Spyware, hjælp!

1. Hent Look2Me-Destroyer herfra:

http://www.atribune.org/ccount/click.php?id=7
Gem værktøjet på dit Skrivebord.

2. Luk alle åbne programvinduer - inklusiv Internet Explorer.

3. Dobbeltklik på Look2Me-Destroyer, sæt et flueben i "Run this program as a task". Du får en meddelelse om, at Look2Me-Destroyer vil lukke og åbne efter 10 sekunder - klik på OK.

4. Hvis din firewall vil blokere Look2Me-Destroyers adgang til nettet, så skal du lade programmet få adgang.
Hvis du får en runtime error 339, så skal du hente MSWINSCK.OCX herfra:
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Læg den ned i mappen C:\Windows\System32.

5. Når Look2Me-Destroyer genåbner - klik på "Scan for L2M" - dine ikoner forsvinder - klik "Remove L2M". Klik OK når du får meddelelsen "Done scanning". Nu får du meddelelsen "Done removing infected files!. Programmet vil lukke din computer - klik OK.

Kopier Look2Me-Destroyer´s log her ind.

Hvis din firewall vil blokere Look2Me-Destroyers adgang til nettet, så skal du lade programmet få adgang.

Hvis du får en runtime error 339, så skal du hente MSWINSCK.OCX herfra:
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
...og placere den i mappen C:\Windows\System32 Directory.


Bagefter foreslår jeg, at du kører disse to scannere:


Hent denne scanner ned til skrivebordet ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Vent med at aktivere den.


Hent denne scanner http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Installer, og opdater scanneren manuelt. OBS, ved installationen bliver det foreslået at du registrerer med din email. Det behøver du ikke at gøre.


Start op i fejlsikret tilstand (tast f8 flere gange under opstart). Hvis du ikke kan det, så se her
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1


Dobbeltklik på drweb-cureit.exe. Den vil køre en expressscan, og det siger du ja til.

Når den skriver "Select object for scanning" nederst til venstre, skal du klikke på Options->Change settings.

Skift til fanebladet SCAN, og fjern fluebenet ved "Heuristic analysis".

Skift til fanebladet Actions. Under ADWARE indstiller du til DELETE. Alle andre punkter under MALWARE sættes til MOVE. Fjern fluebenet ved PROMPT ON ACTION. Klik ANVEND og OK.

Klik på det de drev du vil have scannet. Der kommer en rød prik, som viser at de er valgt.

Klik på den grønne pil ovre til højre på siden, for at starte scanningen.


Når scanningen er færdig, så find mappen Dr Web som ligger på dit hoveddrev, typisk C drevet, og find CUREIT.LOG. Scroll helt ned i bunden af loggen, hvor der står SCAN PATH og SCAN STATISTICS (KUN de nederste) og kopier det her ind. 


Start SuperAntiSpyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

Genstart til normal tilstand (scanneren tilbyder måske at gøre det).

Åbn scanneren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden, sammen med CUREIT loggen, og en frisk HijackThis log.

Super! Prøver lige!

Hej igen. Så er det prøvet!:-)
Her er logs'ne, måske lidt voldsomt mange - håber ikke du bliver overbelastet, men vidste ikke helt hvad jeg skulle sortiere fra - det er som russisk for mig!;-)

