tjek min hijackthis log og se om det ser nogleunde ud

-- Gå ind i kontrolpanel-tilføj/fjern programmer, og se om du kan få lov til at afinstallere følgende programmer:
Network Monitor

-- Hent S!Ri's SmitfraudFix.zip og pak det ud til dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og opdater programmet, men vent med at scanne.

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Kør en fuld scanning med Ewido, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.
O4 - HKLM\..\Run: [F:\PROGRA~1\Eyeball\EYEBAL~1\3659_mb_file_3a424.gif ] F:\PROGRA~1\Eyeball\EYEBAL~1\3659_mb_file_3a424.gif
O4 - HKLM\..\Run: [F:\WINDOWS\system32\down_server.exe ] "F:\WINDOWS\system32\down_server.exe"
O4 - HKLM\..\Run: [Windows Reg Services] F:\WINDOWS\system32\ffservice.exe
O4 - HKCU\..\Run: [msHelper] F:\WINDOWS\system32\svchosts.exe
O4 - HKCU\..\Run: [Windows Reg Services] F:\WINDOWS\system32\ffservice.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\content\include\XPPatchInstaller.CAB
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O23 - Service: Network Monitor - Unknown owner - F:\Programmer\Network Monitor\netmon.exe

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra Ewido og loggen fra SmitfraudFix (C:\rapport.txt).

sådan det tog sin tid :-)


SmitFraudFix v2.79

Scan done at 13:24:33,39, 04-08-2006
Run from F:\Documents and Settings\bj\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

F:\WINDOWS\desktop.html Deleted
F:\WINDOWS\system32\ishost.exe Deleted
F:\WINDOWS\system32\ismon.exe Deleted
F:\WINDOWS\system32\isnotify.exe Deleted
F:\WINDOWS\system32\issearch.exe Deleted
F:\WINDOWS\system32\ixt?.dll Deleted
F:\WINDOWS\system32\ot.ico Deleted
F:\WINDOWS\system32\svchosts.exe Deleted
F:\WINDOWS\system32\ts.ico Deleted
F:\WINDOWS\system32\components\flx?.dll Deleted
F:\Programmer\Safety Bar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            15:10:21, 04-08-2006
+ Rapport-Checksum:        7CC18BF2

