Hej mortenus og velkommen

Følg lige denne anvisning -> [url=“http://www.spywarefri.dk/forum/links/hjtanv.htm”]
Hijackthis anvisning    [/url]
resultatet skal du kopier ind i denne tråd.

Det gør du ved at klikke på- Svar på emne- knappen, og så kopier det herind.

NB. Når AVG Antispyware   scanningen er færdig, tryk på - Apply all actions - knappen.
Hvis du ikke kan det, så tryk på - Recommended Action - knappen. Derefter på - Quarantine i Dropdown Menuen. Tryk så på – Apply all actions – knappen.

Vi vil også gerne se AVG Antispyware loggen

NB. Du kører bare scanningerne fra normal tilsttand

Inden du sender log filer herind, vil jeg godt have dig til at installere AVG Antivirus
Du kan hente det herfra:
[url=“http://www.spywarefri.dk/manualer/sikkerhedspakke.htm”]
Sikkerheds Pakken           [/url]

-har kørt div programmer og AVG-antivirus og trykket apply all actions.

her er log fra AVG og fra hijack

————————————————————————————

AVG Anti-Spyware - Scan Report
————————————————————————————-

+ Created at: 11:12:05 25/01/2007

+ Scan result:

:mozilla.112:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.113:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.114:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.22:C:\Documents and Settings\Lea\Application Data\Mozilla\Firefox\Profiles\ri61jx5z.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\Documents and Settings\Lea\Application Data\Mozilla\Firefox\Profiles\ri61jx5z.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ejer\Cookies\ejer@ad.adition[2].txt -> TrackingCookie.Adition : No action taken.
:mozilla.11:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.12:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.25:C:\Documents and Settings\Lea\Application Data\Mozilla\Firefox\Profiles\ri61jx5z.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.26:C:\Documents and Settings\Lea\Application Data\Mozilla\Firefox\Profiles\ri61jx5z.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.14:C:\Documents and Settings\Lea\Application Data\Mozilla\Firefox\Profiles\ri61jx5z.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.15:C:\Documents and Settings\Lea\Application Data\Mozilla\Firefox\Profiles\ri61jx5z.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.34:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.35:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.36:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.37:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.8:C:\Documents and Settings\Lea\Application Data\Mozilla\Firefox\Profiles\ri61jx5z.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.115:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.324:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.290:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.105:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.59:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.265:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.267:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Ejer\Cookies\ejer@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.380:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.121:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.350:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.248:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.249:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.170:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.171:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.172:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.385:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.317:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.318:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.364:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.365:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.366:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.367:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.308:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.309:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.43:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.44:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.85:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.86:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.87:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.88:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.92:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.158:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.84:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Lea\Cookies\lea@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.155:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.156:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.157:C:\Documents and Settings\Ejer\Application Data\Mozilla\Firefox\Profiles\i9f9vmoj.default\cookies.txt -> TrackingCookie.Zedo : No action taken.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:15:54, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP DVD\Umbrella\DVDTray.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HP\hpcoretech\comp\hptskmgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ejer\Skrivebord\sikkerhed, renseprogrammer\spywarefri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.iha.dk/wpad.dat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe                                                                   “C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00001.exe”
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - (no file)
O2 - BHO: (no name) - {385066e0-23f3-11db-a98b-0800200c9a66} - (no file)
O2 - BHO: (no name) - {5D9055BD-4A67-4AAB-5C2C-51ACBE8D193C} - C:\DOCUME~1\Ejer\APPLIC~1\NURBOO~1\Book Log.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {a62d2213-2d9b-4d25-b52d-0bc282501d5b} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateManager] “C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] “C:\Programmer\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM\..\Run: [DVDTray] “C:\Programmer\HP DVD\Umbrella\DVDTray.exe”
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM\..\Run: [Seek Phone Amen Clock] C:\Documents and Settings\All Users\Application Data\SkipDvdSeekPhone\Dent bird.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViewJoy] C:\DOCUME~1\Ejer\APPLIC~1\THISDE~1\64 proxy body.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - Global Startup: GStartup.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth; - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sputnik.dk
O15 - Trusted Zone: *.tv2.dk
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://fyssrv02.udd.sembsc.dk/iNotes6W.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3632332D2D2D.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/1.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Documents and Settings\Administrator\Skrivebord\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\iPod Updater 2005-09-06\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe” -s “C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe” “WMP54Gv4.exe (file missing)

