HijackThis log

-- Hent Look2Me-Destroyer herfra:
http://www.atribune.org/ccount/click.php?id=7
...og gem værktøjet på dit Skrivebord.

--- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og kør Ewido - opdater programmet.

-- Klik på Start-kør. Skriv: Services.msc Tast OK.
Find følgende services, højreklik på dem og vælg egenskaber. Under starttype vælger du deaktiveret. Klik også på Stop:
"Windows Log"

-- Sletning af filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet herunder (nogle af dem er muligvis allerede blevet slettet af Hijackthis).
-------------------
Filer:
C:\WINDOWS\system32\nvsvcd.exe
---------------------------------------
Kør en fuld scanning med Ewido, og lad den slette det, den finder. Programmet laver en lille log, som du skal kopiere herind i dit næste svar.

-- Genstart til normal tilstand. Luk alle åbne programvinduer - inklusiv Internet Explorer.

-- Dobbeltklik på Look2Me-Destroyer, sæt et flueben i "Run this program as a task". Du får en meddelelse om, at Look2Me-Destroyer vil lukke og åbne efter 10 sekunder - klik på OK.

Når Look2Me-Destroyer genåbner - klik på "Scan for L2M" - dine ikoner forsvinder - klik "Remove L2M". Klik OK når du får meddelelsen "Done scanning".

Nu får du meddelelsen "Done removing infected files!. Programmet vil lukke din computer - klik OK. Nu skal du finde filen C:\Look2Me-Destroyer.txt og kopiere indholdet herind, sammen med en frisk HijackThis log.

-- Hvis din firewall vil blokere Look2Me-Destroyers adgang til nettet, så skal du lade programmet få adgang.

Hvis du får en runtime error 339, så skal du hente MSWINSCK.OCX herfra:
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
...og placere den i mappen C:\Windows\System32 Directory.

hvilke service?
Find følgende services, højreklik på dem og vælg egenskaber. Under starttype vælger du deaktiveret. Klik også på Stop:
"Windows Log"

"Windows Log"

hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 15:37:48, on 27-02-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136507522405
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)

Ewido log
---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            15:16:27, 27-02-2006
+ Rapport-Checksum:        D6F3E365