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 10-06-2006 16:50:56


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administratorer – Succeeded






[Scan path] C:\WINDOWS\system32\smss.exe
[Scan path] C:\WINDOWS\system32\csrss.exe
[Scan path] C:\WINDOWS\system32\winlogon.exe
[Scan path] C:\WINDOWS\system32\services.exe
[Scan path] C:\WINDOWS\system32\lsass.exe
[Scan path] C:\WINDOWS\system32\svchost.exe
[Scan path] C:\WINDOWS\explorer.exe
[Scan path] C:\DOCUME~1\Kati\LOKALE~1\Temp\RarSFX1\_start.exe
[Scan path] C:\DOCUME~1\Kati\LOKALE~1\Temp\RarSFX1\cureit.exe
[Scan path] C:\Programmer\Apoint\Apoint.exe
[Scan path] C:\WINDOWS\system32\igfxtray.exe
[Scan path] C:\WINDOWS\system32\hkcmd.exe
[Scan path] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
[Scan path] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
[Scan path] C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
[Scan path] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
[Scan path] C:\WINDOWS\system32\dla\tfswctrl.exe
[Scan path] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[Scan path] C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
[Scan path] C:\Programmer\QuickTime\qttask.exe
[Scan path] C:\Programmer\iTunes\iTunesHelper.exe
[Scan path] C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
[Scan path] C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
[Scan path] C:\WINDOWS\system32\ctfmon.exe
[Scan path] C:\Programmer\MSN Messenger\MsnMsgr.Exe
[Scan path] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
[Scan path] C:\Programmer\Windows\WinUpdate.exe
[Scan path] C:\Documents and Settings\Kati\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[Scan path] C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\desktop.ini
[Scan path] C:\Programmer\Digital Line Detect\DLG.exe
[Scan path] C:\Programmer\Microsoft Office\Office\OSA9.EXE
[Scan path] C:\Programmer\Nikon\NkView6\NkvMon.exe
[Scan path] C:\WINDOWS\system32\mmsys.cpl
[Scan path] C:\WINDOWS\system32\icmui.dll
[Scan path] C:\WINDOWS\system32\rshx32.dll
[Scan path] C:\WINDOWS\system32\docprop.dll
[Scan path] C:\WINDOWS\system32\ntshrui.dll
[Scan path] C:\WINDOWS\system32\themeui.dll
[Scan path] C:\WINDOWS\system32\deskadp.dll
[Scan path] C:\WINDOWS\system32\deskmon.dll
[Scan path] C:\WINDOWS\system32\dssec.dll
[Scan path] C:\WINDOWS\system32\SlayerXP.dll
[Scan path] C:\WINDOWS\system32\shscrap.dll
[Scan path] C:\WINDOWS\system32\diskcopy.dll
[Scan path] C:\WINDOWS\system32\ntlanui2.dll
[Scan path] C:\WINDOWS\system32\printui.dll
[Scan path] C:\WINDOWS\system32\dskquoui.dll
[Scan path] C:\WINDOWS\system32\syncui.dll
[Scan path] C:\WINDOWS\system32\hticons.dll
[Scan path] C:\WINDOWS\system32\fontext.dll
[Scan path] C:\WINDOWS\system32\deskperf.dll
[Scan path] C:\WINDOWS\system32\cryptext.dll
[Scan path] C:\WINDOWS\system32\NETSHELL.dll
[Scan path] C:\WINDOWS\system32\wiashext.dll
[Scan path] C:\WINDOWS\system32\remotepg.dll
[Scan path] C:\WINDOWS\system32\wshext.dll
[Scan path] C:\Programmer\Fælles filer\System\OLE DB\OLEDB32.DLL
[Scan path] C:\WINDOWS\system32\mstask.dll
[Scan path] C:\WINDOWS\system32\shdocvw.dll
[Scan path] C:\WINDOWS\system32\wuaucpl.cpl
[Scan path] C:\WINDOWS\system32\twext.dll
[Scan path] C:\WINDOWS\system32\shmedia.dll
[Scan path] C:\WINDOWS\system32\browseui.dll
[Scan path] C:\WINDOWS\system32\sendmail.dll
[Scan path] C:\WINDOWS\system32\occache.dll
[Scan path] C:\WINDOWS\system32\webcheck.dll
[Scan path] C:\WINDOWS\system32\appwiz.cpl
[Scan path] C:\WINDOWS\system32\shimgvw.dll
[Scan path] C:\WINDOWS\system32\netplwiz.dll
[Scan path] C:\WINDOWS\system32\zipfldr.dll
[Scan path] C:\WINDOWS\system32\cdfview.dll
[Scan path] C:\WINDOWS\system32\extmgr.dll
[Scan path] C:\WINDOWS\system32\msieftp.dll
[Scan path] C:\WINDOWS\system32\docprop2.dll
[Scan path] C:\WINDOWS\system32\dsquery.dll
[Scan path] C:\WINDOWS\system32\dsuiext.dll
[Scan path] C:\WINDOWS\system32\mydocs.dll
[Scan path] C:\WINDOWS\System32\cscui.dll
[Scan path] C:\WINDOWS\msagent\agentpsh.dll
[Scan path] C:\WINDOWS\system32\dfsshlex.dll
[Scan path] C:\WINDOWS\system32\photowiz.dll
[Scan path] C:\WINDOWS\System32\mmcshext.dll
[Scan path] C:\WINDOWS\system32\cabview.dll
[Scan path] C:\Programmer\Outlook Express\wabfind.dll
[Scan path] C:\WINDOWS\system32\wmpshell.dll
[Scan path] C:\WINDOWS\system32\mscoree.dll
[Scan path] C:\WINDOWS\system32\dla\tfswshx.dll
[Scan path] C:\PROGRA~1\FÆLLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Scan path] C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL
[Scan path] C:\Programmer\Microsoft Office\Office10\msohev.dll
[Scan path] C:\Programmer\iTunes\iTunesMiniPlayer.dll
[Scan path] C:\Programmer\Illustrate\dBpowerAMP\dBShell.dll
[Scan path] C:\Programmer\Illustrate\dBpowerAMP\dMCShell.dll
[Scan path] C:\Programmer\Nikon\NkView6\NkvDropExt.dll
[Scan path] C:\WINDOWS\system32\upnpui.dll
[Scan path] C:\Programmer\Real\RealPlayer\rpshell.dll
[Scan path] C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
[Scan path] C:\WINDOWS\system32\SHELL32.dll
[Scan path] C:\WINDOWS\system32\stobject.dll
[Scan path] C:\WINDOWS\system32\avldr.dll
[Scan path] C:\WINDOWS\system32\crypt32.dll
[Scan path] C:\WINDOWS\system32\cryptnet.dll
[Scan path] C:\WINDOWS\system32\cscdll.dll
[Scan path] C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[Scan path] C:\WINDOWS\system32\wlnotify.dll
[Scan path] C:\WINDOWS\system32\sclgntfy.dll
[Scan path] C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\ACPI.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\adpu160m.sys
