Tjek lige min log !

-- Hent S!Ri's SmitfraudFix.zip og pak det ud til dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.

-- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og opdater programmet, men vent med at scanne.

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Kør en fuld scanning med Ewido, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra Ewido og loggen fra SmitfraudFix (C:\rapport.txt).

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            02:31:07, 25-05-2006
+ Rapport-Checksum:        3341E6FB

+ Scanningsresultat:
    C:\Documents and Settings\Peter Als\Cookies\peter als@122.2o7[2].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@ad.adocean[2].txt -> TrackingCookie.Adocean : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@ads1.revenue[1].txt -> TrackingCookie.Revenue : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@burstnet[2].txt -> TrackingCookie.Burstnet : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@com[1].txt -> TrackingCookie.Com : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfk4cndzcdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfk4epdpodq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfk4oiajmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfk4oocpoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfk4shdpilp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfk4sjc5kaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfk4uocpiko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfk4upd5sfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfkiehcpcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfkielczggq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfkikjazsbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfkywlc5wap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfkywod5gho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfl4anczidp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfl4cgajebq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfl4qndpcap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfl4smc5sep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfl4uocjgeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfl4wodzgho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wflicidjeao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wflielajgfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfloakdpsbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfloqjdzwfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wflouhdpmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfmicnd5ocp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfmiskaziap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wfmyqicpskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgkiomc5gdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgkiwmajafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgkoelcjmcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgkooidpseo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgkyejcpwdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgkyemcjekp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgkykmcjslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgkykoc5icp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgkyomazafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgliokajeeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wglycpazolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wgmikncpago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6whkiaicpmao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6whkiqlc5ecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6whkiskajkgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjk4wkdzsgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjkoegd5obp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjkoqmcpmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjkospdjedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjkouicjmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjkyeid5eaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjkygjdjido.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjkykmdjoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjkyulczmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjkyuoajccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjkywgdjmaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjl4apajmdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjl4qpd5ego.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjliwhc5ilo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjlochcjelq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjlycjdjoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjlyggcjckq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjlysmdpmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjmiomcpcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjmiqmdpmcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjmiuhdzsdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjmiwgc5ebp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjmyspdjgdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjmyuhcpsfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjny-1gajsh.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjny-1pcjgb.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjnyehd5ibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjnyghdziko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjnygidjcao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjnygldpago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjnygncpgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjnyohc5iko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjnyojcjkgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjnyonczsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@e-2dj6wjnywlcjegp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@idg.adocean[2].txt -> TrackingCookie.Adocean : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@ivwbox[1].txt -> TrackingCookie.Ivwbox : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@paypopup[2].txt -> TrackingCookie.Paypopup : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@tacoda[1].txt -> TrackingCookie.Tacoda : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@web-stat[1].txt -> TrackingCookie.Web-stat : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@webstat[2].txt -> TrackingCookie.Web-stat : Renset med backup
    C:\Documents and Settings\Peter Als\Cookies\peter als@yadro[1].txt -> TrackingCookie.Yadro : Renset med backup
    C:\Documents and Settings\Peter Als\Lokale indstillinger\Temp\ICD2.tmp\UERSK_0001_N68M2202NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Renset med backup
    C:\WINDOWS\Downloaded Program Files\UERSK_0001_N68M2202NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Renset med backup


::Rapport slut




Logfile of HijackThis v1.99.1
Scan saved at 02:36:10, on 25-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Peter Als\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmer\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmer\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programmer\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


SmitFraudFix v2.47

Scan done at 23:11:27,39, 24-05-2006
Run from C:\Documents and Settings\Peter Als\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\system32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\system32\wfkduei.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\regperf.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\wfkduei.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\system32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\system32\wfkduei.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End



Det skulle vist være det !

Download og gem denne scanner på skrivebordet. Du skal ikke aktivere den endnu.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Kig denne vejledning grundigt igennem.
http://fromsej.dk/Vejledninger/html/drweb.html
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), kør Dr.Web.

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

---------------------------------------
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.
---------------------------------------
Genstart normalt og kom med en frisk Hijackthislog.

Så har jeg gjort det du skrev, så her er først det nederst del af drweb32w.log

Scan statistics

Objects scanned: 427536
Infected objects found: 3
Objects with modifications found: 1
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 3
Objects cured: 0
Objects deleted: 3
Objects renamed: 3
Objects moved: 0
Objects ignored: 0
Scan speed: 130 Kb/s
Scan time: 04:36:18



Total session statistics

Objects scanned: 428086
Infected objects found: 3
Objects with modifications found: 1
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 3
Objects cured: 0
Objects deleted: 3
Objects renamed: 3
Objects moved: 0
Objects ignored: 0
Scan speed: 135 Kb/s
Scan time: 04:36:58


og


Logfile of HijackThis v1.99.1
Scan saved at 18:07:54, on 25-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\HP\hpcoretech\comp\hptskmgr.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Peter Als\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmer\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmer\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmer\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: desktop(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Programmer\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Hvis du kan finde flere udnødvendige ting i hijacklogget, så kom bare med dem, så kan jeg slettet dem !!

Så er din log ren, vi behøver ikke se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere den.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

tak for hjælpen, har deaktiveret systemgendannelse og scanner maskinen for virus lige nu !

Lige en ting, jeg har haft problemer med ved opstarten, er den nogen gange er kanon langtid til at inslæse programmerne nede i højre hjørne (det kan tager et par min.), og det er ikke altid kaskersky ikonet kommer (det køre godtnok ifølge joblisten), og forbindelses ikonet (de 2 computere der fortæller at der er forbindelse til inernettet) at det tager også nogen et stykke tid inden de kommer!! kan du du give mig en forklare herom, hvordan jeg får det løst ?

Det er Kaspersky der er "synderen", jeg har fuldstændig samme problem selv.
Men i betragtning af den sikkerhed programmet giver, lever jeg med det.
Problemet opstår fordi Kaspersky opdaterer, men i næste version af programmet, der kommer på dansk indenfor de næste par uger, skulle det være knap så udtalt.

jeg kom til at tænke på, nu når der kommer en ny version, skal man have en ny licens, eller kan man køre vidre med den licens man har ?

Din nuværende licens vil virke.