ups glemte at genstarte .. her er en ny logfile

Logfile of HijackThis v1.99.1
Scan saved at 11:27:04, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP DVD\Umbrella\DVDTray.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Skrivebord\sikkerhed, renseprogrammer\spywarefri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.iha.dk/wpad.dat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe                                                                   “C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00001.exe”
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - (no file)
O2 - BHO: (no name) - {385066e0-23f3-11db-a98b-0800200c9a66} - (no file)
O2 - BHO: (no name) - {5D9055BD-4A67-4AAB-5C2C-51ACBE8D193C} - C:\DOCUME~1\Ejer\APPLIC~1\NURBOO~1\Book Log.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {a62d2213-2d9b-4d25-b52d-0bc282501d5b} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [UpdateManager] “C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] “C:\Programmer\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM\..\Run: [DVDTray] “C:\Programmer\HP DVD\Umbrella\DVDTray.exe”
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM\..\Run: [Seek Phone Amen Clock] C:\Documents and Settings\All Users\Application Data\SkipDvdSeekPhone\Dent bird.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViewJoy] C:\DOCUME~1\Ejer\APPLIC~1\THISDE~1\64 proxy body.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - Global Startup: GStartup.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth; - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sputnik.dk
O15 - Trusted Zone: *.tv2.dk
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://fyssrv02.udd.sembsc.dk/iNotes6W.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3632332D2D2D.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/1.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Documents and Settings\Administrator\Skrivebord\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\iPod Updater 2005-09-06\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe” -s “C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe” “WMP54Gv4.exe (file missing)

Hej mortenus

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

F2 - REG:system.ini: Shell=explorer.exe “C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00001.exe”
O2 - BHO: (no name) - {1D4C7057-EAD2-44C6-AD18-9092905F28F1} - (no file)
O2 - BHO: (no name) - {385066e0-23f3-11db-a98b-0800200c9a66} - (no file)
O2 - BHO: (no name) - {5D9055BD-4A67-4AAB-5C2C-51ACBE8D193C} - C:\DOCUME~1\Ejer\APPLIC~1\NURBOO~1\Book Log.exe
O2 - BHO: (no name) - {a62d2213-2d9b-4d25-b52d-0bc282501d5b} - (no file)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - (no file)
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Seek Phone Amen Clock] C:\Documents and Settings\All Users\Application Data\SkipDvdSeekPhone\Dent bird.exe
O4 - HKCU\..\Run: [ViewJoy] C:\DOCUME~1\Ejer\APPLIC~1\THISDE~1\64 proxy body.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)

For at kunne se alle filer og mapper, så følg denne vejledning:
Se alle filer og mapper

Genstart i fejlsikret tilstand

Søg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ <- Hele mappen
C:\DOCUME~1\Ejer\APPLIC~1\NURBOO~1\ <- Hele mappen
C:\Documents and Settings\All Users\Application Data\SkipDvdSeekPhone\ <- Hele mappen
C:\DOCUME~1\Ejer\APPLIC~1\THISDE~1\ <- Hele mappen

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

————————————————————————————————————

hej igen, har nu gjort som der blev skrevet. fik slettet alt hvad jeg skulle(stadigvæk ikke i fejlsikker tilstand) efter fixet pånær nedenstående fil, hvortil jeg ikke havde adgang

C:\Documents and Settings\All Users\Application Data\SkipDvdSeekPhone\

Logfile of HijackThis v1.99.1
Scan saved at 13:54:48, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP DVD\Umbrella\DVDTray.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Skrivebord\sikkerhed, renseprogrammer\spywarefri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.iha.dk/wpad.dat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O4 - HKLM\..\Run: [UpdateManager] “C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] “C:\Programmer\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM\..\Run: [DVDTray] “C:\Programmer\HP DVD\Umbrella\DVDTray.exe”
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - Global Startup: GStartup.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth; - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sputnik.dk
O15 - Trusted Zone: *.tv2.dk
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://fyssrv02.udd.sembsc.dk/iNotes6W.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3632332D2D2D.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/1.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Documents and Settings\Administrator\Skrivebord\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\iPod Updater 2005-09-06\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe” -s “C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe” “WMP54Gv4.exe (file missing)

hej og tak for hjælpen… 

kan dog stadig ikke komme på i fejlsikker tilstand..  andet jeg kan gøre

har nu prøvet at køre

sfc /scannow

uden held

Hent NoLop exe til skrivebordet:
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16

Kør den, tryk på - Search and Destroy - knappen. Så vil den scanne efter lop infektioner, og planlagte lop job´s. Hvis den finder noget, bliver du bedt om at trykke på Reboot-knappen, det gør du.

Efter genstart ligger der en en fil: C:NoLop txt
kopier indholdet af den herind sammen med en ny hijackthis log.

