Virus fra spm. 558496 er der igen

desuden når jeg scanner med Trend Micro's online scanner fortæller den at der er en virus : TROJ_AGENT.EG som er "Non Cleanable"!... what to do?

Nu skal jeg kigge på den for dig - vender tilbage så hurtigt jeg kan *S*

Download denne engangsscanner til dit skrivebord - den skal du bruge senere - tryk på gem.
http://www.spywareinfo.dk/download/mwav.exe

Du skal nu i gang med at fixe, men først skal du lige gøre følgende:

Åbn en mappe, klik i menuen på Funktioner > Mappeindstillinger > Vis
Fjern flueben ved "Skjul beskyttede operativsystemfiler"
Fjern flueben ved "Skjul filtypenavne for kendte filtyper"
Sæt prik i "Vis skjulte filer og mapper"

Så genstarter du til fejlsikker tilstand (tryk på <F8> når maskinen starter op, lige inden den begynder at indlæse Windows) og kører programmet HijackThis.
Du får herunder nogle filer som du skal fixe og det du skal gøre er, at sætte vinge ud for alle disse filer. Når du har gjort det så lukker du alle andre vinduer ned. Det er meget vigtigt, at det eneste vindue som er åbent er HijackThis vinduet. Husk også at lukke dette vindue (din Internet browser) når du har markeret filerne. Nu må du fixe. Klik på <Fix cheked>.

Her er de filer, du skal fixe. HUSK at dobbelttjekke så ALT kommer med:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=131712
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=131712
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=131712
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=131712
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.altavista.com/
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch

O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKCU\..\Run: [Ueur] C:\Documents and Settings\Administrator\Application Data\amus.exe
O4 - HKCU\..\Run: [Ipofddfr] C:\WINNT\system32\w?nlogon.exe
O4 - HKCU\..\Run: [ixplore] "C:\Program Files\Internet Explorer\ixplore.exe"

O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://ocx3.advnt01.com/dialer/internazionale_ver3.CAB
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} - http://www.bundleware.com/activeX/BM2/BM2.dll
------------------------------------------------------------------------------------------------------------------------

Derefter genstarter du (stadig i fejlsikker) - finder og sletter det herunder markerede:
Brug evt. Start > Søg > Alle filer og mapper > indsæt det markerede i feltet og tryk på søg.

C:\Program Files\Internet Explorer\ixplore.exe >>>> FILEN
C:\WINNT\system32\w?nlogon.exe >>>> FILEN
C:\Documents and Settings\Administrator\Application Data\amus.exe >>>> FILEN

C:\Program Files\Internet Optimizer >>>> HELE MAPPEN
C:\Program Files\ISTbar >>>> HELE MAPPEN
------------------------------------------------------------------------------------------------------------------------

Kør nu engangs-antivirusscanneren fra Kaspersky som du hentede i starten. Programmet pakker sig selv ud og starter med det samme - sæt flueben i følgende:
<Memory>, <Starup Folders>, <Drive>, <Registry>, <System Folders> og <Services>
Sæt prik i følgende: <All Local Drives> og <Scan All Files>
Klik nu på knappen <Scan>

Derefter genstarter du normalt, scanner med HijackThis, gemmer loggen og kopierer indholdet af den herind *S*

Er det en skrivefejl at der står w?nlogon.exe... ??? der er en der hedder winlogon.exe, men den kan ikke slettes fordi et andet program bruger den?!? og ja, jeg er i fejlsikret tilstand!
desuden kørte jeg Kaperskys - den laver følgende log... skal jeg så manuelt slette filerne eller hvad (den siger "No Action Taken")?? --->