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\CLSID\{6B925150-4E3E-4EC7-B642-57392A9394C1} -> Adware.ContextuAd : Renset med backup
    C:\ac3_0010.exe -> Downloader.Small : Renset med backup
    C:\dfndrff_7.exe -> Hijacker.VB.ly : Renset med backup
    :mozilla.34:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Doubleclick : Renset med backup
    :mozilla.53:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Tradedoubler : Renset med backup
    :mozilla.54:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Tradedoubler : Renset med backup
    :mozilla.55:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Tradedoubler : Renset med backup
    :mozilla.56:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Tradedoubler : Renset med backup
    :mozilla.84:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adtech : Renset med backup
    :mozilla.85:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adtech : Renset med backup
    :mozilla.86:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.89:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.90:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.92:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.93:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.103:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.105:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Atdmt : Renset med backup
    :mozilla.124:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.125:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.126:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.127:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.128:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.133:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.134:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.138:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Mediaplex : Renset med backup
    :mozilla.145:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.146:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.147:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.148:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.149:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.151:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Linksynergy : Renset med backup
    :mozilla.153:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Linksynergy : Renset med backup
    :mozilla.160:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.161:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.162:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.163:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.164:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.165:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.166:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.167:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.168:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.169:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.170:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.171:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.172:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.173:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.174:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.175:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.176:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.177:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.178:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.179:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.180:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.181:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.184:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.187:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Yadro : Renset med backup
    :mozilla.189:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Spylog : Renset med backup
    :mozilla.202:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Questionmarket : Renset med backup
    :mozilla.203:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Questionmarket : Renset med backup
    :mozilla.208:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Googleadservices : Renset med backup
    :mozilla.212:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Valueclick : Renset med backup
    :mozilla.228:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Pointroll : Renset med backup
    :mozilla.229:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Pointroll : Renset med backup
    :mozilla.230:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Pointroll : Renset med backup
    :mozilla.231:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Pointroll : Renset med backup
    :mozilla.242:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Bfast : Renset med backup
    :mozilla.244:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Tribalfusion : Renset med backup
    :mozilla.253:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.254:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.255:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.256:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.257:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.258:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.259:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.260:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.261:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.262:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.263:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.264:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.272:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.278:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.330:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.331:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adbrite : Renset med backup
    :mozilla.332:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Specificclick : Renset med backup
    :mozilla.333:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Targetnet : Renset med backup
    :mozilla.334:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.335:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.336:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.337:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.338:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.352:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adjuggler : Renset med backup
    :mozilla.353:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adjuggler : Renset med backup
    :mozilla.354:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adjuggler : Renset med backup
    :mozilla.356:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Zedo : Renset med backup
    :mozilla.357:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Zedo : Renset med backup
    :mozilla.358:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Zedo : Renset med backup
    :mozilla.371:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.383:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Fastclick : Renset med backup
    :mozilla.461:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Masterstats : Renset med backup
    :mozilla.464:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Cqcounter : Renset med backup
    :mozilla.477:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.478:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adbrite : Renset med backup
    :mozilla.479:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.480:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.481:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.482:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.483:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.484:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.485:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.486:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.487:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.488:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.489:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.490:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.491:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.492:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.493:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adbrite : Renset med backup
    :mozilla.494:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adbrite : Renset med backup
    :mozilla.495:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adbrite : Renset med backup
    :mozilla.496:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adbrite : Renset med backup
    :mozilla.497:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adbrite : Renset med backup
    :mozilla.501:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Sexlist : Renset med backup
    :mozilla.511:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Qksrv : Renset med backup
    :mozilla.513:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Qksrv : Renset med backup
    :mozilla.515:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Clickzs : Renset med backup
    :mozilla.516:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Clickzs : Renset med backup
    :mozilla.545:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.546:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.565:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Bluestreak : Renset med backup
    :mozilla.613:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Euroclick : Renset med backup
    :mozilla.632:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.633:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.634:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.635:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.677:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.678:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.709:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Webtrendslive : Renset med backup
    :mozilla.800:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.801:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.809:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.810:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.811:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.817:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
    :mozilla.818:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
    :mozilla.824:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.825:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.828:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.I12 : Renset med backup
    :mozilla.829:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.I12 : Renset med backup
    :mozilla.830:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.I12 : Renset med backup
    :mozilla.831:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.I12 : Renset med backup
    :mozilla.842:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.I12 : Renset med backup
    :mozilla.843:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.I12 : Renset med backup
    :mozilla.844:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.I12 : Renset med backup
    :mozilla.845:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.I12 : Renset med backup
    :mozilla.846:C:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\rik5xebr.default\cookies.txt -> TrackingCookie.I12 : Renset med backup
    C:\Documents and Settings\bj\Cookies\bj@2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\bj\Cookies\bj@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\bj\Cookies\bj@atdmt[2].txt -> TrackingCookie.Atdmt : Renset med backup
    C:\Documents and Settings\bj\Cookies\bj@doubleclick[2].txt -> TrackingCookie.Doubleclick : Renset med backup
    C:\drsmartload.exe -> Downloader.Adload.di : Renset med backup
    C:\drsmartload45a7i.exe -> Downloader.VB.aiw : Renset med backup
    C:\drsmartload46a7i.exe -> Downloader.VB.aiw : Renset med backup
    C:\drsmartload849a7i.exe -> Downloader.VB.aiw : Renset med backup
    C:\Installer3.exe -> Adware.Look2Me : Renset med backup
    C:\kybrdff_7.exe -> Downloader.Adload.dl : Renset med backup
    C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Renset med backup
    C:\MTE3NDI6ODoxNgnew.exe -> Downloader.Small.buy : Renset med backup
    C:\nwnmff_7.exe -> Downloader.Adload.dj : Renset med backup
    C:\Programmer\Fælles filer\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Renset med backup
    C:\stub_113_4_0_4_0newer.exe -> Downloader.TSUpdate.o : Renset med backup
    C:\warebundlenewer.exe -> Adware.Look2Me : Renset med backup
    :mozilla.6:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Adtech : Renset med backup
    :mozilla.8:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Mediaplex : Renset med backup
    :mozilla.9:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Adtech : Renset med backup
    :mozilla.16:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
    :mozilla.17:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
    :mozilla.18:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
    :mozilla.19:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
    :mozilla.20:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
    :mozilla.21:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
    :mozilla.24:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
    :mozilla.25:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Reliablestats : Renset med backup
    :mozilla.44:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Doubleclick : Renset med backup
    ->  : Fejl under renselse
    :mozilla.50:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.51:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.52:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Advertising : Renset med backup
    :mozilla.81:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Atdmt : Renset med backup
    :mozilla.88:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.90:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.91:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.92:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.93:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Burstnet : Renset med backup
    :mozilla.101:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Onestat : Renset med backup
    :mozilla.102:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Onestat : Renset med backup
    :mozilla.103:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Onestat : Renset med backup
    :mozilla.104:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Onestat : Renset med backup
    :mozilla.129:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.130:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.140:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Tribalfusion : Renset med backup
    :mozilla.145:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
    :mozilla.146:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Sitestat : Renset med backup
    :mozilla.147:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.148:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    :mozilla.149:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Revenue : Renset med backup
    ->  : Fejl under renselse
    :mozilla.151:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.152:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.153:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.154:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.155:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.156:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.157:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.158:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.159:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.160:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.161:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.162:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.163:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.164:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.165:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Statcounter : Renset med backup
    :mozilla.182:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Clickbank : Renset med backup
    :mozilla.183:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Clickbank : Renset med backup
    :mozilla.184:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Googleadservices : Renset med backup
    :mozilla.186:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.187:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.188:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.189:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.200:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Tradedoubler : Renset med backup
    :mozilla.204:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.205:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.206:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.207:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.208:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.209:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.210:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.211:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    :mozilla.212:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Yieldmanager : Renset med backup
    ->  : Fejl under renselse
    :mozilla.214:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.215:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.216:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.217:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.218:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.219:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.220:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.221:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.222:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Tacoda : Renset med backup
    :mozilla.223:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.224:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.225:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.226:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.227:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.228:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.229:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.230:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.231:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Cpvfeed : Renset med backup
    :mozilla.236:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Targetnet : Renset med backup
    :mozilla.259:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.260:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.263:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.264:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.265:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.266:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.268:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.269:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.270:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.271:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.282:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.295:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.337:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Spylog : Renset med backup
    :mozilla.338:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hotlog : Renset med backup
    :mozilla.356:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Bluestreak : Renset med backup
    :mozilla.371:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.372:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.373:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Web-stat : Renset med backup
    :mozilla.374:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Web-stat : Renset med backup
    :mozilla.382:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Sexlist : Renset med backup
    :mozilla.388:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.389:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.390:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.391:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.392:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.393:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Casalemedia : Renset med backup
    :mozilla.414:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.418:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.419:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.420:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.421:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.444:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.446:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.447:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.448:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Falkag : Renset med backup
    :mozilla.450:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Specificclick : Renset med backup
    :mozilla.461:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Overture : Renset med backup
    :mozilla.471:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Fastclick : Renset med backup
    :mozilla.476:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Yadro : Renset med backup
    :mozilla.489:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Questionmarket : Renset med backup
    :mozilla.490:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Questionmarket : Renset med backup
    :mozilla.498:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Clickhype : Renset med backup
    :mozilla.510:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Trafic : Renset med backup
    :mozilla.514:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.576:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Linksynergy : Renset med backup
    :mozilla.577:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Linksynergy : Renset med backup
    :mozilla.588:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Adjuggler : Renset med backup
    :mozilla.589:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Adjuggler : Renset med backup
    :mozilla.594:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Zedo : Renset med backup
    :mozilla.595:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Zedo : Renset med backup
    :mozilla.596:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.598:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.599:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.600:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Adrevolver : Renset med backup
    :mozilla.611:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.614:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Webtrendslive : Renset med backup
    :mozilla.615:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Webtrendslive : Renset med backup
    :mozilla.616:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.617:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.623:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.653:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Valueclick : Renset med backup
    :mozilla.663:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.665:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.666:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.667:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Serving-sys : Renset med backup
    :mozilla.685:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.687:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Valueclick : Renset med backup
    :mozilla.691:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.696:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.697:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.702:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Overture : Renset med backup
    :mozilla.705:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Valuead : Renset med backup
    :mozilla.706:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Valuead : Renset med backup
    :mozilla.714:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Valuead : Renset med backup
    :mozilla.715:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Valuead : Renset med backup
    :mozilla.716:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.2o7 : Renset med backup
    :mozilla.731:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.732:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Liveperson : Renset med backup
    :mozilla.742:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Com : Renset med backup
    :mozilla.751:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.755:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    :mozilla.756:F:\Documents and Settings\bj\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\cookies.txt -> TrackingCookie.Hitbox : Renset med backup
    F:\Documents and Settings\bj\Lokale indstillinger\Application Data\31d1523f.exe -> Downloader.Obfuscated.a : Renset med backup
    F:\Documents and Settings\bj\Lokale indstillinger\Application Data\Mozilla\Firefox\Profiles\o385oznx.default\Cache\9551A9C6d01 -> Not-A-Virus.Downloader.Win32.WinFixer.o : Renset med backup
    F:\onoes.exe -> Backdoor.EggDrop.v : Renset med backup
    F:\Programmer\Fælles filer\urmf\urmfa.exe -> Downloader.TSUpdate.l : Renset med backup
    F:\Programmer\Fælles filer\urmf\urmfd\urmfc.dll -> Adware.TargetServer : Renset med backup
    F:\Programmer\Fælles filer\urmf\urmfl.exe -> Downloader.TSUpdate.r : Renset med backup
    F:\Programmer\Fælles filer\urmf\urmfm.exe -> Downloader.TSUpdate.n : Renset med backup
    F:\Programmer\Fælles filer\urmf\urmfp.exe -> Downloader.TSUpdate.f : Renset med backup
    F:\Programmer\Fælles filer\WinSoftware\FCrXML.dll -> Adware.Winfixer : Renset med backup
    F:\Programmer\Fælles filer\WinSoftware\WFF.exe -> Adware.Winfixer : Renset med backup
    F:\Programmer\Fælles filer\{14672DDE-087B-1030-1007-03040401002d}\Update.exe -> Trojan.Starter.65 : Renset med backup
    F:\Programmer\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Renset med backup
    F:\Programmer\outlook\outlook.exe -> Worm.VB.dw : Renset med backup
    F:\Programmer\outlook\p.zip/Setup.exe -> Worm.VB.dw : Renset med backup
    F:\Programmer\outlook\v.tmp -> Worm.VB.dw : Renset med backup
    F:\Programmer\ToolBar888\MyToolBar.dll -> Adware.Softomate : Renset med backup
    F:\WINDOWS\system32\31d1523f.exe -> Downloader.Obfuscated.a : Renset med backup
    F:\WINDOWS\system32\down_server.exe -> Downloader.Small.axb : Renset med backup
    F:\WINDOWS\system32\dvb69de9.dll -> Adware.IEHelper : Renset med backup
    F:\WINDOWS\system32\ffservice.exe -> Downloader.Small.axb : Renset med backup
    F:\WINDOWS\system32\javamcore.dll -> Adware.MediaBack : Renset med backup
    F:\WINDOWS\system32\lservice.exe -> Downloader.Small.axb : Renset med backup
    F:\WINDOWS\system32\w04a7edc.dll -> Downloader.Small : Renset med backup
    F:\WINDOWS\system32\winubg32.dll -> Trojan.Mezzia : Renset med backup
    F:\WINDOWS\system32\wservice.exe -> Downloader.Small.axb : Renset med backup
    F:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.cu : Renset med backup
    F:\WINDOWS\Temp\win80.tmp.exe -> Downloader.Obfuscated.a : Renset med backup
    F:\WINDOWS\Ymo\asappsrv.dll -> Adware.CommAd : Renset med backup