Hvis du får en fejlmelding - “mscomctl.ocx eller en af de tilhørende komponenter ikke er registreret ordentligt, download mscomctl.ocx til window/system32 mappen. Du kan hente filen herfra—
http://www.ascentive.com/support/new/support_dll.phtml?dllname=MSCOMCTL.OCX

Kør så programmet igen

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Ejer\Skrivebord
[26/01/2007]
[09:50:13]

—-Infection Files Found/Removed—-
C:\Documents and Settings\Ejer\Lokale indstillinger\Temp\7cde30.exe
C:\Documents and Settings\All Users\Application Data\SkipDvdSeekPhone\Dent bird.exe
C:\WINDOWS\tasks\A86304FC91E4B600.job

Beginning Removal…
Rebooting…
Removing Lop’s Leftover Files/Folders…
Editing Registry…
**Fix Complete!**

—-Listing AppData sub directories—-

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Apple Computer
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Intertrust
C:\Documents and Settings\Administrator\Application Data\Leadertech
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\Sampleview —EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Sonic
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator\Application Data\Symantec —EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\E-safekey
C:\Documents and Settings\All Users\Application Data\Fellowes
C:\Documents and Settings\All Users\Application Data\Goland
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Hp
C:\Documents and Settings\All Users\Application Data\Intervideo
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\My Pictures
C:\Documents and Settings\All Users\Application Data\Nview_profiles —EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Pdf995
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\Skype —EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intertrust
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sampleview —EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Default User\Application Data\Symantec —EMPTY Directory
C:\Documents and Settings\Ejer\Application Data\Abbyy
C:\Documents and Settings\Ejer\Application Data\Adobe
C:\Documents and Settings\Ejer\Application Data\Ahead
C:\Documents and Settings\Ejer\Application Data\Apple Computer
C:\Documents and Settings\Ejer\Application Data\Arcsoft
C:\Documents and Settings\Ejer\Application Data\Creative
C:\Documents and Settings\Ejer\Application Data\Cryptomathic
C:\Documents and Settings\Ejer\Application Data\Dvd Shrink
C:\Documents and Settings\Ejer\Application Data\Dvdcss
C:\Documents and Settings\Ejer\Application Data\Epson
C:\Documents and Settings\Ejer\Application Data\Google
C:\Documents and Settings\Ejer\Application Data\Help
C:\Documents and Settings\Ejer\Application Data\Hp
C:\Documents and Settings\Ejer\Application Data\Identities
C:\Documents and Settings\Ejer\Application Data\Intertrust
C:\Documents and Settings\Ejer\Application Data\Intervideo
C:\Documents and Settings\Ejer\Application Data\Leadertech
C:\Documents and Settings\Ejer\Application Data\Lg Electronics
C:\Documents and Settings\Ejer\Application Data\Macromedia
C:\Documents and Settings\Ejer\Application Data\Mailfrontier
C:\Documents and Settings\Ejer\Application Data\Microsoft
C:\Documents and Settings\Ejer\Application Data\Microsoft Web Folders —EMPTY Directory
C:\Documents and Settings\Ejer\Application Data\Motive
C:\Documents and Settings\Ejer\Application Data\Mozilla
C:\Documents and Settings\Ejer\Application Data\Msn6
C:\Documents and Settings\Ejer\Application Data\Nurb Ooze —EMPTY Directory
C:\Documents and Settings\Ejer\Application Data\Pdf995
C:\Documents and Settings\Ejer\Application Data\Sampleview —EMPTY Directory
C:\Documents and Settings\Ejer\Application Data\Skype
C:\Documents and Settings\Ejer\Application Data\Smart Panel
C:\Documents and Settings\Ejer\Application Data\Sonic
C:\Documents and Settings\Ejer\Application Data\Steinberg
C:\Documents and Settings\Ejer\Application Data\Sun
C:\Documents and Settings\Ejer\Application Data\Symantec —EMPTY Directory
C:\Documents and Settings\Ejer\Application Data\Syntrillium
C:\Documents and Settings\Ejer\Application Data\Talkback
C:\Documents and Settings\Ejer\Application Data\This Defy
C:\Documents and Settings\Ejer\Application Data\Trojanhunter
C:\Documents and Settings\Ejer\Application Data\Tunebite —EMPTY Directory
C:\Documents and Settings\Ejer\Application Data\Ulead Systems
C:\Documents and Settings\Ejer\Application Data\Utorrent
C:\Documents and Settings\Ejer\Application Data\V-safe
C:\Documents and Settings\Ejer\Application Data\Vlc
C:\Documents and Settings\Ejer\Application Data\Warez
C:\Documents and Settings\Ejer\Application Data\Winantivirus Pro 2006
C:\Documents and Settings\Ejer\Application Data\Winpatrol
C:\Documents and Settings\Lea\Application Data\Adobe
C:\Documents and Settings\Lea\Application Data\Apple Computer
C:\Documents and Settings\Lea\Application Data\Identities
C:\Documents and Settings\Lea\Application Data\Intertrust
C:\Documents and Settings\Lea\Application Data\Macromedia
C:\Documents and Settings\Lea\Application Data\Microsoft
C:\Documents and Settings\Lea\Application Data\Motive
C:\Documents and Settings\Lea\Application Data\Mozilla
C:\Documents and Settings\Lea\Application Data\Sampleview —EMPTY Directory
C:\Documents and Settings\Lea\Application Data\Sonic
C:\Documents and Settings\Lea\Application Data\Sun
C:\Documents and Settings\Lea\Application Data\Symantec —EMPTY Directory
C:\Documents and Settings\Lea\Application Data\Ulead Systems
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Signe\Application Data\Adobe
C:\Documents and Settings\Signe\Application Data\Identities
C:\Documents and Settings\Signe\Application Data\Intertrust
C:\Documents and Settings\Signe\Application Data\Microsoft
C:\Documents and Settings\Signe\Application Data\Sampleview —EMPTY Directory
C:\Documents and Settings\Signe\Application Data\Sonic
C:\Documents and Settings\Signe\Application Data\Sun
C:\Documents and Settings\Signe\Application Data\Symantec —EMPTY Directory