File C:\WINNT\system32\gnbfihc.exe infected by "TrojanDownloader.Win32.Agent.ae" Virus. Action Taken: File Deleted.
File C:\WINNT\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\WINNT\preInsln.exe tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\WINNT\SETBB.tmp tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\WINNT\system32\aactres.dll tagged as not-a-virus:AdWare.Look2Me.k. No Action Taken.
File C:\WINNT\system32\abaamon.dll tagged as not-a-virus:AdWare.Look2Me.k. No Action Taken.
File C:\WINNT\system32\abvpack.dll tagged as not-a-virus:AdWare.Look2Me.k. No Action Taken.
File C:\WINNT\system32\adaamon.dll tagged as not-a-virus:AdWare.Look2Me.k. No Action Taken.
File C:\WINNT\system32\adsetupc.dll tagged as not-a-virus:AdWare.Look2Me.k. No Action Taken.
File C:\WINNT\system32\agsldpc.dll tagged as not-a-virus:AdWare.Look2Me.k. No Action Taken.
File C:\WINNT\system32\aotiveds.dll tagged as not-a-virus:AdWare.Look2Me.k. No Action Taken.
File C:\WINNT\system32\attxprxy.dll tagged as not-a-virus:AdWare.Look2Me.k. No Action Taken.
File C:\WINNT\system32\aylui.dll tagged as not-a-virus:AdWare.Look2Me.k. No Action Taken.
File C:\WINNT\system32\aztiveds.dll tagged as not-a-virus:AdWare.Look2Me.k. No Action Taken.
File C:\Documents and Settings\Administrator\Desktop\backups\backup-20041106-141058-112.dll tagged as not-a-virus:AdWare.WinAD. No Action Taken.
File C:\Documents and Settings\Administrator\Desktop\backups\backup-20041106-141100-383.dll tagged as not-a-virus:AdWare.MediaTickets.d. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.dk" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Administrator\Local Settings\Temp\powerscan.exe tagged as not-a-virus:AdWare.PowerScan.b. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI26ED.tmp\localNrd.cab tagged as not-a-virus:AdWare.BiSpy.n. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI26ED.tmp\localNRD.dll tagged as not-a-virus:AdWare.BiSpy.n. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI26ED.tmp\preInsln.exe tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI2710.tmp\multimpp.cab tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI2710.tmp\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI2710.tmp\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI29E0.tmp\multimpp.cab tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI29E0.tmp\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI29E0.tmp\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI3F91.tmp\multimpp.cab tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI3F91.tmp\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI3F91.tmp\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI40F1.tmp\preInsTT.exe tagged as not-a-virus:AdWare.BiSpy.f. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI40F1.tmp\twaintec.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI410.tmp\multimpp.cab tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI410.tmp\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI410.tmp\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI4111.tmp\preInsTT.exe tagged as not-a-virus:AdWare.BiSpy.f. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI4111.tmp\twaintec.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI4CE0.tmp\multimpp.cab tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI4CE0.tmp\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI4CE0.tmp\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI561.tmp\localNrd.cab tagged as not-a-virus:AdWare.BiSpy.n. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI561.tmp\localNRD.dll tagged as not-a-virus:AdWare.BiSpy.n. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI561.tmp\preInsln.exe tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI5651.tmp\multimpp.cab tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI5651.tmp\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI5651.tmp\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI5B0E.tmp\multimpp.cab tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI5B0E.tmp\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI5B0E.tmp\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI6790.tmp\multimpp.cab tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI6790.tmp\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI6790.tmp\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI6BE9.tmp\multimpp.cab tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI6BE9.tmp\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI6BE9.tmp\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI7891.tmp\multimpp.cab tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI7891.tmp\multimpp.dll tagged as not-a-virus:AdWare.BiSpy.o. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THI7891.tmp\preInMPP.exe tagged as not-a-virus:AdWare.BiSpy.q. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THIA5D.tmp\ceres.cab infected by "TrojanDownloader.Win32.Agent.ae" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Administrator\Local Settings\Temp\THIA5D.tmp\polall1c.exe infected by "TrojanDownloader.Win32.Agent.ae" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Administrator\Local Settings\Temp\webrebates.exe tagged as not-a-virus:AdWare.WebRebates.d. No Action Taken.
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\B7KB9B6A\thnall1l[1].exe tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\holi1299859.exe tagged as not-a-virus:PornWare.Dialer.Holistyc.gen. No Action Taken.
File C:\Program Files\Internet Explorer\calc.exe tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\Program Files\SideFind\sidefind.dll tagged as not-a-virus:AdWare.ToolBar.SideFind. No Action Taken.
File C:\temp\lc.exe tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\temp\msbb.exe tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\temp\msbbhook.dll tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\temp\WebRebates_Auto_InstallSilent_Euro.exe tagged as not-a-virus:AdWare.WebRebates.b. No Action Taken.