::Rapport slut

Logfile of HijackThis v1.99.1
Scan saved at 15:26:47, on 04-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Programmer\Logitech\MediaLife\MediaLifeService.exe
D:\iTunesHelper.exe
F:\WINDOWS\system32\hphmon04.exe
F:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
F:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
F:\Programmer\Fælles filer\{14672DDE-087A-1030-1007-03040401002d}\Update.exe
F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
F:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
F:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
F:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
F:\Programmer\ewido\security suite\ewidoctrl.exe
F:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
F:\WINDOWS\system32\UAService7.exe
F:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
F:\Programmer\Fælles filer\PCSuite\Services\NclBTHandler.exe
F:\WINDOWS\system32\wuauclt.exe
F:\PROGRA~1\INCRED~1\bin\IMApp.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Documents and Settings\bj\Skrivebord\HijackThis.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCMService] "F:\Programmer\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DVD43] "F:\Programmer\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [ATICCC] "F:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SpySweeper] "F:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BullGuard 5.0] "F:\Programmer\BullGuard Software\BullGuard 5.0\bullguard.exe"
O4 - HKCU\..\Run: [msHelper] F:\WINDOWS\system32\svchosts.exe
O4 - HKCU\..\Run: [PcSync] "F:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Windows Reg Services] F:\WINDOWS\system32\ffservice.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = F:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = F:\Programmer\Webroot\Spy Sweeper\SpySweeperFix.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Send til &Bluetooth - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - F:\Programmer\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - F:\Programmer\Noble Poker\casino.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150129000312
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - F:\WINDOWS\system32\btxppanel.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: ewido security s

Ja, men der var også nogle slemme infektioner i blandt. Og jeg er bange for, at vi ikke er helt færdig endnu. Prøv nu dette:

-- Hent Brute Force Uninstaller, og pak det ud til sin egen mappe (c:\BFU):
http://www.merijn.org/files/bfu.zip

-- Højreklik på følgende link, og vælg "Gem som" for at downloade Alcan Remover. Gem det i samme mappe som du gemte Brute Force Uninstaller i (c:\BFU):
http://metallica.geekstogo.com/alcanshorty.bfu

-- Hent "SuperAntiSpyware free" herfra:
http://www.spywarefri.dk/downloads1.htm
Installer, og opdater scannereren.

-- Download dette fix til rodbiblioteket på din computer (som regel c:\):
http://www.atribune.org/ccount/click.php?id=4

-- Dobbeltklik på VundoFix.exe for at køre det. Sæt flueben ud for "Run VundoFix as a task". Du vil få en besked om at Vundofix vil lukke og genåbne indenfor ca. et minut. Klik på OK.

-- Når Vundofix genåbner, skal du klikke på "Scan for Vundo"-knappen.

-- Når den er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen.

-- Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at lukke computeren ned. Det skal du acceptere.

-- Genstart i fejlsikret tilstand.
Lidt hjælp til at komme i fejlsikret tilstand:
http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.
O4 - HKCU\..\Run: [msHelper] F:\WINDOWS\system32\svchosts.exe
O4 - HKCU\..\Run: [Windows Reg Services] F:\WINDOWS\system32\ffservice.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

-- Klik på "Min computer", og naviger frem til c:\BFU mappen. Dobbeltklik på BFU.exe. Så åbnes "The Brute Force Uninstaller". Til højre for det øverste indtastningsfelt, skal du nu klikke på det gule mappe-ikon ("Open script file"), og navigere frem til alcanshorty.bfu, som du hentede tidligere:
c:\bfu\alcanshorty.bfu

Klik herefter på "execute", og lad programmet gøre sit arbejde. Når scriptet er færdig, klikker du på OK, og derefter på EXIT.

-- Start Superantispyware-scannereren, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

-- Genstart til normal tilstand (scannereren tilbyder måske at gøre det).

-- Åbn SAS-scannereren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden, sammen med en ny HijackThis log, og indholdet af denne fil: C:\vundofix.txt

Dobbeltklik på VundoFix.exe for at køre det. Sæt flueben ud for "Run VundoFix as a task". Du vil få en besked om at Vundofix vil lukke og genåbne indenfor ca. et minut. Klik på OK.

har prøvet den men det åbner ikke igen efter 1 min ??

Ok, det sker enkelte gange med den infektion. Prøv så at downloade dette værktøj i stedet:

-- Hent VirtumundoBeGone, gem det på skrivebordet:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

-- Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start.
Når den spørger om du vil fortsætte, klik på Yes for at køre fixet.
Klik så på Save log.

-- Det sker sommetider at fixet afslutter med "BSOD"(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen.

-- Fortsæt herefter med ovenstående vejledning (fra punktet "Genstart i fejlsikret tilstand" -- hvis du har downloadet og installeret de andre værktøjer).

-- I stedet for c:\vundofix.txt skal du til afslutning kopiere indholdet af VBG.TXT herind (ligger på skrivebordet).

Så skulle der værer log filer fra SUPERAntiSpyware + hijackthis + VirtumundoBeGone



Logfile of HijackThis v1.99.1
Scan saved at 18:17:59, on 04-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Programmer\Logitech\MediaLife\MediaLifeService.exe
D:\iTunesHelper.exe
F:\WINDOWS\system32\hphmon04.exe
F:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
F:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
F:\Programmer\Fælles filer\{14672DDE-087A-1030-1007-03040401002d}\Update.exe
F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
F:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
F:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
F:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
F:\Programmer\ewido\security suite\ewidoctrl.exe
F:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
F:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
F:\WINDOWS\system32\UAService7.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
F:\Programmer\Fælles filer\PCSuite\Services\NclBTHandler.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Programmer\Mozilla Firefox\firefox.exe
F:\Documents and Settings\bj\Skrivebord\HijackThis.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCMService] "F:\Programmer\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DVD43] "F:\Programmer\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [ATICCC] "F:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SpySweeper] "F:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BullGuard 5.0] "F:\Programmer\BullGuard Software\BullGuard 5.0\bullguard.exe"
O4 - HKCU\..\Run: [PcSync] "F:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = F:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = F:\Programmer\Webroot\Spy Sweeper\SpySweeperFix.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Send til &Bluetooth - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - F:\Programmer\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - F:\Programmer\Noble Poker\casino.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150129000312
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - F:\WINDOWS\system32\btxppanel.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - F:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - F:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - F:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - F:\WINDOWS\system32\UAService7.exe




[08/04/2006, 16:55:19] - VirtumundoBeGone v1.5 ( "F:\Documents and Settings\bj\Skrivebord\VirtumundoBeGone.exe" )
[08/04/2006, 16:55:22] - Detected System Information:
[08/04/2006, 16:55:22] -  Windows Version: 5.1.2600, Service Pack 2
[08/04/2006, 16:55:22] -  Current Username: bj (Admin)
[08/04/2006, 16:55:22] -  Windows is in NORMAL mode.
[08/04/2006, 16:55:22] - Searching for Browser Helper Objects:
[08/04/2006, 16:55:22] -  BHO 1: {DCC2DD0E-5635-4845-B8D7-483F9CE17B00} ()
[08/04/2006, 16:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/04/2006, 16:55:22] -  Checking for HKLM\...\Winlogon\Notify\sstqp
[08/04/2006, 16:55:22] -  Found: HKLM\...\Winlogon\Notify\sstqp - This is probably Virtumundo.
[08/04/2006, 16:55:22] -  Assigning {DCC2DD0E-5635-4845-B8D7-483F9CE17B00} MSEvents Object
[08/04/2006, 16:55:22] - BHO list has been changed! Starting over...
[08/04/2006, 16:55:22] -  BHO 1: {DCC2DD0E-5635-4845-B8D7-483F9CE17B00} (MSEvents Object)
[08/04/2006, 16:55:22] - ALERT: Found MSEvents Object!
[08/04/2006, 16:55:22] -  BHO 2: {E521797A-22DE-4B46-8B2F-8E98AB77B942} ()
[08/04/2006, 16:55:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/04/2006, 16:55:22] -  Checking for HKLM\...\Winlogon\Notify\wvutrpp
[08/04/2006, 16:55:22] -  Found: HKLM\...\Winlogon\Notify\wvutrpp - This is probably Virtumundo.
[08/04/2006, 16:55:22] -  Assigning {E521797A-22DE-4B46-8B2F-8E98AB77B942} MSEvents Object
[08/04/2006, 16:55:22] - BHO list has been changed! Starting over...
[08/04/2006, 16:55:22] -  BHO 1: {DCC2DD0E-5635-4845-B8D7-483F9CE17B00} (MSEvents Object)
[08/04/2006, 16:55:22] - ALERT: Found MSEvents Object!
[08/04/2006, 16:55:22] -  BHO 2: {E521797A-22DE-4B46-8B2F-8E98AB77B942} (MSEvents Object)
[08/04/2006, 16:55:22] - ALERT: Found MSEvents Object!
[08/04/2006, 16:55:22] - Finished Searching Browser Helper Objects
[08/04/2006, 16:55:22] - *** Detected MSEvents Object
[08/04/2006, 16:55:22] - Trying to remove MSEvents Object...
[08/04/2006, 16:55:23] -    Terminating Process: IEXPLORE.EXE
[08/04/2006, 16:55:23] -    Terminating Process: RUNDLL32.EXE
[08/04/2006, 16:55:24] -    Disabling Automatic Shell Restart
[08/04/2006, 16:55:24] -    Terminating Process: EXPLORER.EXE
[08/04/2006, 16:55:24] -    Suspending the NT Session Manager System Service
[08/04/2006, 16:55:24] -    Terminating Windows NT Logon/Logoff Manager
[08/04/2006, 16:55:25] -    Re-enabling Automatic Shell Restart
[08/04/2006, 16:55:25] -  File to disable: F:\WINDOWS\system32\sstqp.dll
[08/04/2006, 16:55:25] -  Renaming F:\WINDOWS\system32\sstqp.dll -> F:\WINDOWS\system32\sstqp.dll.vir
[08/04/2006, 16:55:25] - ! File rename was unsucessful.
[08/04/2006, 16:55:25] -  Attempting to Deny Access to F:\WINDOWS\system32\sstqp.dll
[08/04/2006, 16:55:25] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[08/04/2006, 16:55:25] -  ERROR: Der blev ikke udført nogen afbildning mellem kontonavne og sikkerheds-id.