ny hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:01:29, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\msiexec.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP DVD\Umbrella\DVDTray.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Skrivebord\sikkerhed, renseprogrammer\spywarefri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.iha.dk/wpad.dat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O4 - HKLM\..\Run: [UpdateManager] “C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmer\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] “C:\Programmer\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM\..\Run: [DVDTray] “C:\Programmer\HP DVD\Umbrella\DVDTray.exe”
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - Global Startup: GStartup.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth; - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sputnik.dk
O15 - Trusted Zone: *.tv2.dk
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://fyssrv02.udd.sembsc.dk/iNotes6W.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3632332D2D2D.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/1.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Documents and Settings\Administrator\Skrivebord\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\iPod Updater 2005-09-06\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe” -s “C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe” “WMP54Gv4.exe (file missing)

Det hjalp på den, men der er stadig lidt der ligger og lurer -

Hent og installer Spy Sweeper version 5.0 Prøveversion (Gratis i 14 dage.)
http://www.spywarefri.dk/downloads1.htm

Opdater den (Check For Updates).

Tryk så på Options Fanen. Derefter på Sweep, sæt prikken ned til - Custom Sweep, tryk på - Change Settings.

Sæt flueben ved de drev der skal scannes, tryk så på - What to sweep.

Sæt flueben ved alle, undtagen - Compressed Files.

Tryk på - Advanced Settings, sæt flueben ved alle tre steder

Tryk på Sweep knappen, derefter på - Start Custom Sweep - knappen.

Så kører scanningen.

Når scanningen er færdig, tryk på - Qurantine Selected - knappen

Hvis den vil genstarte for at færdiggøre rensningen, så tillad den at genstarte.

Ellers luk den bare almindeligt.

Genstart normalt

Åbn Spysweeper igen, tryk på - Options, derefter på - view Sessions log.

Kopier det øverste af loggen herind, til og med:

