Nogen der vil kigge min HJT log igennem?

Download dette fix til rodbiblioteket på din computer (som regel c:\):
http://www.atribune.org/ccount/click.php?id=4

Dobbeltklik på VundoFix.exe for at køre det. Klik på "Scan for Vundo"-knappen. Når programmet er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen

Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at genstarte computeren. Det skal du acceptere.

Genstart herefter computeren, og lav en ny log med HJT, som du lægger herind. Læg også indholdet af denne fil herind: C:\vundofix.txt

Bemærk: Det er muligt at Vundofix ved første scanning finder en fil, som den ikke kan fjerne i første omgang. Så vil Vundofixet genstarte, og fortsætte efter genstarten. HVis dette sker, skal du bare følge instruktionerne ovenfor efter genstarten (startende med "Klik på Scan for Vundo-knappen")

Tak fromsej - det vil jeg gøre!

Jeg får hele tiden denne popup - skide irriterende for den redirecter mig til en side med div. antivirus o.l. - uanset om jeg siger ok eller annuller: http://weblance.dk/popup.gif

Kører lige VundoFix.exe og vender tilbage...

Så var det klaret!

vundofix.txt:


VundoFix V6.2.0

Checking Java version...

Sun Java not detected
Scan started at 14:52:00 07-10-2006

Listing files found while scanning....

C:\WINDOWS\system32\yndcafjh.exe
C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\yndcafjh.exe
C:\WINDOWS\system32\yndcafjh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmj.dll
C:\WINDOWS\system32\mllmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.ini
C:\WINDOWS\system32\jmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jmllm.bak1
C:\WINDOWS\system32\jmllm.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 14:57:48, on 07-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\sxserv101.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\CNYHKey.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmer\Fælles filer\{50278C11-0BB0-1030-0113-06011006002d}\Update.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Tracks Eraser\te.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Fælles filer\PCSuite\Services\NclBTHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Carl\Skrivebord\HijackThis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Portal/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7AC1E235-AAF7-42A6-8BAD-45D91ACD81CC} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt1.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programmer\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Programmer\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tracks Eraser] C:\Programmer\Tracks Eraser\te.exe min
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmer\Fælles filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130600261343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141318211484
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bw+0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {C589E87C-3C0C-497C-A11B-A47CC57328A0} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: LBTWlgn - c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Zetera - Zetera Corporation - C:\Programmer\NETGEAR\SC101 Manager Utility\ZeteraService.exe

Afinstaller Logitech Desktop Messenger i Tilføj/Fjern programmer.

-- Hent S!Ri's SmitfraudFix.zip og pak det ud til dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.

-- Hent Ewido herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1/ewido-setup.exe
Installer og opdater programmet, men vent med at scanne.

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Kør en fuld scanning med Ewido, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra Ewido og loggen fra SmitfraudFix (C:\rapport.txt).

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

SmithfraudFix:

SmitFraudFix v2.105

Scan done at 18:17:10,87, 07-10-2006
Run from C:\Documents and Settings\Carl\Skrivebord\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InProcServer32]
@="C:\WINDOWS\system32\fontexta.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InProcServer32]
@="C:\WINDOWS\system32\fontexta.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\ALLUSE~1\MENUEN~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\MENUEN~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}"="z"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InProcServer32]
@="C:\WINDOWS\system32\fontexta.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00401}\InProcServer32]
@="C:\WINDOWS\system32\fontexta.dll"

»»»»»»»»»»»»»»»»»»»»»»»» End

.........................................................................

Ewido:

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            19:40:59, 07-10-2006
+ Rapport-Checksum:        7A3D9308

+ Scanningsresultat:
    [1424] C:\WINDOWS\system32\fontexta.dll -> Downloader.Delf.aeo : Renset med backup
    C:\Documents and Settings\Carl\Cookies\carl@adtech[1].txt -> TrackingCookie.Adtech : Renset med backup
    C:\Documents and Settings\Carl\Cookies\carl@c.goclick[1].txt -> TrackingCookie.Goclick : Renset med backup
    C:\Documents and Settings\Carl\Cookies\carl@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Renset med backup
    C:\Documents and Settings\Carl\Cookies\carl@doubleclick[1].txt -> TrackingCookie.Doubleclick : Renset med backup
    C:\Documents and Settings\Carl\Cookies\carl@hotlog[2].txt -> TrackingCookie.Hotlog : Renset med backup
    C:\Documents and Settings\Carl\Cookies\carl@marinedepot.122.2o7[1].txt -> TrackingCookie.2o7 : Renset med backup
    C:\Documents and Settings\Carl\Cookies\carl@mediaplex[1].txt -> TrackingCookie.Mediaplex : Renset med backup
    C:\Documents and Settings\Carl\Cookies\carl@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Renset med backup
    C:\Documents and Settings\Carl\Lokale indstillinger\Temp\mst734.tmp -> Trojan.Agent.vg : Renset med backup
    C:\Documents and Settings\Carl\Lokale indstillinger\Temporary Internet Files\Content.IE5\SPUFKPIN\srvctj[1].exe -> Trojan.Dialer.qs : Renset med backup
    C:\Programmer\Fælles filer\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Renset med backup
    C:\Programmer\Fælles filer\Yazzle1122OinAdmin.exe -> Dropper.Small : Renset med backup
    C:\RECYCLER\S-1-5-21-2574553068-2329776720-885537293-1006\Dc25.dll_ -> Trojan.Agent.vg : Renset med backup
    C:\RECYCLER\S-1-5-21-2574553068-2329776720-885537293-1006\Dc26.dll_ -> Downloader.Delf.aeo : Renset med backup
    C:\WINDOWS\system32\fontexta.dll -> Downloader.Delf.aeo : Renset med backup


::Rapport slut

........................................................................