[08/04/2006, 16:55:25] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[08/04/2006, 16:55:25] -  Removing HKLM\...\Browser Helper Objects\{DCC2DD0E-5635-4845-B8D7-483F9CE17B00}
[08/04/2006, 16:55:26] -  Removing HKCR\CLSID\{DCC2DD0E-5635-4845-B8D7-483F9CE17B00}
[08/04/2006, 16:55:26] -  Adding Kill Bit for ActiveX for GUID: {DCC2DD0E-5635-4845-B8D7-483F9CE17B00}
[08/04/2006, 16:55:26] -  Deleting ATLEvents/MSEvents Registry entries
[08/04/2006, 16:55:26] -  Removing HKLM\...\Winlogon\Notify\sstqp
[08/04/2006, 16:55:26] - Searching for Browser Helper Objects:
[08/04/2006, 16:55:26] -  BHO 1: {E521797A-22DE-4B46-8B2F-8E98AB77B942} (MSEvents Object)
[08/04/2006, 16:55:26] - ALERT: Found MSEvents Object!
[08/04/2006, 16:55:26] - Finished Searching Browser Helper Objects
[08/04/2006, 16:55:26] - *** Detected MSEvents Object
[08/04/2006, 16:55:26] - Trying to remove MSEvents Object...
[08/04/2006, 16:55:27] -    Terminating Process: IEXPLORE.EXE
[08/04/2006, 16:55:27] -    Terminating Process: RUNDLL32.EXE
[08/04/2006, 16:55:27] -    Disabling Automatic Shell Restart
[08/04/2006, 16:55:27] -    Terminating Process: EXPLORER.EXE
[08/04/2006, 16:55:27] -    Suspending the NT Session Manager System Service
[08/04/2006, 16:55:27] -    Terminating Windows NT Logon/Logoff Manager
[08/04/2006, 16:55:28] -    Re-enabling Automatic Shell Restart
[08/04/2006, 16:55:28] -  File to disable: F:\WINDOWS\system32\wvutrpp.dll
[08/04/2006, 16:55:28] -  Renaming F:\WINDOWS\system32\wvutrpp.dll -> F:\WINDOWS\system32\wvutrpp.dll.vir
[08/04/2006, 16:55:28] - ! File rename was unsucessful.
[08/04/2006, 16:55:28] -  Attempting to Deny Access to F:\WINDOWS\system32\wvutrpp.dll
[08/04/2006, 16:55:28] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[08/04/2006, 16:55:28] -  ERROR: Der blev ikke udført nogen afbildning mellem kontonavne og sikkerheds-id.

[08/04/2006, 16:55:28] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[08/04/2006, 16:55:28] -  Removing HKLM\...\Browser Helper Objects\{E521797A-22DE-4B46-8B2F-8E98AB77B942}
[08/04/2006, 16:55:32] -  Removing HKCR\CLSID\{E521797A-22DE-4B46-8B2F-8E98AB77B942}
[08/04/2006, 16:55:32] -  Adding Kill Bit for ActiveX for GUID: {E521797A-22DE-4B46-8B2F-8E98AB77B942}
[08/04/2006, 16:55:32] -  Deleting ATLEvents/MSEvents Registry entries
[08/04/2006, 16:55:32] -  Removing HKLM\...\Winlogon\Notify\wvutrpp
[08/04/2006, 16:55:32] - Searching for Browser Helper Objects:
[08/04/2006, 16:55:32] - Finished Searching Browser Helper Objects
[08/04/2006, 16:55:32] - Finishing up...
[08/04/2006, 16:55:32] - A restart is needed.
[08/04/2006, 16:55:48] - Attempting to Restart via STOP error (Blue Screen!)


SUPERAntiSpyware Scan Log
Generated 08/04/2006 at 06:03 PM

Core Rules Database Version : 0
Trace Rules Database Version: 0

Memory threats detected  : 0
Registry threats detected : 9
File threats detected    : 24

Trojan.cmdService
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Adware.Toolbar888
    F:\Programmer\Toolbar888

Trojan.Security Toolbar
    F:\Documents and Settings\All Users\Menuen Start\Online Security Guide.url
    F:\Documents and Settings\All Users\Menuen Start\Security Troubleshooting.url

Adware.Tracking Cookie
    C:\Documents and Settings\B Tornado\Cookies\b tornado@ad.ofir[2].txt
    C:\Documents and Settings\B Tornado\Cookies\b tornado@ad1.emediate[1].txt
    C:\Documents and Settings\B Tornado\Cookies\b tornado@track.adform[2].txt
    C:\Documents and Settings\B Tornado\Cookies\b tornado@www.dk-sex[2].txt
    C:\Documents and Settings\bj\Cookies\bj@track.adform[2].txt
    F:\Documents and Settings\bj\Cookies\bj@adtech[2].txt
    F:\Documents and Settings\bj\Cookies\bj@atdmt[2].txt
    F:\Documents and Settings\bj\Cookies\bj@dk.winantivirus[1].txt
    F:\Documents and Settings\bj\Cookies\bj@indexstats[1].txt
    F:\Documents and Settings\bj\Cookies\bj@mediaplex[2].txt
    F:\Documents and Settings\bj\Cookies\bj@winantivirus[1].txt
    F:\Documents and Settings\bj\Cookies\bj@www.thespyguard[1].txt
    F:\Documents and Settings\bj\Cookies\bj@www.winantivirus[1].txt

Trojan.SmartLoad
    C:\WINDOWS\drsmartload2.dat

Adware.Casino Games (Golden Palace Casino)
    F:\Programmer\Noble Poker\casino.exe
    F:\Documents and Settings\All Users\Menuen Start\Noble Poker.lnk
    F:\Documents and Settings\All Users\Menuen Start\Programmer\Noble Poker\Noble Poker.lnk
    F:\Documents and Settings\bj\Application Data\Microsoft\Internet Explorer\Quick Launch\Noble Poker.lnk
    F:\Documents and Settings\bj\Skrivebord\Ubenyttede skrivebordsgenveje\Noble Poker.lnk

TargetSaver, Inc. Process
    F:\WINDOWS\system32\tsuninst.exe

Trojan.Unknown Origin
    F:\WINDOWS\Ymo\sAC.vbs

Jeg tror efterhånden kun der er en enkelt infektion tilbage på din computer, men det er også en genstridig af slagsen. Men prøv nu dette:

-- Omdøb Hijackthis-programmet til HJT.exe (infektionen gemmer sig nemlig for Hijackthis, sålænge den har sit oprindelige navn).

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
F:\WINDOWS\system32\sstqp.dll
F:\WINDOWS\system32\wvutrpp.dll
-----------------------------

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Genstart computeren, og lav en ny log med HJT.exe (den omdøbte udgave af Hijackthis.exe), som du lægger herind sammen med loggen fra Avenger

når jeg skal omdøbe hijackthis programmet hvordan gør jeg det ?