[Scan path] C:\WINDOWS\system32\drivers\aec.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\AegisP.sys
[Scan path] C:\WINDOWS\System32\drivers\afd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\agp440.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aha154x.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aic78u2.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\aic78xx.sys
[Scan path] C:\WINDOWS\System32\alg.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\aliide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\alim1541.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\amdagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\amsint.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
[Scan path] C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
[Scan path] C:\WINDOWS\system32\Drivers\APPFLT.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\arp1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc3350p.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\asc3550.sys
[Scan path] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\asyncmac.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\atmarpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\audstub.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cdrom.sys
[Scan path] C:\WINDOWS\system32\cisvc.exe
[Scan path] C:\WINDOWS\system32\clipsrv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\CmBatt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cmdide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\compbatt.sys
[Scan path] C:\WINDOWS\system32\dllhost.exe
[Scan path] C:\WINDOWS\system32\Drivers\cpoint.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\cpqarray.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\CVirtA.sys
[Scan path] C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
[Scan path] C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dac960nt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\disk.sys
[Scan path] C:\WINDOWS\System32\dmadmin.exe
[Scan path] C:\WINDOWS\System32\drivers\dmboot.sys
[Scan path] C:\WINDOWS\System32\drivers\dmio.sys
[Scan path] C:\WINDOWS\System32\drivers\dmload.sys
[Scan path] C:\WINDOWS\system32\drivers\DMusic.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dne2000.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\dpti2o.sys
[Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys
[Scan path] C:\WINDOWS\system32\drivers\drvmcdb.sys
[Scan path] C:\WINDOWS\system32\drivers\drvnddm.sys
[Scan path] C:\WINDOWS\system32\Drivers\DSAFLT.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\e100b325.sys
[Scan path] C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\fdc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\flpydisk.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\fltMgr.sys
[Scan path] C:\WINDOWS\system32\Drivers\fnetmon.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\ftdisk.sys
[Scan path] C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\msgpc.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\hidusb.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\hpn.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
[Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i2omp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\i8042prt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
[Scan path] C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
[Scan path] C:\WINDOWS\system32\Drivers\IDSFLT.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\imapi.sys
[Scan path] C:\WINDOWS\system32\imapi.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ini910u.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\intelide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\intelppm.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipinip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ipnat.sys
[Scan path] C:\Programmer\iPod\bin\iPodService.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ipsec.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\irenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\isapnp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\iwca.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\kbdclass.sys
[Scan path] C:\WINDOWS\system32\drivers\kmixer.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
[Scan path] C:\WINDOWS\system32\mnmsrvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\mouclass.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mouhid.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mraid35x.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxdav.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
[Scan path] C:\WINDOWS\system32\msdtc.exe
[Scan path] C:\WINDOWS\system32\msiexec.exe
[Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\mssmbios.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndistapi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndisuio.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ndiswan.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbios.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\netbt.sys
[Scan path] C:\WINDOWS\system32\netdde.exe
[Scan path] C:\WINDOWS\system32\Drivers\NETFLT.SYS
[Scan path] C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\nic1394.sys
[Scan path] C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ohci1394.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\omci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\parport.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