Start of Session
|
********

Sammen med en ny hijackthis log og fortæl hvordan computeren kører nu

Keylogger Shield: On
      BHO Shield: On
      IE Security Shield: On
      Alternate Data Stream (ADS) Execution Shield: On
      Startup Shield: On
      Common Ad Sites Shield: Off
      Hosts File Shield: On
      Spy Communication Shield: On
      ActiveX Shield: On
      Windows Messenger Service Shield: On
      IE Favorites Shield: On
      Spy Installation Shield: On
      Memory Shield: On
      IE Hijack Shield: On
      IE Tracking Cookies Shield: Off
20:12: Shield States
20:12: Spyware Definitions: 691
20:12: Spy Sweeper 5.0.5.1286 started
16:53: |    End of Session, 26 January 2007     |
      Keylogger Shield: On
      BHO Shield: On
      IE Security Shield: On
      Alternate Data Stream (ADS) Execution Shield: On
      Startup Shield: On
      Common Ad Sites Shield: Off
      Hosts File Shield: On
      Spy Communication Shield: On
      ActiveX Shield: On
      Windows Messenger Service Shield: On
      IE Favorites Shield: On
      Spy Installation Shield: On
      Memory Shield: On
      IE Hijack Shield: On
      IE Tracking Cookies Shield: Off
10:38: Shield States
10:38: Spyware Definitions: 691
10:38: Spy Sweeper 5.0.5.1286 started
10:38: Spy Sweeper 5.0.5.1286 started
10:38: |    Start of Session, 26 January 2007     |
********
20:08: Removal process completed.  Elapsed time 00:01:18
20:07:  Quarantining All Traces: dashbar
20:07:  Quarantining All Traces: gain - common components
20:07:  Quarantining All Traces: tradedoubler cookie
20:07:  Quarantining All Traces: servlet cookie
20:07:  Quarantining All Traces: 2o7.net cookie
20:07:  Quarantining All Traces: mediaplex cookie
20:07:  Quarantining All Traces: lopdotcom cookie
20:07:  Quarantining All Traces: atlas dmt cookie
20:07:  Quarantining All Traces: advertising cookie
20:07:  Quarantining All Traces: adultfriendfinder cookie
20:07:  Quarantining All Traces: adtech cookie
20:07:  Quarantining All Traces: yieldmanager cookie
20:07:  Quarantining All Traces: toplist cookie
20:07:  Quarantining All Traces: errorsafe
20:07:  Quarantining All Traces: syswebtelecom
20:07:  Quarantining All Traces: trustin bar
20:07:  Quarantining All Traces: saristar dialer
20:07:  Quarantining All Traces: dialer access
20:07:  Quarantining All Traces: bho_moneygainer
20:07:  Quarantining All Traces: altnet
20:07:  Quarantining All Traces: dollarrevenue
20:07:  Quarantining All Traces: orbit explorer
20:07:  Quarantining All Traces: azsearch toolbar
20:07:  Quarantining All Traces: lopdotcom
20:07:  Quarantining All Traces: ist yoursitebar
20:06: Removal process initiated
20:04: Traces Found: 93
20:04: Full Sweep has completed.  Elapsed time 03:10:39
20:04: File Sweep Complete, Elapsed Time: 03:02:12
20:03:  Warning: Failed to access drive O:
20:03:  Warning: Failed to access drive N:
20:03:  Warning: Failed to access drive M:
20:03:  Warning: Failed to access drive L:
20:03:  Warning: Failed to access drive K:
20:03:  Warning: Failed to access drive J:
20:03:  Warning: Failed to access drive G:
20:03:  Warning: Failed to access drive F:
19:50:  Warning: Failed to open file “d:\pagefile.sys”. Adgang nægtet
19:50:  c:\windows\downloaded program files\azesearch.inf (ID = 50329)
19:50:  C:\Programmer\Fælles filer\CMEII\store\core\odm.cfg (ID = 61553)
19:50:  C:\Program Files\Altnet\Download Manager\selectdir1st.txt (ID = 49865)
19:50:  C:\Programmer\Fælles filer\CMEII\store\core\syscfg (ID = 61588)
19:50:  C:\Program Files\Altnet\Download Manager\selectdir.txt (ID = 49864)
19:50:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\w9a345q7\dk[2].gif”. Handlingen er gennemført
19:49:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\ctmb0puf\karakterer[1].gif”. Handlingen er gennemført
19:49:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\opmf49a7\saelg[1].gif”. Handlingen er gennemført
19:49:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\opmf49a7\koeb[1].gif”. Handlingen er gennemført
19:49:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\w9a345q7\betaling[1].gif”. Handlingen er gennemført
19:49:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\w9a345q7\pixel-line[1].png”. Handlingen er gennemført
19:49:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\w9a345q7\10-pixel[1].gif”. Handlingen er gennemført
19:49:  C:\Documents and Settings\All Users\Menuen Start\Programmer\GAIN Publishing\GAIN Publishing Web Site.URL (ID = 61372)
19:49:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\r64jbhcl\adserver.adtech[1].htm”. Handlingen er gennemført
19:49:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\8pi7o163\addyn_2[2]”. Handlingen er gennemført
19:49:  C:\Programmer\Fælles filer\CMEII\GatorSupportInfo.txt (ID = 61414)
19:49:  C:\Programmer\Fælles filer\GMT\mepcme.dat (ID = 61517)