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Renset med backup
    [620] C:\WINDOWS\system32\mwjint40.dll -> Adware.Look2Me : Fejl under renselse
    [696] C:\WINDOWS\system32\mwjint40.dll -> Adware.Look2Me : Fejl under renselse
    :mozilla.9:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Doubleclick : Renset med backup
    :mozilla.11:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.12:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.13:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.14:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.15:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.16:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.17:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.18:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.19:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.20:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.21:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.22:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.23:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.24:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.25:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.26:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.27:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.28:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.29:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.30:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.37:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.38:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.39:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.40:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.41:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.42:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.44:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.45:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.46:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.47:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.48:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.62:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Webtrendslive : Renset med backup
    :mozilla.68:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.70:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Tribalfusion : Renset med backup
    :mozilla.71:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.72:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.73:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.74:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.77:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Valueclick : Renset med backup
    :mozilla.84:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.85:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.86:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.87:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.88:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.89:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.90:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.91:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.92:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.93:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.94:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.95:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.96:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.97:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.98:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.99:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.100:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.101:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.102:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexlist : Renset med backup
    :mozilla.103:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Sexlist : Renset med backup
    :mozilla.108:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Mediaplex : Renset med backup
    :mozilla.109:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Adtech : Renset med backup
    :mozilla.110:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Adtech : Renset med backup
    :mozilla.112:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Paycounter : Renset med backup
    :mozilla.116:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Webtrendslive : Renset med backup
    :mozilla.122:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Onestat : Renset med backup
    :mozilla.123:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Onestat : Renset med backup
    :mozilla.129:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Tradedoubler : Renset med backup
    :mozilla.148:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.149:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.153:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.154:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.155:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.156:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.159:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Specificclick : Renset med backup
    :mozilla.171:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.198:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Fastclick : Renset med backup
    :mozilla.199:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Fastclick : Renset med backup
    :mozilla.200:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Trafic : Renset med backup
    :mozilla.201:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.234:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.235:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.236:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.237:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.238:C:\Documents and Settings\Allan\Application Data\Mozilla\Firefox\Profiles\v2yg1zco.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    C:\Documents and Settings\Allan\Cookies\allan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.15:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Adserver : Renset med backup
    :mozilla.19:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Adserver : Renset med backup
    :mozilla.20:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Adserver : Renset med backup
    :mozilla.21:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Doubleclick : Renset med backup
    :mozilla.22:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Doubleclick : Renset med backup
    :mozilla.23:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.24:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.25:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.26:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.27:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Tribalfusion : Renset med backup
    :mozilla.28:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.31:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.32:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.33:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.46:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.47:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.48:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.49:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.50:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.51:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.52:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.53:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.54:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.55:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.56:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.57:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Mediaplex : Renset med backup
    :mozilla.60:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.61:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.62:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.63:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Sexcounter : Renset med backup
    :mozilla.67:C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Application Data\Mozilla\Firefox\Profiles\5kwt4nvl.default\cookies.txt -> TrackingCookie.Sexlist : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@2o7[2].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@adrevolver[1].txt -> TrackingCookie.Adrevolver : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@advertising[1].txt -> TrackingCookie.Advertising : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@as1.falkag[1].txt -> TrackingCookie.Falkag : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@atdmt[2].txt -> TrackingCookie.Atdmt : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@fastclick[2].txt -> TrackingCookie.Fastclick : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@linksynergy[2].txt -> TrackingCookie.Linksynergy : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@media.fastclick[1].txt -> TrackingCookie.Fastclick : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@mediaplex[1].txt -> TrackingCookie.Mediaplex : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@overture[1].txt -> TrackingCookie.Overture : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@sel.as-eu.falkag[2].txt -> TrackingCookie.Falkag : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@trafficmp[2].txt -> TrackingCookie.Trafficmp : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@valueclick[2].txt -> TrackingCookie.Valueclick : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Cookies\allan@z1.adserver[1].txt -> TrackingCookie.Adserver : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Lokale indstillinger\Temp\14exmodulah.exe -> Backdoor.IRCBot.nw : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Lokale indstillinger\Temp\24exmodulah.exe -> Backdoor.IRCBot.nw : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Lokale indstillinger\Temp\2B.tmp -> Proxy.Agent.hs : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Lokale indstillinger\Temp\33exmodulah.exe -> Backdoor.IRCBot.nw : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Lokale indstillinger\Temp\3exmodulah.exe -> Backdoor.IRCBot.nw : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Lokale indstillinger\Temp\62exmodulah.exe -> Backdoor.IRCBot.nw : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Lokale indstillinger\Temp\68exmodulah.exe -> Backdoor.IRCBot.nw : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Lokale indstillinger\Temp\jav29.tmp -> Proxy.Xorpix.p : Renset med backup
    C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Lokale indstillinger\Temp\~dfte14.tmp -> Dropper.Agent.abu : Renset med backup
    C:\gimmygames11.exe -> Downloader.Adload.u : Renset med backup
    C:\installerwebnex.exe -> Downloader.Qoologic.bh : Renset med backup
    C:\Programmer\Fælles filer\Microsoft Shared\Web Folders\ibm00001.dll -> Logger.Small.dg : Renset med backup
    C:\Programmer\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Renset med backup
    C:\WINDOWS\gimmygames11.exe -> Downloader.Adload.u : Renset med backup
    C:\WINDOWS\kl1.exe -> Dropper.Small.amd : Renset med backup
    C:\WINDOWS\osaupd.exe -> Downloader.Small.ckc : Renset med backup
    C:\WINDOWS\system\smss.exe -> Dropper.Agent.aim : Renset med backup
    C:\WINDOWS\system32\kjenffjf.exe -> Proxy.Wopla.q : Renset med backup
    C:\WINDOWS\system32\mmiole16.dll -> Adware.Look2Me : Renset med backup
    C:\WINDOWS\system32\ssldr32.dll -> Proxy.Agent.hs : Renset med backup
    C:\WINDOWS\system32\sysdb32.exe -> Downloader.Tiny.ba : Renset med backup
    C:\WINDOWS\system32\tcpb32.exe -> Dropper.Agent.aim : Renset med backup
    C:\WINDOWS\system32\wancp.dll -> Proxy.Agent.hs : Renset med backup
    C:\WINDOWS\Temp\1.tmp -> Proxy.Agent.hs : Renset med backup
    C:\WINDOWS\wupdmgr.exe -> Downloader.Small.ckc : Renset med backup


