Hej igen.
Det var lige ved at koste computeren livet at køre fixwareout:-) Den påstod at der ingen bootdevice var. Men jeg fik reddet den ved at slukke på knappen/tage strømmen og prøve igen. phew:-/
Hermed de logs du har udbedt dig

Logfile of HijackThis v1.99.1
Scan saved at 19:58:51, on 23-04-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
f:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Programmer\Executive Software\DiskeeperLite\DKService.exe
f:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
f:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
F:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Programmer\PowerISO\PWRISOVM.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Microsoft IntelliPoint\ipoint.exe
F:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\Programmer\LocalCooling\localcooling.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe
F:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Tom\Skrivebord\spywarefri\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] “C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SystemGuardAlerter] “f:\Programmer\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe”
O4 - HKLM\..\Run: [ioloDelayModule] f:\Programmer\iolo\System Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [ATICCC] “C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe”
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [type32] “C:\Programmer\Microsoft IntelliType Pro\type32.exe”
O4 - HKLM\..\Run: [DAEMON Tools] “C:\Programmer\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM\..\Run: [TkBellExe] “C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe”  -osboot
O4 - HKLM\..\Run: [IntelliPoint] “C:\Programmer\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM\..\Run: [DefragTaskBar] “f:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe”
O4 - HKLM\..\Run: [LocalCooling] “C:\Programmer\LocalCooling\localcooling.exe” -s
O4 - HKLM\..\Run: [ZoneAlarm Client] “C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM\..\Run: [SPAMfighter Agent] “C:\Programmer\SPAMfighter\SFAgent.exe” update delay 60
O4 - HKLM\..\Run: [CTSysVol] C:\Programmer\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [CloneCDTray] “C:\Programmer\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM\..\Run: [Windows Defender] “C:\Programmer\Windows Defender\MSASCui.exe” -hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe”
O4 - HKCU\..\Run: [SMSystemAnalyzer] “f:\Programmer\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe”
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\Tom\LOKALE~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: AshampooDefragService -  - f:\Programmer\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe” /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe” /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmer\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - f:\Programmer\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: lxcf_device -  - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - f:\Programmer\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - f:\Programmer\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ “System”=””
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL’S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe”
“Zone Labs Client”=”\“C:\\Programmer\\Zone Labs\\ZoneAlarm\\zlclient.exe\”“
“NeroFilterCheck”=“C:\\Programmer\\Fælles filer\\Ahead\\Lib\\NeroCheck.exe”
“SystemGuardAlerter”=”\“f:\\Programmer\\iolo\\System Mechanic Professional 6\\SystemGuardAlerter.exe\”“
“ioloDelayModule”=“f:\\Programmer\\iolo\\System Mechanic Professional 6\\delay.exe”
“ATICCC”=”\“C:\\Programmer\\ATI Technologies\\ATI.ACE\\CLIStart.exe\”“
“PWRISOVM.EXE”=“C:\\Programmer\\PowerISO\\PWRISOVM.EXE”
“type32”=”\“C:\\Programmer\\Microsoft IntelliType Pro\\type32.exe\”“
“DAEMON Tools”=”\“C:\\Programmer\\DAEMON Tools\\daemon.exe\” -lang 1033”
“TkBellExe”=”\“C:\\Programmer\\Fælles filer\\Real\\Update_OB\\realsched.exe\”  -osboot”
“IntelliPoint”=”\“C:\\Programmer\\Microsoft IntelliPoint\\ipoint.exe\”“
“DefragTaskBar”=”\“f:\\Programmer\\Ashampoo\\Ashampoo Magical Defrag 2\\bin\\defragTaskBar.exe\”“
“LocalCooling”=”\“C:\\Programmer\\LocalCooling\\localcooling.exe\” -s”
“ZoneAlarm Client”=”\“C:\\Programmer\\Zone Labs\\ZoneAlarm\\zlclient.exe\”“
“SPAMfighter Agent”=”\“C:\\Programmer\\SPAMfighter\\SFAgent.exe\” update delay 60”
“CTSysVol”=“C:\\Programmer\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r”
“LXCFCATS”=“rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCFtime.dll,_RunDLLEntry@16”
“CloneCDTray”=”\“C:\\Programmer\\SlySoft\\CloneCD\\CloneCDTray.exe\” /s”
“!AVG Anti-Spyware”=”\“C:\\Programmer\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\” /minimized”
“Windows Defender”=”\“C:\\Programmer\\Windows Defender\\MSASCui.exe\” -hide”