Du højreklikker på filen, og vælger "Omdøb". Så får du mulighed for at indtaste det nye navn.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mrjnhrta

*******************

Script file located at: \??\F:\WINDOWS\hjwqrmqi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at F:\Avenger

*******************

Beginning to process script file:



File F:\WINDOWS\system32\sstqp.dll not found!
Deletion of file F:\WINDOWS\system32\sstqp.dll failed!

Could not process line:
F:\WINDOWS\system32\sstqp.dll
Status: 0xc0000034



File F:\WINDOWS\system32\wvutrpp.dl not found!
Deletion of file F:\WINDOWS\system32\wvutrpp.dl failed!

Could not process line:
F:\WINDOWS\system32\wvutrpp.dl
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.



Logfile of HijackThis v1.99.1
Scan saved at 01:03:58, on 05-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Programmer\Logitech\MediaLife\MediaLifeService.exe
D:\iTunesHelper.exe
F:\WINDOWS\system32\hphmon04.exe
F:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
F:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
F:\Programmer\Fælles filer\{14672DDE-087A-1030-1007-03040401002d}\Update.exe
F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
F:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
F:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
F:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
F:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
F:\Programmer\ewido\security suite\ewidoctrl.exe
F:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
F:\WINDOWS\system32\UAService7.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
F:\Programmer\Logitech\SetPoint\SetPoint.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
F:\Programmer\Mozilla Firefox\firefox.exe
F:\Documents and Settings\bj\Skrivebord\HJK.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCMService] "F:\Programmer\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DVD43] "F:\Programmer\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [ATICCC] "F:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SpySweeper] "F:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BullGuard 5.0] "F:\Programmer\BullGuard Software\BullGuard 5.0\bullguard.exe"
O4 - HKCU\..\Run: [PcSync] "F:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = F:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = F:\Programmer\Webroot\Spy Sweeper\SpySweeperFix.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Send til &Bluetooth - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - F:\Programmer\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - F:\Programmer\Noble Poker\casino.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150129000312
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - F:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: SASWinLogon - F:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - F:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: wvutrpp - wvutrpp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - F:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - F:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - F:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - F:\WINDOWS\system32\UAService7.exe

Godt, så fik vi lidt mere at se, og det ser ud til, at du er ved at være i bund nu. Prøv at fixe disse linier med HJT.exe:

O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O20 - Winlogon Notify: wvutrpp - wvutrpp.dll (file missing)

For at være helt sikker på, at der er ryddet op, kunne jeg også godt tænke mig, at du prøver at se om du kan køre VundoFix.exe nu. Genstart herefter computeren, og læg en ny log fra HJT.exe herind til et (sandsynligvis sidste) check.

Den vil stadigvæk ikke starte VundoFix.exe som task.. den forsvinder godt nok men dukker ikke op igen efter 1 min eller mere :-)



Logfile of HijackThis v1.99.1
Scan saved at 12:20:41, on 05-08-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Programmer\Logitech\MediaLife\MediaLifeService.exe
D:\iTunesHelper.exe
F:\WINDOWS\system32\hphmon04.exe
F:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
F:\Programmer\Fælles filer\{14672DDE-087A-1030-1007-03040401002d}\Update.exe
F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
F:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
F:\Programmer\Logitech\SetPoint\SetPoint.exe
F:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
F:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
F:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
F:\Programmer\ewido\security suite\ewidoctrl.exe
F:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
F:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
F:\WINDOWS\system32\UAService7.exe
F:\Programmer\iPod\bin\iPodService.exe
F:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
F:\Programmer\Fælles filer\PCSuite\Services\NclBTHandler.exe
F:\Programmer\Mozilla Firefox\firefox.exe
F:\Documents and Settings\bj\Skrivebord\HJT.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCMService] "F:\Programmer\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHmon04] F:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DVD43] "F:\Programmer\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup
O4 - HKLM\..\Run: [ATICCC] "F:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SpySweeper] "F:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [BullGuard 5.0] "F:\Programmer\BullGuard Software\BullGuard 5.0\bullguard.exe"
O4 - HKCU\..\Run: [PcSync] "F:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = F:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = F:\Programmer\Webroot\Spy Sweeper\SpySweeperFix.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Send til &Bluetooth - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - F:\Programmer\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - F:\Programmer\Noble Poker\casino.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O10 - Unknown file in Winsock LSP: f:\programmer\bulletproofsoft.com\bps spyware & adware remover\apptoport.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150129000312
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - F:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: SASWinLogon - F:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - F:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - F:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - F:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - F:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - F:\WINDOWS\system32\UAService7.exe

Ok, loggen er ren. Kører computeren også bedre nu?

Hvis du er med på det, kan vi lige prøve et sidste forsøg med vundofix.exe, inden vi afslutter sagen? Hvis ja, så prøv dette:

(1) Klik på Start-kør. Skriv: Services.msc, og klik på OK. Find så denne service, højreklik på den, og vælg "Start". Prøv så at køre Vundofix igen, og se om programmet kører.

(2) Hvis det ikke gør det, så prøv dette: Klik på Start-Kontrolpanel-Planlagte Opgaver. I det vindue, som åbner, finder du et job, der hedder noget i stil med AT1.job, højreklikker på det, og vælger "Kør"

Jeg glemte at skrive hvilken service det var, du skulle finde. Det er denne:
"Task Scheduler"

1 : jeg var ind og kigge på services.msc og klikker på fanebladet standard men kunne ikke finde den service der hedder "task Scheduler"

2 : var inde i planlagteopgaver og der var kun et job som du sagde, men under "status" står der kunne ikke starte og under "næste kørsel" og "Seneste kørsel" står der aldrig

Nu stiger kunsten godt nok. Jeg kunne godt tænke mig at se et par logs mere, for at se om der alligevel skulle ligge noget, der blokerer:

(1) Hent Silentrunners her:
http://www.silentrunners.org/Silent%20Runners.vbs

Kør programmet, klik på Ja. Klik på OK. Vent så indtil der kommer en besked om at logfilen er færdig. Find log-filen, og læg den herind (den lægger sig i samme mappe som silentrunner programmet ligger i).

(2) Hent Blacklight her http://www.f-secure.com/blacklight/try.shtml Scroll ned på siden, og klik "iaccept". På næste side kan du downloade Blacklight til skrivebordet. Dobbeltklik filen, og klik scan. Når den er færdig laver den en log på skrivebordet. Kopier loggen her ind. Du skal ikke lade Blacklight fjerne noget endnu.

(3)Download Gmer-rootkit scanner, og pak den ud til skrivebordet:
http://www.gmer.net/gmer.zip

Kør programmet, klik på fanebladet "Rootkit", og klik på "Scan". Når scanningen er færdig, skal du klikke på "Copy". Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.

den eneste jeg ikke lige kunne hente ned var Blacklight

A system error reading a resource occured!
Server error 404
Not Found
The page you requested was not found on server, please go back and try again.

Probably you used an outdated link or an old bookmark.

If you followed a link on our site, please try it again in a few minutes.