::Rapport slut

Du mangler lige at sende Look2Me-destroyer-loggen herind også.

Derudover vil jeg også gerne høre, om du havde problemer med at finde den service, som jeg havde angivet?

Look2me lavede ingen rapport.
Jeg fandt den service, men den var stoppet.

Ok, men servicen skal også deaktiveres (hvilket den ifølge HJT-loggen ikke er blevet endnu). Prøv derfor at gå ind i services igen, find servicen "Windows log", og sørg for at den er både stoppet og deaktiveret.

Angående den manglende log fra Destroyeren, så kan du lave én med et andet værktøj:
Hent L2mfix.exe herfra: http://www.atribune.org/downloads/l2mfix.exe

Gem filen på dit Skrivebord og dobbeltklik på l2mfix.exe. Klik på Install knappen og følg instruktionerne. Åben herefter den nye mappe der er dannet på dit Skrivebord (l2mfix). Dobbeltklik på l2mfix.bat og vælg option 1 (Run Find log) ved at taste "1" og "Enter". Din computer bliver nu scannet - efter et par minutter åbnes en tekstfil i Notesblok. Kopier indholdet herind.

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Egenskabsark for multimediefiler"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerstyring"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Sikkerhedsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskabsside for OLE-dokumentfil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rm"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security-side"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Udvidelsen Diskcopy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Gr‘nsefladeudvidelser til Microsoft Windows-netv‘rksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-sk‘rmstyring"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerstyring"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Gr‘nsefladeudvidelser til filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Gr‘nsefladeudvidelse til webudskrift"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontekstmenu til kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Rejsetaske"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-ikon"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Sikkerhedsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-filtype"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto signeringsfiltype"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netv‘rksforbindelser"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netv‘rksforbindelser"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-udvidelser til Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-dataforbindelse"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte opgaver"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Proceslinje og menuen Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›g"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="K›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internettet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="V‘rkt›jslinje til Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Webs›gning"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Redigeringsboks til adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-oversigtstjeneste"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Oversigt"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbillede til Internet Explorer 4-suiten"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internettet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-cachemappe"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Programstyring"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Opt‘lling af installerede programmer"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Udpakning af miniaturer til GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Dokumentinfo om miniaturehandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Udpakning af HTML-miniaturer"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Guiden Webudgivelse"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestil billedudskrift over World Wide Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objekt til guiden Webudgivelse"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Guiden F† et Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brugerkonti"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Genvej til kanal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappen Offlinefiler"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Efter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}"=""