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=”\“C:\\Programmer\\Fælles filer\\Ahead\\lib\\NMBgMonitor.exe\”“
“SMSystemAnalyzer”=”\“f:\\Programmer\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\”“
“ctfmon.exe”=“C:\\WINDOWS\\system32\\ctfmon.exe”
“Steam”=”“
“SUPERAntiSpyware”=“C:\\DOCUME~1\\Tom\\LOKALE~1\\Temp\\SSUPDATE.EXE Software\\SUPERAntiSpyware.com\\SUPERAntiSpyware”
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

[04/21/2007, 1:32:43] - VirtumundoBeGone v1.5 ( “C:\Documents and Settings\Tom\Skrivebord\VirtumundoBeGone.exe” )
[04/21/2007, 1:32:47] - Detected System Information:
[04/21/2007, 1:32:47] -  Windows Version: 5.1.2600, Service Pack 2
[04/21/2007, 1:32:47] -  Current Username: Tom (Admin)
[04/21/2007, 1:32:47] -  Windows is in NORMAL mode.
[04/21/2007, 1:32:48] - Searching for Browser Helper Objects:
[04/21/2007, 1:32:48] - Finished Searching Browser Helper Objects
[04/21/2007, 1:32:48] - Finishing up…
[04/21/2007, 1:32:48] - Nothing found! Exiting…

[04/21/2007, 3:15:34] - VirtumundoBeGone v1.5 ( “C:\Documents and Settings\Tom\Skrivebord\VirtumundoBeGone.exe” )
[04/21/2007, 3:15:36] - Detected System Information:
[04/21/2007, 3:15:36] -  Windows Version: 5.1.2600, Service Pack 2
[04/21/2007, 3:15:37] -  Current Username: Tom (Admin)
[04/21/2007, 3:15:37] -  Windows is in NORMAL mode.
[04/21/2007, 3:15:37] - Searching for Browser Helper Objects:
[04/21/2007, 3:15:37] - Finished Searching Browser Helper Objects
[04/21/2007, 3:15:37] - Finishing up…
[04/21/2007, 3:15:37] - Nothing found! Exiting…

[04/21/2007, 3:19:53] - VirtumundoBeGone v1.5 ( “C:\Documents and Settings\Tom\Skrivebord\VirtumundoBeGone.exe” )
[04/21/2007, 3:19:55] - Detected System Information:
[04/21/2007, 3:19:55] -  Windows Version: 5.1.2600, Service Pack 2
[04/21/2007, 3:19:55] -  Current Username: Tom (Admin)
[04/21/2007, 3:19:55] -  Windows is in SAFE mode.
[04/21/2007, 3:19:55] - Searching for Browser Helper Objects:
[04/21/2007, 3:19:55] - Finished Searching Browser Helper Objects
[04/21/2007, 3:19:55] - Finishing up…
[04/21/2007, 3:19:55] - Nothing found! Exiting…

[04/23/2007, 19:57:37] - VirtumundoBeGone v1.5 ( “C:\Documents and Settings\Tom\Skrivebord\VirtumundoBeGone.exe” )
[04/23/2007, 19:57:40] - Detected System Information:
[04/23/2007, 19:57:40] -  Windows Version: 5.1.2600, Service Pack 2
[04/23/2007, 19:57:40] -  Current Username: Tom (Admin)
[04/23/2007, 19:57:40] -  Windows is in NORMAL mode.
[04/23/2007, 19:57:40] - Searching for Browser Helper Objects:
[04/23/2007, 19:57:40] - Finished Searching Browser Helper Objects
[04/23/2007, 19:57:40] - Finishing up…
[04/23/2007, 19:57:40] - Nothing found! Exiting…

?    C:\WINDOWS\system32\drivers\sptd.sys                                                 Processen kan ikke få adgang til filen, da den bruges af en anden proces.
?    srescan.sys                                                                   Den angivne fil blev ikke fundet.
?    System32\Drivers\a699vfqc.SYS                                                       Den angivne sti blev ikke fundet.
?    C:\WINDOWS\system32\Drivers\mchInjDrv.sys                                               Den angivne fil blev ikke fundet.

der er ikke nogen linje med modules?

Ok, det ser fint ud. Der er ikke mere at komme efter i logsene. Hvordan kører computeren?

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
http://www.spywareinfo.dk/download/cleantempxp2k.bat
—————————————-

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

Du er simpelthen for sej. 100000000 tak for hjælpen. Den kører som en svedske:-) jeg kan godt styre at kunne se se de skjulte filer. Jeg sletter ikke noget uden at have spurgt jer først:-P angående sikkerhedspakken har/havde jeg allerede de fleste. Men tak alligevel. Gad vide hvor jeg havde været uden jer/dig:-))

Bemærk at tråden har skiftet side

Dejligt at høre, at det har hjulpet . Jeg lukker så her, og du er velkommen igen en anden gang, hvis du får brug for det.