Linkfix til Blacklight:
https://europe.f-secure.com/blacklight/try.shtml

har kørt de 2 andre programmer og lagt logfilerne ind men den sidste program "gmer" bliver ved med at gå i stå når jeg når til denn sti : C:\Documents and Settings\B Tornado\Lokale indstillinger\Temp\Midlertidig mappe 1 for Winzip 9.0 Full Version - Cracked +Crack _ serial.zip

Har prøvet at slette mappe også i fejlsikret tilstand men det ville den ikke


"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"{14672DDE-087B-1030-1007-03040401002d}" = ""F:\Programmer\Fælles filer\{14672DDE-087B-1030-1007-03040401002d}\Update.exe" mc-110-12-0000272" [file not found]
"{14672DDE-087A-1030-1007-03040401002d}" = ""F:\Programmer\Fælles filer\{14672DDE-087A-1030-1007-03040401002d}\Update.exe" mc-110-12-0000272" [null data]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"H/PC Connection Agent" = ""F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"BullGuard 5.0" = ""F:\Programmer\BullGuard Software\BullGuard 5.0\bullguard.exe"" [file not found]
"PcSync" = ""F:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog" ["Time Information Services Ltd."]
"SUPERAntiSpyware" = "F:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"PCMService" = ""F:\Programmer\Logitech\MediaLife\MediaLifeService.exe"" ["Logitech Corp."]
"iTunesHelper" = ""D:\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""F:\Programmer\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NeroFilterCheck" = "F:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"HPHmon04" = "F:\WINDOWS\system32\hphmon04.exe" ["Hewlett-Packard"]
"SunJavaUpdateSched" = "F:\Programmer\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"NWEReboot" = (empty string)
"DVD43" = ""F:\Programmer\DVD Region+CSS Free\DVDRegionFree.exe" /hidden" ["Fengtao Software Inc."]
"TkBellExe" = ""F:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]
"PCSuiteTrayApplication" = ""F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup" ["Nokia"]
"ATICCC" = ""F:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"SpySweeper" = ""F:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrolpanel-udvidelse til skærmpanorering"
  -> {HKLM...CLSID} = "Kontrolpanel-udvidelse til skærmpanorering"
                  \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikon"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                  \InProcServer32\(Default) = "F:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                  \InProcServer32\(Default) = "F:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                  \InProcServer32\(Default) = "F:\WINDOWS\System32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "F:\Programmer\WinRAR\rarext.dll" [null data]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Logitech-billeder"
  -> {HKLM...CLSID} = "Logitech-billeder"
                  \InProcServer32\(Default) = "F:\Programmer\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                  \InProcServer32\(Default) = "F:\Programmer\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
  -> {HKLM...CLSID} = "Mobile Device"
                  \InProcServer32\(Default) = "F:\Programmer\Microsoft ActiveSync\wcesview.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
  -> {HKLM...CLSID} = "Shell Search Band"
                  \InProcServer32\(Default) = "F:\WINDOWS\system32\browseui.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
                  \InProcServer32\(Default) = "D:\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
  -> {HKLM...CLSID} = "ShellLink for Application References"
                  \InProcServer32\(Default) = "F:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
  -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
                  \InProcServer32\(Default) = "F:\WINDOWS\system32\dfshim.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
                  \InProcServer32\(Default) = "F:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
                  \InProcServer32\(Default) = "F:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
  -> {HKLM...CLSID} = "Nokia Phone Browser"
                  \InProcServer32\(Default) = "F:\Programmer\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
  -> {HKLM...CLSID} = "SimpleShlExt Class"
                  \InProcServer32\(Default) = "F:\Programmer\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
                  \InProcServer32\(Default) = "F:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
  -> {HKLM...CLSID} = "Bluetooth-steder"
                  \InProcServer32\(Default) = "F:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{93994DE8-8239-4655-B1D1-5F4E91300429}" = (no title provided)
  -> {HKLM...CLSID} = "DVDIdleShell Class"
                  \InProcServer32\(Default) = "F:\PROGRA~1\DVDREG~1\DVDShell.dll" ["Fengtao Software Inc."]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                  \InProcServer32\(Default) = "F:\Programmer\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
INFECTION WARNING! "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
  -> {HKLM...CLSID} = "SABShellExecuteHook Class"
                  \InProcServer32\(Default) = "F:\Programmer\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "SsiEfr.e" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! SASWinLogon\DLLName = "F:\Programmer\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! application/octet-stream\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
  -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
                  \InProcServer32\(Default) = "mscoree.dll" [file not found]
INFECTION WARNING! application/x-complus\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
  -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
                  \InProcServer32\(Default) = "mscoree.dll" [file not found]
INFECTION WARNING! application/x-msdownload\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
  -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
                  \InProcServer32\(Default) = "mscoree.dll" [file not found]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
                  \InProcServer32\(Default) = "F:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                  \InProcServer32\(Default) = "F:\Programmer\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                  \InProcServer32\(Default) = "F:\Programmer\ewido\security suite\context.dll" ["ewido networks"]
IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"
  -> {HKLM...CLSID} = "IMMenuShellExt Class"
                  \InProcServer32\(Default) = "F:\Programmer\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "F:\Programmer\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                  \InProcServer32\(Default) = "F:\Programmer\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "F:\Programmer\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
  -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
                  \InProcServer32\(Default) = "F:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "F:\Programmer\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Startup items in "bj" & "All Users" startup folders:
----------------------------------------------------

F:\Documents and Settings\All Users\Menuen Start\Programmer\Start
"Adobe Reader Speed Launch" -> shortcut to: "F:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"BTTray" -> shortcut to: "F:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe" ["Broadcom Corporation."]
"Logitech SetPoint" -> shortcut to: "F:\Programmer\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]
"Spy Sweeper Fix" -> shortcut to: "F:\Programmer\Webroot\Spy Sweeper\SpySweeperFix.bat" [null data]


Enabled Scheduled Tasks:
------------------------

"At1" -> launches: "c:\windows\system32\VundoFix.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
F:\Programmer\BulletProofSoft.com\BPS Spyware & Adware Remover\AppToPort.dll [null data], 01 - 18, 37
%SystemRoot%\system32\mswsock.dll [MS], 19 - 21, 24 - 36
%SystemRoot%\system32\rsvpsp.dll [MS], 22 - 23


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in"
                  \InProcServer32\(Default) = "F:\Programmer\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
                  \InProcServer32\(Default) = "F:\Programmer\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
  -> {HKLM...CLSID} = "Create Mobile Favorite"
                  \InProcServer32\(Default) = "F:\Programmer\Microsoft ActiveSync\inetrepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
  -> {HKLM...CLSID} = "Create Mobile Favorite"
                  \InProcServer32\(Default) = "F:\Programmer\Microsoft ActiveSync\inetrepl.dll" [MS]

{B723B1B8-9788-4684-ADA7-D1DB02E1D516}\
"ButtonText" = "Noble Poker"
"MenuText" = "Noble Poker"
"Exec" = "F:\Programmer\Noble Poker\casino.exe" [null data]

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm" [null data]

{D81CA86B-EF63-42AF-BEE3-4502D9A03C2D}\
"ButtonText" = "MUSICMATCH MX Web Player"
"Script" = "http://wwws.musicmatch.com/mmz/openWebRadio.html" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "F:\Programmer\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "F:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Bluetooth Service, btwdins, "F:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe" ["Broadcom Corporation."]
Bluetooth Support Service, BthServ, "F:\WINDOWS\system32\svchost.exe -k bthsvcs" {"F:\WINDOWS\System32\bthserv.dll" [MS]}
ewido security suite control, ewido security suite control, "F:\Programmer\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
iPodService, iPodService, "F:\Programmer\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""F:\Programmer\Fælles filer\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
SecuROM User Access Service (V7), UserAccess7, "F:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."]
ServiceLayer, ServiceLayer, ""F:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe"" ["Nokia."]
Webroot Spy Sweeper Engine, svcWRSSSDK, "F:\Programmer\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "F:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Bluetooth-printerport\Driver = "bthcrp.dll" ["Broadcom Corporation."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 24 seconds, including 6 seconds for message boxes)


08/05/06 14:01:54 [Info]: BlackLight Engine 1.0.42 initialized
08/05/06 14:01:54 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/05/06 14:01:54 [Note]: 7019 4
08/05/06 14:01:54 [Note]: 7005 0
08/05/06 14:01:58 [Note]: 7006 0
08/05/06 14:01:58 [Note]: 7011 1648
08/05/06 14:01:58 [Note]: 7026 0
08/05/06 14:01:58 [Note]: 7026 0
08/05/06 14:02:04 [Note]: FSRAW library version 1.7.1019
08/05/06 14:06:31 [Note]: 7007 0

Mappen/filen bør du manuelt kunne slette med
http://www.it-knowlegde.dk/kan_ikke_slette_fil.html

C:\Documents and Settings\B Tornado\Lokale indstillinger\Temp\Midlertidig mappe 1 for Winzip 9.0 Full Version - Cracked +Crack _ serial.zip

(Copy hele stien ind)

Og/eller
[Start][Programmer][Tilbehør][Systemværktøjer][Diskoprydning]

Jeg har prøvet de 4 programmer der lå på det link du skrev ingen af dem ville slette mappen heller ikke hvis den genstartede.