19:48:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\utxmbepg\08[1].js”. Handlingen er gennemført
19:48:  Warning: Failed to open file “c:\documents and settings\ejer\lokale indstillinger\temporary internet files\content.ie5\8lor8roz\addyn_2[2]”. Handlingen er gennemført
19:45:  C:\RECYCLER\S-1-5-21-348841013-3826629937-2930031589-1003\Dc2070.exe (ID = 304)
19:35:  C:\NoLopBackups\Sta6.exe.016.infected (ID = 304)
19:35:  C:\System Volume Information\_restore{a760429d-b2c8-4a37-9c31-a7bfb448da32}\RP106\A0020396.exe (ID = 304)
19:24:  C:\Program Files\Altnet\Points Manager\setup.cab (ID = 49872)
19:07:  C:\System Volume Information\_restore{a760429d-b2c8-4a37-9c31-a7bfb448da32}\RP108\A0020581.exe (ID = 121)
19:07:  C:\System Volume Information\_restore{a760429d-b2c8-4a37-9c31-a7bfb448da32}\RP106\A0020341.exe (ID = 304)
19:06:  C:\System Volume Information\_restore{a760429d-b2c8-4a37-9c31-a7bfb448da32}\RP106\A0020395.exe (ID = 90)
19:02:  C:\Documents and Settings\All Users\Menuen Start\Programmer\GAIN Publishing\About GAIN Publishing.lnk (ID = 61270)
19:00:  C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\GStartup.lnk (ID = 61450)
18:59:  C:\Programmer\Fælles filer\GMT\FillIn.wav (ID = 61352)
18:58:  C:\Program Files\Altnet\Points Manager\Skin\Skin.xml (ID = 49876)
18:58:  C:\Program Files\Altnet\Points Manager\Points Manager.exe.Manifest (ID = 49859)
18:56:  C:\System Volume Information\_restore{a760429d-b2c8-4a37-9c31-a7bfb448da32}\RP106\A0020365.exe (ID = 90)
18:55:  C:\Documents and Settings\Ejer\Lokale indstillinger\Temporary Internet Files\Content.IE5\R64JBHCL\upAYB_unk[1].int (ID = 121)
18:50:  C:\System Volume Information\_restore{a760429d-b2c8-4a37-9c31-a7bfb448da32}\RP108\A0020512.dll (ID = 91)
18:44:  C:\Programmer\Fælles filer\GMT\Gator.log (ID = 61386)
18:42:  C:\Programmer\Fælles filer\GMT\GMT.exe.manifest (ID = 61434)
18:36:  C:\Programmer\Fælles filer\CMEII\store\core\hfixcfg (ID = 61483)
18:36:  C:\Programmer\Fælles filer\CMEII\store\core\appmgrgui.zip (ID = 61281)
18:32:  C:\Program Files\Altnet\Download Manager\asmend.exe (ID = 49803)
18:31:  C:\Program Files\Altnet\Points Manager\LocalPages\local_start.html (ID = 49838)
18:31:  C:\Program Files\Altnet\Points Manager\LocalPages\altnet.css (ID = 49792)
18:12:  C:\Documents and Settings\Ejer\Skrivebord\sikkerhed, renseprogrammer\backups\backup-20070125-132308-859.dll (ID = 91)
18:12:  C:\NoLopBackups\7cde30.exe.01.infected (ID = 121)
18:11:  C:\System Volume Information\_restore{a760429d-b2c8-4a37-9c31-a7bfb448da32}\RP106\A0020393.exe (ID = 91)
18:05:  C:\System Volume Information\_restore{a760429d-b2c8-4a37-9c31-a7bfb448da32}\RP104\A0019236.exe (ID = 91)
17:57:  C:\Program Files\Altnet\Points Manager\Skin\message.xml (ID = 49847)
17:56:  C:\Program Files\Altnet\Points Manager\Skin\Help.xml (ID = 49830)
17:55:  C:\Program Files\Altnet\Points Manager\LocalPages\local_wallet.html (ID = 49840)
17:55:  C:\Program Files\Altnet\Points Manager\LocalPages\local_redeem.html (ID = 49840)
17:55:  C:\Program Files\Altnet\Points Manager\LocalPages\local_points.html (ID = 49840)
17:53:  C:\Program Files\Altnet\Points Manager\LocalPages\local_firstuse.html (ID = 49838)
17:52:  C:\Program Files\Altnet\Download Manager\jsinstall.cab (ID = 49835)
17:52:  C:\Program Files\Altnet\Download Manager\dminfo3.cab (ID = 49823)
17:44:  C:\System Volume Information\_restore{a760429d-b2c8-4a37-9c31-a7bfb448da32}\RP108\A0020540.exe (ID = 304)
17:30:  C:\Programmer\Fælles filer\CMEII\CMEDiagnostics.log (ID = 61291)
17:16:  C:\RECYCLER\S-1-5-21-348841013-3826629937-2930031589-1003\Dc1816.exe (ID = 121)
17:16:  Found Adware: lopdotcom
17:15:  C:\Program Files\Altnet\Download Manager\dminstall7.cab (ID = 49829)
17:02:  C:\Documents and Settings\All Users\Menuen Start\Programmer\DashBar (ID = 2147486343)
17:02:  Found Adware: dashbar
17:02:  C:\Documents and Settings\All Users\Menuen Start\Programmer\GAIN Publishing (2 subtraces) (ID = 2147486346)
17:02:  Found Adware: gain - common components
17:01: Starting File Sweep
17:01: Cookie Sweep Complete, Elapsed Time: 00:00:00
17:01:  c:\documents and settings\ejer\cookies\ejer@tradedoubler[2].txt (ID = 3575)
17:01:  Found Spy Cookie: tradedoubler cookie
17:01:  c:\documents and settings\ejer\cookies\ejer@toplist[2].txt (ID = 3557)
17:01:  c:\documents and settings\ejer\cookies\ejer@servlet[1].txt (ID = 3345)
17:01:  Found Spy Cookie: servlet cookie
17:01:  c:\documents and settings\ejer\cookies\ejer@msnportal.112.2o7[1].txt (ID = 1958)
17:01:  Found Spy Cookie: 2o7.net cookie
17:01:  c:\documents and settings\ejer\cookies\ejer@mediaplex[1].txt (ID = 6442)
17:01:  Found Spy Cookie: mediaplex cookie
17:01:  c:\documents and settings\ejer\cookies\ejer@lop[1].txt (ID = 2936)
17:01:  Found Spy Cookie: lopdotcom cookie
17:01:  c:\documents and settings\ejer\cookies\ejer@atdmt[2].txt