"{D9B43248-EF7A-4740-92D2-766B446048FD}"=""
"{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}"=""
"{2236DB01-C604-4535-B989-22E58507F577}"=""
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}\InprocServer32]
@="C:\\WINDOWS\\system32\\hlpertrm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D9B43248-EF7A-4740-92D2-766B446048FD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9B43248-EF7A-4740-92D2-766B446048FD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9B43248-EF7A-4740-92D2-766B446048FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9B43248-EF7A-4740-92D2-766B446048FD}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdcz2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}\InprocServer32]
@="C:\\WINDOWS\\system32\\demsadsn.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2236DB01-C604-4535-B989-22E58507F577}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2236DB01-C604-4535-B989-22E58507F577}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2236DB01-C604-4535-B989-22E58507F577}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2236DB01-C604-4535-B989-22E58507F577}\InprocServer32]
@="C:\\WINDOWS\\system32\\idsso.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
  cmuda.dll      Thu 15 Dec 2005  18.48.20  A....        172.032  168,00 K
  d3dx9_28.dll  Mon  5 Dec 2005  18.09.18  A....      2.323.664    2,21 M
  divx_x~1.dll  Wed  7 Dec 2005  18.05.48  A....        663.552  648,00 K
  divx_x~2.dll  Wed  7 Dec 2005  18.05.48  A....        679.936  664,00 K
  divx_x~3.dll  Wed  7 Dec 2005  18.05.48  A....        679.936  664,00 K
  jtj607~1.dll  Sun 26 Feb 2006  19.56.08  A....        236.808  231,26 K
  nv4_disp.dll  Sat 10 Dec 2005  3.06.00  A....      3.955.456    3,77 M
  nvapi.dll      Sat 10 Dec 2005  3.06.00  A....        110.592  108,00 K
  nvcod.dll      Sat 10 Dec 2005  3.06.00  A....        35.840    35,00 K
  nvcodins.dll  Sat 10 Dec 2005  3.06.00  A....        35.840    35,00 K
  nvcpl.dll      Sat 10 Dec 2005  3.06.00  A....      7.311.360    6,97 M
  nvhwvid.dll    Sat 10 Dec 2005  3.06.00  A....        573.440  560,00 K
  nview.dll      Sat 10 Dec 2005  3.06.00  A....      1.466.368    1,40 M
  nvmccs.dll    Sat 10 Dec 2005  3.06.00  A....        229.376  224,00 K
  nvmccsrs.dll  Sat 10 Dec 2005  3.06.00  A....        45.056    44,00 K
  nvmctray.dll  Sat 10 Dec 2005  3.06.00  A....        86.016    84,00 K
  nvnt4cpl.dll  Sat 10 Dec 2005  3.06.00  A....        286.720  280,00 K
  nvoglnt.dll    Sat 10 Dec 2005  3.06.00  A....      5.402.624    5,15 M
  nvshell.dll    Sat 10 Dec 2005  3.06.00  A....        466.944  456,00 K
  nvwddi.dll    Sat 10 Dec 2005  3.06.00  A....        81.920    80,00 K
  nvwdmcpl.dll  Sat 10 Dec 2005  3.06.00  A....      1.662.976    1,59 M
  nvwimg.dll    Sat 10 Dec 2005  3.06.00  A....      1.019.904  996,00 K
  sirenacm.dll  Tue 24 Jan 2006  19.34.24  A....        118.784  116,00 K
  xinput~1.dll  Mon  5 Dec 2005  18.07.30  A....        61.136    59,70 K
  xvidcore.dll  Fri 30 Dec 2005  20.10.30  A....        761.856  744,00 K

25 items found:  25 files, 0 directories.
  Total of file sizes:  28.468.136 bytes    27,15 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Disken i drev C har ikke noget navn.
Diskens serienummer er 848B-9723

Indhold af C:\WINDOWS\System32

27-02-2006  15:27    <DIR>          Microsoft
06-01-2006  17:46    <DIR>          dllcache
              0 fil(er)                0 byte
              2 mappe(r)  49.809.448.960 byte ledig

Nå, der var faktisk et par rester tilbage endnu. Luk alle programmer - du vil om lidt blive bedt om at genstarte din computer.

Gå ind i mappen l2mfix, og find filen l2mfix.bat. Højreklik på den, og vælg "Rediger". Så åbner der sig et notesblok-vindue. Her taster du ctrl-h.

I feltet "Søg efter" skal du skriver: Administrateurs
I feltet "Erstat med" skal du skriver: Administratorer

Klik herefter på Erstat alle. Luk herefter søgemenuen ned, og gem filen l2mfix.bat, hvorefter du lukker notesblok-vinduet ned.

Herefter højreklikker du på second.bat (også i l2mfix-mappen), vælger "Rediger". Så åbner der sig et notesblok-vindue. Her taster du ctrl-h.

I feltet "Søg efter" skal du skriver: Administrateurs
I feltet "Erstat med" skal du skriver: Administratorer

Klik herefter på Erstat alle. Luk herefter søgemenuen ned, og gem filen second.bat, hvorefter du lukker notesblok-vinduet ned.