[Scan path] C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\PavProc.sys
[Scan path] C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
[Scan path] C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\pci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pciide.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\pcmcia.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\perc2.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\perc2hib.sys
[Scan path] c:\programmer\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
[Scan path] C:\WINDOWS\system32\DRIVERS\raspptp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\psched.sys
[Scan path] C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ptilink.sys
[Scan path] C:\WINDOWS\System32\Drivers\PxHelp20.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1080.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql12160.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1240.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\ql1280.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasacd.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspppoe.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\raspti.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdbss.sys
[Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\rdpdr.sys
[Scan path] C:\WINDOWS\system32\sessmgr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\redbook.sys
[Scan path] C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
[Scan path] C:\WINDOWS\system32\locator.exe
[Scan path] C:\WINDOWS\system32\rsvp.exe
[Scan path] C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\s24trans.sys
[Scan path] C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
[Scan path] C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
[Scan path] C:\WINDOWS\System32\SCardSvr.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\sdbus.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\secdrv.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\serenum.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\serial.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sisagp.sys
[Scan path] C:\WINDOWS\system32\Drivers\SMSFLT.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\sparrow.sys
[Scan path] C:\WINDOWS\system32\drivers\splitter.sys
[Scan path] C:\WINDOWS\system32\spoolsv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\sr.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\srv.sys
[Scan path] C:\WINDOWS\system32\drivers\sscdbhk5.sys
[Scan path] C:\WINDOWS\system32\drivers\ssrtln.sys
[Scan path] C:\WINDOWS\system32\drivers\STAC97.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\swenum.sys
[Scan path] C:\WINDOWS\system32\drivers\swmidi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\symc810.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\symc8xx.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sym_hi.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\sym_u3.sys
[Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys
[Scan path] C:\WINDOWS\system32\smlogsvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\tcpip.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\termdd.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnboio.sys
[Scan path] C:\WINDOWS\system32\dla\tfsncofs.sys
[Scan path] C:\WINDOWS\system32\dla\tfsndrct.sys
[Scan path] C:\WINDOWS\system32\dla\tfsndres.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnifs.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnopio.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnpool.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnudf.sys
[Scan path] C:\WINDOWS\system32\dla\tfsnudfa.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\toside.sys
[Scan path] C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\ultra.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\update.sys
[Scan path] C:\WINDOWS\System32\ups.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\usbccgp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbehci.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbhub.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbprint.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\usbscan.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[Scan path] C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[Scan path] C:\WINDOWS\System32\drivers\vga.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaagp.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\viaide.sys
[Scan path] C:\WINDOWS\system32\vsdatant.sys
[Scan path] C:\WINDOWS\System32\vssvc.exe
[Scan path] C:\WINDOWS\system32\DRIVERS\w29n51.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\wanarp.sys
[Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys
[Scan path] C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
[Scan path] C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
[Scan path] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[Scan path] C:\WINDOWS\system32\Drivers\WNMFLT.SYS
[Scan path] C:\WINDOWS\System32\drivers\ws2ifsl.sys
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Speed Launch.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Cisco Systems VPN Client.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Digital Line Detect.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
[Scan path] C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\NkvMon.exe.lnk