Hej igen *S*
Du skal ikke foretage dig yderligere med hensyn til sletning af filer endnu.

Genstart lige din maskine normalt, scan med HijackThis, gem loggen og kopier indholdet herind

Ny HJ-log

---------
Logfile of HijackThis v1.98.2
Scan saved at 16:13:01, on 29-11-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Kaspersky\mwavscan.com
C:\WINNT\system32\internat.exe
C:\Palm\hotsync.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\WINNT\System32\svchost.exe
C:\Kaspersky\kavss.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINNT\ceres.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.novocorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.novocorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.novocorp.net

Kør HijackThis og fix:
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/dialer/internazionale_ver4.CAB

Genstart i fejlsikker tilstand - find og slet følgende filer hvis de er på computeren.
Brug Start > Søg > Alle filer og mapper > Klik på "Flere avancerede indstillinger" og sæt flueben i de tre øverste > indsæt filnavnene som står herunder, et af gangen i søgefeltet og tryk på søg:

gnbfihc.exe
preInMPP.exe
preInsln.exe
SETBB.tmp
aactres.dll
abaamon.dll
abvpack.dll
adaamon.dll
adsetupc.dll
agsldpc.dll
aotiveds.dll
attxprxy.dll
aylui.dll
aztiveds.dll
backup-20041106-141058-112.dll
backup-20041106-141100-383.dll
thnall1l[1].exe
holi1299859.exe
calc.exe

SLET denne mappe:
File C:\Program Files\SideFind >>>> MAPPEN

TØM disse mapper:
C:\temp >>>> MAPPEN skal TØMMES (IKKE slettes)
C:\Documents and Settings\Administrator\Local Settings\Temp >>>> MAPPEN skal TØMMES (IKKE slettes)

Genstart normalt > Ny log tak *S*

ny HJ-log
---------
Logfile of HijackThis v1.98.2
Scan saved at 15:12:58, on 30-11-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Kaspersky\mwavscan.com
C:\WINNT\system32\internat.exe
C:\Palm\hotsync.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\Kaspersky\kavss.exe

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINNT\ceres.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.novocorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.novocorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.novocorp.net

Så vidt jeg kan bedømme, er loggen nu ren.

Efter sådan en tur skal der ryddes grundigt op - følg derfor nedenstående:

Sæt dine mappeindstillinger tilbage til standard:
Åbn en mappe, klik i menuen øverst oppe på Funktioner > Mappeindstillinger > Vis
Sæt flueben ved "Skjul beskyttede operativsystemfiler"
Sæt flueben ved "Skjul filtypenavne for kendte filtyper"
Fjern prik i "Vis skjulte filer og mapper"

Browser cachen skal også renses - gør følgende:
1. Klik i menuen øverst oppe på Funktioner > Internetindstillinger
2. Under midlertidige filer, klik på "Slet cookies"
3. Under midlertidige filer, klik på "Slet filer" – sæt flueben i "Slet alt offline indhold"
4. Under Oversigten, klik på "Ryd oversigten"
5. Klik på "Ok"

Slut af med, at tømme papirkurven.

Lidt råd med på vejen herfra skal du da også have:
For at sikre din pc fremover ville det være en god idé at bruge nogle af programmerne fra pakken som du kan se her - http://www.spywarefri.dk/pakken.htm

Jeg anbefaler:
Spybot/og eller Ad-Aware, SpywareBlaster, IE Privacy Keeper/eller EmtyTempFolders, IE-Spyad og SpywareGuard som minimum. De er alle gratis (dog KUN til privat brug), fylder ikke meget, sløver ikke din pc og konflikter ikke med dine andre programmer.

Ønsker du ikke mange små programmer kan du i stedet købe et program som Spy Sweeper. Det ligger også i pakken, hvor du kan læse lidt mere om det. Der ligger også et link til en dansk manual. Jeg kan varmt anbefale programmet.

jeg kan kun sige én ting: "VERDENSKLASSE!"... mange tak for god hjælp!!!

/Casper

Mange tak for point, samt de rosende ord ;-)