og har også kørt diskoprydning det hjalp desværer heller ikke

næææ der fik jeg den sku den satan *GG*

jeg prøver lige at kører gmer og lægge logfilen ind

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-05 19:31:12
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT    SSI.SYS                                                                                      ZwCreateKey
SSDT    SSI.SYS                                                                                      ZwCreateProcess
SSDT    SSI.SYS                                                                                      ZwCreateProcessEx
SSDT    SSI.SYS                                                                                      ZwDeleteKey
SSDT    SSI.SYS                                                                                      ZwDeleteValueKey
SSDT    \??\F:\Programmer\ewido\security suite\guard.sys                                            ZwOpenProcess
SSDT    SSI.SYS                                                                                      ZwRenameKey
SSDT    SSI.SYS                                                                                      ZwSetInformationKey
SSDT    SSI.SYS                                                                                      ZwSetValueKey
SSDT    \??\F:\Programmer\ewido\security suite\guard.sys                                            ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_WRITE                                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_POWER                                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA                                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_PNP                                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Ip IRP_MJ_PNP_POWER                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_POWER                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA                                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_PNP                                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Tcp IRP_MJ_PNP_POWER                                                  [F84851F8] SSI.SYS
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN                                          [F85578B4] sfsync02.sys
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN                                  [F85578B4] sfsync02.sys
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN                                          [F85578B4] sfsync02.sys
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN                                  [F85578B4] sfsync02.sys
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_WRITE                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_POWER                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA                                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_PNP                                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\Udp IRP_MJ_PNP_POWER                                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA                                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN                                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP                                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_POWER                                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_PNP                                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\RawIp IRP_MJ_PNP_POWER                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL                                  [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP                                            [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT                                    [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER                                              [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE                                      [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA                                        [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA                                          [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP                                                [F84851F8] SSI.SYS
Device  \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP_POWER                                          [F84851F8] SSI.SYS

---- Registry - GMER 1.0.10 ----

Reg    \Registry\USER\S-1-5-21-1708537768-813497703-839522115-1003\Software\Zepter Software\RegLib 

---- Files - GMER 1.0.10 ----

File    C:\System Volume Information\MountPointManagerRemoteDatabase                               
File    C:\System Volume Information\tracking.log                                                   
File    C:\System Volume Information\_restore{055D6150-097C-45AA-A5FF-0AF132BFA149}                 
File    C:\System Volume Information\_restore{9871FA70-4AA9-44A1-878A-B530C9C38232}                 
File    D:\System Volume Information\MountPointManagerRemoteDatabase                               
File    D:\System Volume Information\tracking.log                                                   
File    D:\System Volume Information\_restore{055D6150-097C-45AA-A5FF-0AF132BFA149}                 
File    D:\System Volume Information\_restore{9871FA70-4AA9-44A1-878A-B530C9C38232}                 
File    E:\System Volume Information\MountPointManagerRemoteDatabase                               
File    E:\System Volume Information\tracking.log                                                   
File    E:\System Volume Information\_restore{055D6150-097C-45AA-A5FF-0AF132BFA149}                 
File    E:\System Volume Information\_restore{9871FA70-4AA9-44A1-878A-B530C9C38232}                 
File    F:\System Volume Information\MountPointManagerRemoteDatabase                               
File    F:\System Volume Information\tracking.log                                                   
File    F:\System Volume Information\_restore{055D6150-097C-45AA-A5FF-0AF132BFA149}                 

---- EOF - GMER 1.0.10 ----

OK, nu fandt vi i hvert fald årsagen til at du har fået skidtet ind. Du gør brug af diverse crack-programmer. Det er for det første ulovligt; for det andet er det en meget almindelig kilde til infektioner. For det tredje må jeg faktisk ikke hjælpe dig på Eksperten.dk med ulovligheder. Derfor vil jeg bede om, at du afinstallerer Winzip og Spysweeper (med tilhørende cracks) inden du lægger nogle nye logs herind næste gang. Ellers vil/må jeg ikke hjælpe dig videre.

But here it goes -- næste runde.

(1) Kopier indholdet mellem de stiplede linier ind i et notepad-vindue, og gem det på skrivebordet som regfix.reg. Når du gemmer, skal du sikre dig, at der under "Filtyper" står "Alle filer":

----------------------------
REGEDIT4
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot" = -
----------------------------

Dobbeltklik herefter på den fil, som du lige har lavet. Når Windows spørger om du vil tilføje oplysningerne til registreringsdatabasen, skal du sige ja.

(2) Hent så Regdelnul herfra, og pak den ud til roden af c-drevet (c:\):
http://www.sysinternals.com/Files/Regdellnull.zip

Klik på Start-kør, skriv CMD, og klik på OK. Så åbnes en sort dosbox. Her skal du skrive (hver linie skal afsluttes med et tryk på <enter>-tasten):
c:
cd \
regdelnull HKU\S-1-5-21-1708537768-813497703-839522115-1003\Software\Zepter Software -s

Så vil programmet lede efter registreringsentries, som bruger en bestemt rootkit-teknik, og spørge om de skal slettes. Når programmet finder en entry, skal du bekræfte at du vil have slettet entryen.

Genstart herefter computeren, og læg en ny log fra Silentrunners og Gmer herind, så jeg kan se om det har hjulpet.

har afinstalleret spysweeper men kunne ikke finde winzip nogle steder mener kun jeg har winrar instaleret som en demo version

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"H/PC Connection Agent" = ""F:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"PcSync" = ""F:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog" ["Time Information Services Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"PCMService" = ""F:\Programmer\Logitech\MediaLife\MediaLifeService.exe"" ["Logitech Corp."]
"iTunesHelper" = ""D:\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""F:\Programmer\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NeroFilterCheck" = "F:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"HPHmon04" = "F:\WINDOWS\system32\hphmon04.exe" ["Hewlett-Packard"]
"SunJavaUpdateSched" = "F:\Programmer\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"DVD43" = ""F:\Programmer\DVD Region+CSS Free\DVDRegionFree.exe" /hidden" ["Fengtao Software Inc."]
"PCSuiteTrayApplication" = ""F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -startup" ["Nokia"]
"ATICCC" = ""F:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrolpanel-udvidelse til skærmpanorering"
  -> {HKLM...CLSID} = "Kontrolpanel-udvidelse til skærmpanorering"
                  \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikon"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                  \InProcServer32\(Default) = "F:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                  \InProcServer32\(Default) = "F:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                  \InProcServer32\(Default) = "F:\WINDOWS\System32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "F:\Programmer\WinRAR\rarext.dll" [null data]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Logitech-billeder"
  -> {HKLM...CLSID} = "Logitech-billeder"
                  \InProcServer32\(Default) = "F:\Programmer\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                  \InProcServer32\(Default) = "F:\Programmer\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
  -> {HKLM...CLSID} = "Mobile Device"
                  \InProcServer32\(Default) = "F:\Programmer\Microsoft ActiveSync\wcesview.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
  -> {HKLM...CLSID} = "Shell Search Band"
                  \InProcServer32\(Default) = "F:\WINDOWS\system32\browseui.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
                  \InProcServer32\(Default) = "D:\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
  -> {HKLM...CLSID} = "ShellLink for Application References"
                  \InProcServer32\(Default) = "F:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
  -> {HKLM...CLSID} = "Shell Icon Handler for Application References"
                  \InProcServer32\(Default) = "F:\WINDOWS\system32\dfshim.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
                  \InProcServer32\(Default) = "F:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
                  \InProcServer32\(Default) = "F:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
  -> {HKLM...CLSID} = "Nokia Phone Browser"
                  \InProcServer32\(Default) = "F:\Programmer\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
  -> {HKLM...CLSID} = "SimpleShlExt Class"
                  \InProcServer32\(Default) = "F:\Programmer\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
  -> {HKLM...CLSID} = "Bluetooth-steder"
                  \InProcServer32\(Default) = "F:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{93994DE8-8239-4655-B1D1-5F4E91300429}" = (no title provided)
  -> {HKLM...CLSID} = "DVDIdleShell Class"
                  \InProcServer32\(Default) = "F:\PROGRA~1\DVDREG~1\DVDShell.dll" ["Fengtao Software Inc."]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                  \InProcServer32\(Default) = "F:\Programmer\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
INFECTION WARNING! "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
  -> {HKLM...CLSID} = "SABShellExecuteHook Class"
                  \InProcServer32\(Default) = "F:\Programmer\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "SsiEfr.e" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! SASWinLogon\DLLName = "F:\Programmer\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! application/octet-stream\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
  -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
                  \InProcServer32\(Default) = "mscoree.dll" [file not found]
INFECTION WARNING! application/x-complus\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
  -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
                  \InProcServer32\(Default) = "mscoree.dll" [file not found]
INFECTION WARNING! application/x-msdownload\CLSID = "{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"
  -> {HKLM...CLSID} = "Cor MIME Filter, CorFltr, CorFltr 1"
                  \InProcServer32\(Default) = "mscoree.dll" [file not found]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
                  \InProcServer32\(Default) = "F:\Programmer\Fælles filer\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                  \InProcServer32\(Default) = "F:\Programmer\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                  \InProcServer32\(Default) = "F:\Programmer\ewido\security suite\context.dll" ["ewido networks"]
IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"
  -> {HKLM...CLSID} = "IMMenuShellExt Class"
                  \InProcServer32\(Default) = "F:\Programmer\IncrediMail\bin\IMShExt.dll" ["IncrediMail, Ltd."]
moveonboot_delete\(Default) = "{12B23346-6BD8-4812-BF8C-75E7C386ACB8}"
  -> {HKLM...CLSID} = "MoveOnBootBootPopupMenuShlExt Class"
                  \InProcServer32\(Default) = "F:\Programmer\GiPo@Utilities\GiPo@MoveOnBoot\mboot.dll" ["Gibin Software House (http://www.gibinsoft.net)"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "F:\Programmer\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                  \InProcServer32\(Default) = "F:\Programmer\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "F:\Programmer\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "F:\Programmer\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Startup items in "bj" & "All Users" startup folders:
----------------------------------------------------

