Hjælp til at fjerne spyware!

Ork glemte loggen...

Logfile of HijackThis v1.99.1
Scan saved at 11:36:08, on 29-05-2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Java\jre1.5.0_01\bin\jucheck.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\LVComsX.exe
C:\WINDOWS\System32\intmon.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\DOCUME~1\Nikolaj\LOKALE~1\Temp\Rar$EX00.492\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp9A45.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [PSGuard] C:\Programmer\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {08B93CE3-692F-4217-81F5-E7C4E5595044} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {08B93CE3-692F-4217-81F5-E7C4E5595044} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {289BDD5E-83A1-40D0-B6DC-B08CB60E8C82} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {289BDD5E-83A1-40D0-B6DC-B08CB60E8C82} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {42D0878A-CC57-4D42-B893-5E69E2C401C0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {42D0878A-CC57-4D42-B893-5E69E2C401C0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {57CD3A1A-C6D4-4BD8-AA64-BBE0C0F39555} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {57CD3A1A-C6D4-4BD8-AA64-BBE0C0F39555} - (no file) (HKCU)
O9 - Extra button: MG Casino - {6234f700-cba3-4071-b251-47cb894244cd} - http://www.all-find.org/MGCasino/SetupCasino.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: MG Casino - {6234f700-cba3-4071-b251-47cb894244cd} - http://www.all-find.org/MGCasino/SetupCasino.exe (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110297808288
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - AppInit_DLLs:  c:\windows\system32\hk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

tjekker den nu

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

----------------------

Ewido skal du downloade her: http://www.ewido.net/en/download/
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet, (men lad være med at scanne endnu).

-----------------------

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.updatesearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/

O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp9A45.tmp

O4 - HKLM\..\Run: [PSGuard] C:\Programmer\PSGuard\PSGuard.exe

O20 - AppInit_DLLs:  c:\windows\system32\hk.dll

--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Genstart computeren i fejlsikret tilstand(f8 ved opstart)
Find og slet disse manuelt :

C:\Programmer\PSGuard<-hele mappen
c:\windows\system32\hk.dll

-----------------------------

Stadig i fejlsikret:
Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

-------------------------------

Stadig i fejlsikret:
Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange. Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Så genstarter du computeren  og laver en ny hijackthis log, som du lægger herind sammen med reporten fra Ewido

Logfile of HijackThis v1.99.1
Scan saved at 22:02:10, on 29-05-2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\intmonp.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmer\Java\jre1.5.0_01\bin\jucheck.exe
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\Nikolaj\LOKALE~1\Temp\Rar$EX00.312\HijackThis.exe

F2 - REG:system.ini: Shell=
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {08B93CE3-692F-4217-81F5-E7C4E5595044} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {08B93CE3-692F-4217-81F5-E7C4E5595044} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {289BDD5E-83A1-40D0-B6DC-B08CB60E8C82} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {289BDD5E-83A1-40D0-B6DC-B08CB60E8C82} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {42D0878A-CC57-4D42-B893-5E69E2C401C0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {42D0878A-CC57-4D42-B893-5E69E2C401C0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {57CD3A1A-C6D4-4BD8-AA64-BBE0C0F39555} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {57CD3A1A-C6D4-4BD8-AA64-BBE0C0F39555} - (no file) (HKCU)
O9 - Extra button: MG Casino - {6234f700-cba3-4071-b251-47cb894244cd} - http://www.all-find.org/MGCasino/SetupCasino.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: MG Casino - {6234f700-cba3-4071-b251-47cb894244cd} - http://www.all-find.org/MGCasino/SetupCasino.exe (file missing) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110297808288
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Og...


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            21:56:29, 29-05-2005
+ Report-Checksum:        3B3A028B

+ Date of database:        29-05-2005
+ Version of scan engine:    v3.0

+ Duration:                70 min
+ Scanned Files:            85285
+ Speed:                20.13 Files/Second
+ Infected files:            33
+ Removed files:            33
+ Files put in quarantine:        33
+ Files that could not be opened:    0
+ Files that could not be cleaned:    0

+ Binder:        Yes
+ Crypter:        Yes
+ Archives:        Yes

+ Scanned items:
    C:\
    D:\
    E:\

+ Scan result:
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@5073161[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@ad.ir[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@ads.vnuemedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@as1.falkag[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@cz3.clickzs[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@cz4.clickzs[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@cz5.clickzs[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@cz8.clickzs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@dcs2omr9fpifwznrgv67zf9ub_7p8i[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@drunkendelight.freestats[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@image.masterstats[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@network[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@rb4.al4a[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@spms.bpath[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@www.sublimedirectory[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Cookies\nikolaj@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\Nikolaj\Lokale indstillinger\Temp\Midlertidig mappe 3 for msnblockdetect.zip\MSNBlockDetect.exe.mwt -> Backdoor.Optix.Pro.f -> Cleaned with backup
    C:\Programmer\BearShare\Installer\saveinstwm.exe -> Spyware.SaveNow.z -> Cleaned with backup
    C:\Programmer\Virtual Maid\Virtual Maid.dll -> Spyware.MaidBar -> Cleaned with backup
    C:\WINDOWS\system32\hhk.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
    C:\WINDOWS\system32\LogFiles\UT5172000.so -> TrojanDownloader.Agent.ns -> Cleaned with backup
    C:\WINDOWS\system32\msmsgs.exe -> Trojan.Agent.ed -> Cleaned with backup
    C:\WINDOWS\system32\oleadm.dll -> TrojanDownloader.Agent.ns -> Cleaned with backup
    C:\WINDOWS\system32\shnlog.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
    C:\WINDOWS\system32\syst1.exe -> TrojanDownloader.Small.anx -> Cleaned with backup
    C:\WINDOWS\system32\winnook.exe -> Trojan.TopAntiSpyware.l -> Cleaned with backup
    E:\Incomming\msnblockdetect.zip.mwt/MSNBlockDetect.exe -> Backdoor.Optix.Pro.f -> Cleaned with backup


::Report End

Ja, det hjalp meget på den.

Der er lige en enkelt du skal fixe, for at den er hel ren..

Fix i hijackthis:

F2 - REG:system.ini: Shell=

Derefter:
Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

Meget vigtigt:
Hent og installer Sp2 til Windows og IE her:
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/
Gå derefter ind på windows update http://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=da
og hent alt hvad der ligger af opdateringer der.

Mange tak for hjælpen mester!

Velbekommen