fra spysweeper

(ID = 2253)
17:01:  Found Spy Cookie: atlas dmt cookie
17:01:  c:\documents and settings\ejer\cookies\ejer@advertising[2].txt (ID = 2175)
17:01:  Found Spy Cookie: advertising cookie
17:01:  c:\documents and settings\ejer\cookies\ejer@adultfriendfinder[2].txt (ID = 2165)
17:01:  Found Spy Cookie: adultfriendfinder cookie
17:01:  c:\documents and settings\ejer\cookies\ejer@adtech[2].txt (ID = 2155)
17:01:  Found Spy Cookie: adtech cookie
17:01:  c:\documents and settings\ejer\cookies\ejer@ad.yieldmanager[2].txt (ID = 3751)
17:01:  Found Spy Cookie: yieldmanager cookie
17:01:  c:\documents and settings\lea\cookies\lea@toplist[1].txt (ID = 3557)
17:01:  Found Spy Cookie: toplist cookie
17:01: Starting Cookie Sweep
17:01: Registry Sweep Complete, Elapsed Time:00:06:23
17:01:  HKU\S-1-5-21-348841013-3826629937-2930031589-1003\software\sponsoradulto2\ (ID = 143576)
17:01:  Found Adware: syswebtelecom
17:01:  HKLM\software\classes\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\ (ID = 1236381)
17:01:  HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\ (ID = 1236265)
17:01:  Found Adware: errorsafe
17:01:  HKLM\software\classes\typelib\{27195441-54b0-4dd3-820c-699ac3ef8d37}\ (ID = 1219624)
17:01:  HKCR\typelib\{27195441-54b0-4dd3-820c-699ac3ef8d37}\ (ID = 1219546)
17:01:  HKLM\software\microsoft\windows\currentversion\uninstall\trustin bar\ (ID = 1213717)
17:01:  Found Adware: trustin bar
17:01:  HKLM\software\microsoft\windows\currentversion\uninstall\azesearch\ (ID = 1158361)
17:01:  HKLM\software\microsoft\drsmartload2\ (ID = 1134137)
17:01:  Found Adware: dollarrevenue
17:01:  HKLM\software\classes\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}\ (ID = 889510)
17:00:  HKLM\software\microsoft\code store database\distribution units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (ID = 147850)
17:00:  Found Adware: ist yoursitebar
16:59:  HKLM\software\saristar\ (ID = 140403)
16:59:  HKLM\software\classes\appid\saristar.dll\ (ID = 140398)
16:59:  HKCR\appid\{90a52f00-64ac-4dc6-9d7d-4516670275d0}\ (ID = 140394)
16:59:  HKCR\appid\saristar.dll\ (ID = 140393)
16:59:  Found Adware: saristar dialer
16:59:  HKLM\software\microsoft\windows\currentversion\uninstall\orbit\ (ID = 136515)
16:59:  Found Adware: orbit explorer
16:58:  Spy Installation Shield:  found: Adware: cws-aboutblank, version 1.0.0.0
16:56:  HKLM\software\classes\appid\{90a52f00-64ac-4dc6-9d7d-4516670275d0}\ (ID = 125069)
16:56:  Found Adware: dialer access
16:56:  Spy Installation Shield:  found: Adware: cws-aboutblank, version 1.0.0.0
16:55:  HKLM\software\classes\bookmark.bhomoneygainer.1\ (ID = 104353)
16:55:  HKLM\software\classes\bookmark.bhomoneygainer\ (ID = 104352)
16:55:  HKLM\software\iasadc\ (ID = 104351)
16:55:  HKCR\bookmark.bhomoneygainer.1\ (ID = 104347)
16:55:  HKCR\bookmark.bhomoneygainer\ (ID = 104346)
16:55:  Found Adware: bho_moneygainer
16:55:  HKCR\typelib\{dea43ce3-d57b-45f6-a4d1-110e652ced11}\ (ID = 103957)
16:55:  HKLM\software\microsoft\code store database\distribution units\{d7bf3304-138b-4dd5-86ee-491bb6a2286c}\ (ID = 103943)
16:55:  HKLM\software\loaderco\ (ID = 103942)
16:55:  HKLM\software\classes\typelib\{dea43ce3-d57b-45f6-a4d1-110e652ced11}\ (ID = 103934)
16:55:  HKLM\software\classes\addressbar.loader\ (ID = 103908)
16:55:  HKLM\software\classes\addressbar.loader.1\ (ID = 103907)
16:55:  HKCR\addressbar.loader\ (ID = 103885)
16:55:  HKCR\addressbar.loader.1\ (ID = 103884)
16:55:  Found Adware: azsearch toolbar
16:55:  HKCR\clsid\{3646c2bd-3554-49ca-8125-44deefb881de}\ (ID = 103462)
16:55:  HKCR\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}\ (ID = 103460)
16:55:  Found Adware: altnet
16:55: Starting Registry Sweep
16:55: Memory Sweep Complete, Elapsed Time: 00:01:57
16:53: Starting Memory Sweep
16:53: Sweep initiated using definitions version 691
16:53: Spy Sweeper 5.0.5.1286 started
16:53: |    Start of Session, 26 January 2007     |
********

