaler altid fejlsikret tilstand, da der er større chance for at filer og mapper ikke er i brug, men det er ikke sikkert at fejlsikret tilstand er nødvendig i dette tilfælde.

den eneste vi ikke kan fjerne er need2findbar.
den siger at filen ikke findes.
hvad gør vi så nu? vi har lagt den der antispyware ind som du skrev.
og undskyld at jeg beslaglægger så meget af jeres tid, men jeg har ikke forstand på det, da jeg er ny i det med computer.
mvh.
shekarn

I fortsætter bare vejledningen.

Det gør ikke spor, hellere spørge meget, end ikke spørge og lave noget forkert.

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jan Rosenqvist\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
O4 - HKLM\..\Run: [NI.UWFX5_0001_N57M2112] “C:\Documents and Settings\Jan Rosenqvist\Lokale indstillinger\Temporary Internet Files\Content.IE5\KMU64FAK\WinFixerScannerInstall[1].exe” -nag
O4 - HKCU\..\Run: [msnmsgr] “C:\Programmer\MSN Messenger\msnmsgr.exe” /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Programmer\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe

————————————————————————————-

+ Oprettet den:  12:43:22, 11-04-2006
+ Rapport-Checksum:  4732D85F

+ Scanningsresultat:
Ingen inficerede filer fundet!

::Rapport slut

Det ser meget bedre ud nu

Nu er der kun enkelt tilbage der lige skal fjernes -

Download Registrar Lite: http://www.resplendence.com/download/reglite.exe

Installer og kør den. I address bar/linjen kopier nedenstående (med fede bogstaver) ind, og tryk på Go:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Kig så i højre vindue for denne:

C:\Documents and Settings\steve\Local Settings\Temporary Internet
Files\Content.IE5\I53KDWJ6\WinFixerScannerInstall[1].exe
Højreklik på den og tryk på Delete.

Genstart og send en ny Hijack This log.