Fra mappen l2mfix skal du så køre l2mfix.bat igen - denne gang skal du vælge option 2 (Run Fix). Så går processen i gang. Dit skrivebord og ikoner vil forsvinde en tid. L2Mfix vil fortsætte med at scanne din computer, og når den er færdig vil den være klar til en genstart. Tryk en taste for at genstarte. Efter genstarten, vil Notepad åbnes med en ny log. Kopiér indholdet af denne log ind i denne tråd, sammen med en ny Hijackthis-log.

NB: Du må ikke køre andre af filerne i l2mfix mappen, før du er blevet bedt om det.

L2mfix 010406
Creating Account.
Kommandoen blev udf›rt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX  ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 556 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 644 'winlogon.exe'
Killing PID 644 'winlogon.exe'
Killing PID 644 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1356 'explorer.exe'
Killing PID 1356 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1544 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administratorer  ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok. 
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}\InprocServer32]
@="C:\\WINDOWS\\system32\\hlpertrm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D9B43248-EF7A-4740-92D2-766B446048FD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9B43248-EF7A-4740-92D2-766B446048FD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9B43248-EF7A-4740-92D2-766B446048FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9B43248-EF7A-4740-92D2-766B446048FD}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdcz2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}\InprocServer32]
@="C:\\WINDOWS\\system32\\demsadsn.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2236DB01-C604-4535-B989-22E58507F577}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2236DB01-C604-4535-B989-22E58507F577}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2236DB01-C604-4535-B989-22E58507F577}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2236DB01-C604-4535-B989-22E58507F577}\InprocServer32]
@="C:\\WINDOWS\\system32\\idsso.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}"=-
"{D9B43248-EF7A-4740-92D2-766B446048FD}"=-
"{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}"=-
"{2236DB01-C604-4535-B989-22E58507F577}"=-
[-HKEY_CLASSES_ROOT\CLSID\{4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93}]
[-HKEY_CLASSES_ROOT\CLSID\{D9B43248-EF7A-4740-92D2-766B446048FD}]
[-HKEY_CLASSES_ROOT\CLSID\{1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9}]
[-HKEY_CLASSES_ROOT\CLSID\{2236DB01-C604-4535-B989-22E58507F577}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
    zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
  adding: backregs/1C2CF1CA-0A5E-4DEC-998B-793A6D77EAE9.reg (212 bytes security) (deflated 70%)
  adding: backregs/2236DB01-C604-4535-B989-22E58507F577.reg (212 bytes security) (deflated 70%)
  adding: backregs/4B878F17-B5BA-4A0D-A0ED-8431BAD3CE93.reg (212 bytes security) (deflated 70%)
  adding: backregs/D9B43248-EF7A-4740-92D2-766B446048FD.reg (212 bytes security) (deflated 70%)
  adding: backregs/notibac.reg (164 bytes security) (deflated 76%)
  adding: backregs/shell.reg (164 bytes security) (deflated 73%)



Logfile of HijackThis v1.99.1
Scan saved at 18:11:09, on 27-02-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Documents and Settings\ALLAN.AP-0YAD621HZU3H\Skrivebord\hijackthis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136507522405
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Så blev den helt ren.

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser denne artikel om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Det kan også være en god ide at sørge for at alle Windows-opdateringer er lagt ind. Jeg vil også anbefale (nu hvor computeren er renset for snavs) at lægge Service Pack 2 ind, idet computeren bliver meget mere sikker ved det. Der har ganske vist været nogle problemer med den, men på nedenstående link er nogle tips til hvordan man undgår de fleste af problemerne:
http://windowsupdate.microsoft.com/
Undgå problemer med SP2: http://www.hcma.dk/tips1to10.htm#no4 (pkt. 13)
(Inden du installerer Sp2 kan du nøjes med bare at følge pkt. 1-4. Bliver der problemer kan du hente hjælp i de links som angives efterfølgende)

Takker mangen gange

Det var så lidt. Jeg takker for point.