Logfile of HijackThis v1.99.1
Scan saved at 20:17:37, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\HP DVD\Umbrella\DVDTray.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
C:\Programmer\HP\hpcoretech\comp\hptskmgr.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ejer\Skrivebord\sikkerhed, renseprogrammer\spywarefri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wpad.iha.dk/wpad.dat
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O4 - HKLM\..\Run: [UpdateManager] “C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM\..\Run: [Sunkist2k] “C:\Programmer\Multimedia Card Reader\shwicon2k.exe”
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] “nwiz.exe” /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] “C:\Programmer\HP\hpcoretech\hpcmpmgr.exe”
O4 - HKLM\..\Run: [DVDTray] “C:\Programmer\HP DVD\Umbrella\DVDTray.exe”
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM\..\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] “C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe” /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O8 - Extra context menu item: Send To &Bluetooth; - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sputnik.dk
O15 - Trusted Zone: *.tv2.dk
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://fyssrv02.udd.sembsc.dk/iNotes6W.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Documents and Settings\Administrator\Skrivebord\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\Ejer\Dokumenter\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\iPod Updater 2005-09-06\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmer\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe” -s “C:\Programmer\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Programmer\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe” “WMP54Gv4.exe (file missing)

Fix disse med HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} - http://www.thepaymentcentre.com/build/vbiewer.cab

O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab

O16 - DPF: {D62B5127-8D03-4175-BA71-E0041595DA4B} - http://03.sharedsource.org/html/TriacomUD_1.0.0.3ie.cab?

Genstart og fortæl, hvordan computeren ”kører

kan stadig ikke gå i fejlsikker tilstand,,,
er det en virus eller er mit windows smadret.. har ikke nævnt de andre ting der ikke virker. ( bl.a systemgendannelse)

kan jeg ikke lave en backup af de ting jeg har liggende og så geninstallere styresystemet.

En repair kan måske rette op på fejlen: http://www.spywareinfo.dk/#/tip-og-tricks/repair-xp.htm

har nu fjernet alle via hijackthis log
pånær denne som den ikke ville fixe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
kan stadig ikke gå i fejlsikker tilstand.
har pludselig fået svært ved at lukke system ned er vistnok IE der driller