F:\Documents and Settings\All Users\Menuen Start\Programmer\Start
"Adobe Reader Speed Launch" -> shortcut to: "F:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"BTTray" -> shortcut to: "F:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe" ["Broadcom Corporation."]
"Logitech SetPoint" -> shortcut to: "F:\Programmer\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]
"Spy Sweeper Fix" -> shortcut to: "F:\Programmer\Webroot\Spy Sweeper\SpySweeperFix.bat" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
F:\Programmer\BulletProofSoft.com\BPS Spyware & Adware Remover\AppToPort.dll [null data], 01 - 18, 37
%SystemRoot%\system32\mswsock.dll [MS], 19 - 21, 24 - 36
%SystemRoot%\system32\rsvpsp.dll [MS], 22 - 23


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in"
                  \InProcServer32\(Default) = "F:\Programmer\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
                  \InProcServer32\(Default) = "F:\Programmer\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
  -> {HKLM...CLSID} = "Create Mobile Favorite"
                  \InProcServer32\(Default) = "F:\Programmer\Microsoft ActiveSync\inetrepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
  -> {HKLM...CLSID} = "Create Mobile Favorite"
                  \InProcServer32\(Default) = "F:\Programmer\Microsoft ActiveSync\inetrepl.dll" [MS]

{B723B1B8-9788-4684-ADA7-D1DB02E1D516}\
"ButtonText" = "Noble Poker"
"MenuText" = "Noble Poker"
"Exec" = "F:\Programmer\Noble Poker\casino.exe" [null data]

{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "F:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm" [null data]

{D81CA86B-EF63-42AF-BEE3-4502D9A03C2D}\
"ButtonText" = "MUSICMATCH MX Web Player"
"Script" = "http://wwws.musicmatch.com/mmz/openWebRadio.html" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "F:\Programmer\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "F:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Bluetooth Service, btwdins, "F:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe" ["Broadcom Corporation."]
Bluetooth Support Service, BthServ, "F:\WINDOWS\system32\svchost.exe -k bthsvcs" {"F:\WINDOWS\System32\bthserv.dll" [MS]}
ewido security suite control, ewido security suite control, "F:\Programmer\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "F:\Programmer\ewido\security suite\ewidoguard.exe" ["ewido networks"]
iPodService, iPodService, "F:\Programmer\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""F:\Programmer\Fælles filer\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
SecuROM User Access Service (V7), UserAccess7, "F:\WINDOWS\system32\UAService7.exe" ["Sony DADC Austria AG."]
ServiceLayer, ServiceLayer, ""F:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe"" ["Nokia."]
Windows User Mode Driver Framework, UMWdf, "F:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Bluetooth-printerport\Driver = "bthcrp.dll" ["Broadcom Corporation."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 37 seconds, including 18 seconds for message boxes)


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-05 23:08:07
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT    \??\F:\Programmer\ewido\security suite\guard.sys                                            ZwOpenProcess
SSDT    \??\F:\Programmer\ewido\security suite\guard.sys                                            ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN                                  [F85578B4] sfsync02.sys
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN                                          [F85578B4] sfsync02.sys
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN                                          [F85578B4] sfsync02.sys
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN                                  [F85578B4] sfsync02.sys

---- Registry - GMER 1.0.10 ----

Reg    \Registry\USER\S-1-5-21-1708537768-813497703-839522115-1003\Software\Zepter Software\RegLib 

---- Files - GMER 1.0.10 ----

File    C:\System Volume Information\MountPointManagerRemoteDatabase                               
File    C:\System Volume Information\tracking.log                                                   
File    C:\System Volume Information\_restore{055D6150-097C-45AA-A5FF-0AF132BFA149}                 
File    C:\System Volume Information\_restore{9871FA70-4AA9-44A1-878A-B530C9C38232}                 
File    D:\System Volume Information\MountPointManagerRemoteDatabase                               
File    D:\System Volume Information\tracking.log                                                   
File    D:\System Volume Information\_restore{055D6150-097C-45AA-A5FF-0AF132BFA149}                 
File    D:\System Volume Information\_restore{9871FA70-4AA9-44A1-878A-B530C9C38232}                 
File    E:\System Volume Information\MountPointManagerRemoteDatabase                               
File    E:\System Volume Information\tracking.log                                                   
File    E:\System Volume Information\_restore{055D6150-097C-45AA-A5FF-0AF132BFA149}                 
File    E:\System Volume Information\_restore{9871FA70-4AA9-44A1-878A-B530C9C38232}                 
File    F:\System Volume Information\MountPointManagerRemoteDatabase                               
File    F:\System Volume Information\tracking.log                                                   
File    F:\System Volume Information\_restore{055D6150-097C-45AA-A5FF-0AF132BFA149}                 

---- EOF - GMER 1.0.10 ----

(1) Ok, det ser ikke ud til at punkt 2 gav den gevinst, den skulle. Fandt regdelnull ikke noget? Prøv denne måde: Klik på Start-kør, skriv CMD, og klik på OK. Så åbnes en sort dosbox. Her skal du skrive (hver linie skal afsluttes med et tryk på <enter>-tasten):
c:
cd \
regdelnull HKU -s

Så skulle den gerne finde denne linie:
HKU\S-1-5-21-1708537768-813497703-839522115-1003\Software\Zepter Software\RegLib
Som du skal tillade den at fixe.

(2) Derefter synes jeg du skal prøve at downloade vundofix.exe igen fra dette link:
http://www.atribune.org/ccount/click.php?id=4
... men denne gang skal du kopiere den ned til roden af f-drevet. Prøv om det så lykkes at køre det.

den fandt den linje du beskrev i dos vindue og fixede den så det var ok..

men det hjlap ikke at åbne vundofix i f-drevet

Jeg er efterhånden ret sikker på, at de infektioner, der var på din pc er bekæmpet. At Vundofix ikke kan køre på din pc tilskriver jeg derfor at dit system er blevet lettere defekt efter angrebene. Dette bygger jeg bl.a. på, at du ikke kunne finde "task Scheduler"-servicen. Hvordan kører computeren i forhold til normalen?

Hvis den kører som den skal i øvrigt, kan du enten vælge at leve med denne tingenes tilstand, eller du kan prøve om du kan rette op på det enten vha. et sfc-scan, eller vha. en repair. Vejledning til de 2 procedurer finder du her:
SFC-scan: http://www.hcma.dk/tips21to30.htm#no22
Repair: http://www.hcma.dk/tips1to10.htm#no4

Det kunne også være en god ide, at få ryddet lidt op rundt omkring:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser denne artikel om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Den kører meget bedre nu kigger lige på det sidste du har skrvet

vil sige mange tak for hjælpen

vender nok frygtlig tilbage da jeg har en anden maskine stående der også er angrebet

Det var så lidt. Dejligt, at det har hjulpet. :-)