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 20:03:37, on 07-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\sxserv101.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmer\Fælles filer\{50278C11-0BB0-1030-0113-06011006002d}\Update.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Tracks Eraser\te.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\Fælles filer\PCSuite\Services\NclBTHandler.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Carl\Skrivebord\HijackThis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Portal/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7AC1E235-AAF7-42A6-8BAD-45D91ACD81CC} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt1.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programmer\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Programmer\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tracks Eraser] C:\Programmer\Tracks Eraser\te.exe min
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmer\Fælles filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130600261343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141318211484
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Zetera - Zetera Corporation - C:\Programmer\NETGEAR\SC101 Manager Utility\ZeteraService.exe

Det pynter hele tiden.*S*
Har du et Chicony keyboard (tastatur?)?
http://www.bleepingcomputer.com/startups/ShowWnd.exe-9519.html
O4 - HKLM\..\Run: [Showwnd] showwnd.exe << Er jeg i tvivl om.
---------------------------------------
Download og gem denne scanner på skrivebordet. Du skal ikke aktivere den endnu.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), kør Dr.Web.

O2 - BHO: (no name) - {7AC1E235-AAF7-42A6-8BAD-45D91ACD81CC} - C:\WINDOWS\system32\mllmj.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt1.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll (file missing)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)

---------------------------------------
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Når scanningen er færdig, gå op i file – Tryk på- Save Report list.
Så ligger der en en fil der her hedder "drweb.csv" på skrivebordet.
Luk Programmet.
---------------------------------------
Genstart normalt og kom med en frisk Hijackthislog, dobbeltklik på drweb.csv og kopier teksten fra den herind.

Vi fortsætter :)

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 21:15:25, on 08-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programmer\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\WINDOWS\CNYHKey.exe
C:\Programmer\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Programmer\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmer\Fælles filer\{50278C11-0BB0-1030-0113-06011006002d}\Update.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Tracks Eraser\te.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\PCSuite\Services\NclBTHandler.exe
C:\Documents and Settings\Carl\Skrivebord\HijackThis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Portal/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Programmer\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Programmer\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programmer\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Tracks Eraser] C:\Programmer\Tracks Eraser\te.exe min
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmer\Fælles filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130600261343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141318211484
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: LBTWlgn - c:\programmer\fælles filer\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programmer\Fælles filer\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programmer\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Zetera - Zetera Corporation - C:\Programmer\NETGEAR\SC101 Manager Utility\ZeteraService.exe

... og drweb.csv:

sxserv101.exe;C:\WINDOWS\system32;Probably BINARYRES;Incurable.Deleted.;
nsProcess.dll;C:\Documents and Settings\Carl\Lokale indstillinger\Temp\nsu73C.tmp;Tool.ProcessKill;Renamed.;
backup-20061008-161427-410.dll;C:\Documents and Settings\Carl\Skrivebord\HijackThis\backups;Trojan.DownLoader.12744;Deleted.;
Process.exe;C:\Documents and Settings\Carl\Skrivebord\SmitfraudFix\SmitfraudFix;Tool.Prockill;Renamed.;
restart.exe;C:\Documents and Settings\Carl\Skrivebord\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;Renamed.;
MyToolBar.dll;C:\Programmer\Fælles filer\{30278C11-0BB0-1030-0113-06011006002d};Adware.IWantSearch;Renamed.;
A0001365.dll;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP25;Trojan.Virtumod;Deleted.;
A0001437.exe;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP25;Trojan.Virtumod;Deleted.;
A0002186.dll;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP26;Trojan.DownLoader.12744;Deleted.;
A0002187.dll;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP26;Trojan.Mezzia;Deleted.;
A0002208.dll;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP26;Trojan.Virtumod;Deleted.;
A0002210.exe;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP26;Adware.SearchColours;Renamed.;
A0002342.exe;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP27;Dialer.Cool;Deleted.;
A0002343.dll;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP27;Adware.Minibug;Renamed.;
A0002344.exe\data001;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP27\A0002344.exe;Adware.ClickSpring;;
A0002344.exe;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP27;Archive contains infected objects;Moved.;
A0002345.dll;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP27;Trojan.DownLoader.12744;Deleted.;
A0002364.dll;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP27;Tool.ProcessKill;Renamed.;
A0002365.dll;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP27;Trojan.DownLoader.12744;Deleted.;
A0002366.exe;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP27;Tool.Prockill;Renamed.;
A0002367.exe;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP27;Tool.ShutDown.11;Renamed.;
A0002368.dll;C:\System Volume Information\_restore{FDFF6704-B445-46DC-A83C-5857ED410A5E}\RP27;Adware.IWantSearch;Renamed.;
yndcafjh.exe.bad;C:\VundoFix Backups;Adware.SearchColours;Renamed.;

Så er din log ren, vi behøver ikke se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere den.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

Tusind tak for hjælpen!

Velbekomme, tak for point. :-)