Scan statistics

Objects scanned: 335
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1680 Kb/s
Scan time: 00:00:39

SUPERAntiSpyware Scan Log
Generated 06/10/2006 at 07:13 PM

Core Rules Database Version : 2974
Trace Rules Database Version: 1071

Memory threats detected  : 0
Registry threats detected : 4
File threats detected    : 98

Trojan.WinUpdate
    [WinUpdate.exe] C:\Programmer\Windows\WinUpdate.exe
    C:\Programmer\Windows\WinUpdate.exe
    HKU\S-1-5-21-3921496707-116325356-2627367407-1006\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run#WinUpdate.exe [ C:\Programmer\Windows\WinUpdate.exe ]
    C:\WINDOWS\Prefetch\WINUPDATE.EXE-16867FA8.pf

Adware.Tracking Cookie
    C:\Documents and Settings\Kati\Cookies\kati@52412438[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@S154520[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@ad1.emediate[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@adserver.banneradministration[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@bannere.fyens[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@s[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@www.dgm2[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@e-2dj6wjl4whdjscp.stats.esomniture[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@stat.inleadmedia[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@yieldmanager[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@atwola[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@stiftung-de[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@e-2dj6wfmysjc5edp.stats.esomniture[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@e-2dj6wfmyqgczacq.stats.esomniture[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@ads2.gamereactor[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@revsci[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@e-2dj6wjmyuhcpsfp.stats.esomniture[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@e-2dj6wgkowgcpefp.stats.esomniture[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@43126847[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@bs.serving-sys[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@www.webstat[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@e-2dj6wjkyahcjghq.stats.esomniture[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@belnk[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@adtech[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@1071362903[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@data2.perf.overture[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@globalstat[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@advertising[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@cgi-bin[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@track.effiliation[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@track.adform[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@S119579[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@clickability[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@doubleclick[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@azjmp[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@msninvite.112.2o7[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@ads.realtechnetwork[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@18766632[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@burstnet[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@e-2dj6wfliejc5eho.stats.esomniture[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@atdmt[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@www.livewebstats[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@e-2dj6wfkyqkczikp.stats.esomniture[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@efashionsolutions.122.2o7[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@popularscreensavers[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@indextools[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@indexstats[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@ad.yieldmanager[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@stats2.clicktracks[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@stat.postdanmark[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@ad1.emediate[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@1071933095[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@mb[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@adfair[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@1071427968[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@komtrack[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@dist.belnk[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@16847762[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@serving-sys[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@http.edge.vru4[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@dcss2kjp121e5hi7roqbbljn7_6d3r[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@ads.arto[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@ads2.jubii[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@e2.emediate[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@dcsx8pw0epifwzbqfcuk9q0y1_7n3v[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@vhost.oddcast[2].txt
    C:\Documents and Settings\Kati\Cookies\kati@m1.webstats4u[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@yadro[1].txt
    C:\Documents and Settings\Kati\Cookies\kati@tacoda[1].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@ads2.jubii[1].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@banner.monacogoldcasino[1].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@clicktorrent[1].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@cpvfeed[2].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@http.edge.vru4[2].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@indexstats[1].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@indextools[1].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@track.adform[2].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@winantispyware[2].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@www.admedian[1].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@www.bannersandpopups[1].txt
    C:\Documents and Settings\Kati\Lokale indstillinger\Temp\Cookies\kati@www.popupsandbanners[1].txt
    C:\WINDOWS\Temp\Cookies\kati@banner.monacogoldcasino[1].txt
    C:\WINDOWS\Temp\Cookies\kati@cpvfeed[1].txt
    C:\WINDOWS\Temp\Cookies\kati@http.edge.vru4[2].txt
    C:\WINDOWS\Temp\Cookies\kati@indexstats[1].txt
    C:\WINDOWS\Temp\Cookies\kati@indextools[1].txt
    C:\WINDOWS\Temp\Cookies\kati@partypoker[1].txt
    C:\WINDOWS\Temp\Cookies\kati@www.admedian[1].txt

Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-3921496707-116325356-2627367407-1006\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.IPWins
    HKU\S-1-5-21-3921496707-116325356-2627367407-1006\Software\IpWins
    C:\Programmer\ipwins\count.dat
    C:\Programmer\ipwins\data.dat
    C:\Programmer\ipwins\date.dat
    C:\Programmer\ipwins\settings.dat
    C:\Programmer\ipwins\settingsDate.dat
    C:\Programmer\ipwins

Trojan.MC Downloader Variant
    C:\Documents and Settings\Kati\mc-110-12-0000140.exe

Adware.ClickSpring/PuritySCAN
    C:\WINDOWS\system32\wapisu.exe

Logfile of HijackThis v1.99.1
Scan saved at 19:34:54, on 10-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\programmer\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Nikon\NkView6\NkvMon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\DOCUME~1\Kati\LOKALE~1\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.samf.aau.dk/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmer\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs:  C:\WINDOWS\system32\msconfig.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\programmer\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe

Det ser bedre ud. Denne fil skal du lige uploade til scanning her http://virusscan.jotti.org/ Klik gennemse, find og marker filen, klik submit, og afvent resultatet:

C:\WINDOWS\system32\ msconfig.dll

Kan ikke finde nogen fil med det navn?

Prøv lige dette, og prøv så lige at finde den igen via Start/Søg:

For at kunne se alle filer og mapper, gør du dette http://www.spywareinfo.dk/#/tip-og-tricks/mappeindstillinger.htm

Så gør du dette:

Klik på "Start" - Vælg "Søg".
Klik på linket "Skift indstillinger".
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.

Skummelt. Jeg kan simpelhen ikke finde nogen fil med det navn, det eneste der dukker frem er forskellige logs frem fra skanner-programmer. Har ellers fuldt instruktionen, ved ikke havd det er jeg gør galt?

Så er den nok blevet taget af en scanner, selv om det ikke lige fremgår.

Kør en scanning med HijackThis, så du kan se alle filer. Luk alle vinduer, sæt flueben ved disse linier, og klik fix checked.

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O20 - AppInit_DLLs:  C:\WINDOWS\system32\msconfig.dll

Slet denne fil (Det burde du kunne i normal tilstand):

C:\Programmer\Fælles filer\Real\Update_OB\ realsched.exe <- Denne fil

Og så lige en forhåbentligt sidste log.

Bitte sehr:-)

Logfile of HijackThis v1.99.1
Scan saved at 21:42:17, on 12-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\programmer\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\Programmer\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Programmer\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Nikon\NkView6\NkvMon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe
C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
C:\DOCUME~1\Kati\LOKALE~1\Temp\Midlertidig mappe 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.samf.aau.dk/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmer\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\programmer\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe