Forsøg på ændring af IE

Tror du skal prøve at køre denne http://securityresponse.symantec.com/avcenter/FxVundoB.exe og
derefter følge denne vejledning http://www.eksperten.dk/artikler/954 - hvis jeg får tid følger jeg op, men kan ikke love noget.

ok, det gør jeg med det samme.

Så lige du skrev det med ToolBar888 og så er denne også aktuel http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Åben SmitfraudFix folder and dobbelt-klik smitfraudfix.cmd
Vælg option 1 - Søg ved at taste 1 og tryk "Enter"; en text-fil vil vise en liste med inficerede filer - hvis der er nogen.
Selvom dit antivirus klager over en 'process.exe' mht. zip-filen, når du udpakker den, er det altså ikke virus.

Ingen Trojaner fundet med FxVundoB.exe

Udfører lige nva's doslag fra kl. 10:22 og vender tilbage.

Resultat fra Smitfraudfix.cmd:
--------------------
SmitFraudFix v2.122

Scan done at 10:30:50,89, 16-11-2006
Run from C:\dummy\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\_______________


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\______________\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\______\FORETR~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuelle startside"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
--------------------

Dette er 'sakset' fra en anden tråd:

Dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Bagefter følger du denne vejledning http://www.eksperten.dk/artikler/954

Hermed rengørings-fil fra SmitFraudFix

------------
SmitFraudFix v2.122

Scan done at 11:33:23,12, 16-11-2006
Run from C:\dummy\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
---------------------

Går videre med http://www.eksperten.dk/artikler/954 som anbefalet.

Det tager sin tid på en bærbar pc.

SAS Log:
-----------------------------------
SUPERAntiSpyware Scan Log
Generated 11/16/2006 at 04:40 PM

Application Version : 3.3.1020

Core Rules Database Version : 0
Trace Rules Database Version: 0

Scan type      : Complete Scan
Total Scan Time : 00:59:46

Memory items scanned      : 184
Memory threats detected  : 2
Registry items scanned    : 7050
Registry threats detected : 47
File items scanned        : 31618
File threats detected    : 4

Trojan.WinFixer
    C:\WINDOWS\SYSTEM32\SSQPN.DLL
    C:\WINDOWS\SYSTEM32\SSQPN.DLL
    HKLM\Software\Classes\CLSID\{F760D9AD-2C9D-4E45-9425-FB30A0FD5651}
    HKCR\CLSID\{F760D9AD-2C9D-4E45-9425-FB30A0FD5651}
    HKCR\CLSID\{F760D9AD-2C9D-4E45-9425-FB30A0FD5651}\InprocServer32
    HKCR\CLSID\{F760D9AD-2C9D-4E45-9425-FB30A0FD5651}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F760D9AD-2C9D-4E45-9425-FB30A0FD5651}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ssqpn

Trojan.Mezzia/Resident
    C:\WINDOWS\SYSTEM32\WINJYG32.DLL
    C:\WINDOWS\SYSTEM32\WINJYG32.DLL

Trojan.Unknown Origin
    HKLM\SOFTWARE\Microsoft\MSSMGR
    HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
    HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
    HKLM\SOFTWARE\Microsoft\MSSMGR#LID
    HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#Data
    HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR

Adware.Toolbar888
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
    HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
    HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#UninstallString
    HKCR\MyToolBar.MyToolBarObj
    HKCR\MyToolBar.MyToolBarObj\CLSID
    HKCR\MyToolBar.MyToolBarObj\CurVer
    HKCR\MyToolBar.MyToolBarObj.1
    HKCR\MyToolBar.MyToolBarObj.1\CLSID
    HKLM\Software\Classes\MyToolBar.MyToolBarObj
    HKLM\Software\Classes\MyToolBar.MyToolBarObj\CLSID
    HKLM\Software\Classes\MyToolBar.MyToolBarObj\CurVer
    HKLM\Software\Classes\MyToolBar.MyToolBarObj.1
    HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID

Adware.ClickSpring/Yazzle
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1162Oin
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1162Oin#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1162Oin#UninstallString
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DOCTORWEB\QUARANTINE\YAZZLE1162OINADMIN.EXE
    C:\PROGRAMMER\FæLLES FILER\YAZZLE1162OINUNINSTALLER.EXE
-------------------------------

DrWEB log:
--------------------------
mytoolbar.dll;c:\programmer\fælles filer\{304b7eaf-063c-1030-0722-05050622002d};Adware.IWantSearch;;
ssqpn.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
tuvutrr.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
install.exe;C:\Documents and Settings\_______\Data\JP\DYVE\Programmer\SYSTAT_TableCurve_3D_v4.0;Adware.DollarRevenue;Renamed.;
Process.exe;C:\dummy\SmitfraudFix\SmitfraudFix;Tool.Prockill;Renamed.;
restart.exe;C:\dummy\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;Renamed.;
Yazzle1162OinAdmin.exe\data001;C:\Programmer\Fælles filer\Yazzle1162OinAdmin.exe;Adware.ClickSpring;;
Yazzle1162OinAdmin.exe\data002;C:\Programmer\Fælles filer\Yazzle1162OinAdmin.exe;Adware.ClickSpring;;
Yazzle1162OinAdmin.exe\data003;C:\Programmer\Fælles filer\Yazzle1162OinAdmin.exe;Trojan.PurityAd;;
Yazzle1162OinAdmin.exe;C:\Programmer\Fælles filer;Archive contains infected objects;Moved.;
MyToolBar.dll;C:\Programmer\Fælles filer\{304B7EAF-063C-1030-0722-05050622002d};Adware.IWantSearch;Renamed.;
services.dll;C:\Programmer\Fælles filer\{604B7EAF-063C-1030-0722-05050622002d};Trojan.DownLoader.14123;Deleted.;
Update.exe;C:\Programmer\Fælles filer\{604B7EAF-063C-1030-0722-05050622002d};Trojan.DownLoader.14336;Deleted.;
A0018469.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP161;Trojan.Popuper;Deleted.;
A0018490.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP161;Trojan.Popuper;Deleted.;
A0018505.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP161;Trojan.Popuper;Deleted.;
A0018522.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP161;Trojan.Popuper;Deleted.;
A0018746.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167;Trojan.Popuper;Deleted.;
A0018762.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167;Trojan.Popuper;Deleted.;
A0018786.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167;Trojan.Popuper;Deleted.;
A0018802.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167;Trojan.Popuper;Deleted.;
A0018804.exe\data001;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167\A0018804.exe;Adware.ClickSpring;;
A0018804.exe\data002;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167\A0018804.exe;Adware.ClickSpring;;
A0018804.exe\data003;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167\A0018804.exe;Trojan.PurityAd;;
A0018804.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167;Archive contains infected objects;Moved.;
A0018823.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167;Trojan.Popuper;Deleted.;
A0018968.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP168;Trojan.Popuper;Deleted.;
A0018976.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP168;Trojan.Popuper;Deleted.;
A0018983.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP169;Adware.DollarRevenue;Renamed.;
A0018984.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP169;Tool.Prockill;Renamed.;
A0018985.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP169;Tool.ShutDown.11;Renamed.;
A0018986.exe\data001;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP169\A0018986.exe;Adware.ClickSpring;;
A0018986.exe\data002;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP169\A0018986.exe;Adware.ClickSpring;;
A0018986.exe\data003;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP169\A0018986.exe;Trojan.PurityAd;;
A0018986.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP169;Archive contains infected objects;Moved.;
A0018987.dll;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP169;Adware.IWantSearch;Renamed.;
A0018988.dll;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP169;Trojan.DownLoader.14123;Deleted.;
A0018989.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP169;Trojan.DownLoader.14336;Deleted.;
enqktxcp.dll;C:\WINDOWS\system32;Trojan.Juan;Deleted.;
ishost.exe_tobedeleted;C:\WINDOWS\system32;Trojan.Popuper;Deleted.;
rqrqqnm.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
ssqpn.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
tuvutrr.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
wwohkjli.exe;C:\WINDOWS\system32;Adware.SearchColours;Renamed.;
--------------------------------

Dr.WEB gav:
-------------------------
mytoolbar.dll;c:\programmer\fælles filer\{304b7eaf-063c-1030-0722-05050622002d};Adware.IWantSearch;;
ssqpn.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
tuvutrr.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
install.exe;C:\Documents and Settings\_______\Data\JP\DYVE\Programmer\SYSTAT_TableCurve_3D_v4.0;Adware.DollarRevenue;Renamed.;
Process.exe;C:\dummy\SmitfraudFix\SmitfraudFix;Tool.Prockill;Renamed.;
restart.exe;C:\dummy\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;Renamed.;
Yazzle1162OinAdmin.exe\data001;C:\Programmer\Fælles filer\Yazzle1162OinAdmin.exe;Adware.ClickSpring;;
Yazzle1162OinAdmin.exe\data002;C:\Programmer\Fælles filer\Yazzle1162OinAdmin.exe;Adware.ClickSpring;;
Yazzle1162OinAdmin.exe\data003;C:\Programmer\Fælles filer\Yazzle1162OinAdmin.exe;Trojan.PurityAd;;
Yazzle1162OinAdmin.exe;C:\Programmer\Fælles filer;Archive contains infected objects;Moved.;
MyToolBar.dll;C:\Programmer\Fælles filer\{304B7EAF-063C-1030-0722-05050622002d};Adware.IWantSearch;Renamed.;
services.dll;C:\Programmer\Fælles filer\{604B7EAF-063C-1030-0722-05050622002d};Trojan.DownLoader.14123;Deleted.;
Update.exe;C:\Programmer\Fælles filer\{604B7EAF-063C-1030-0722-05050622002d};Trojan.DownLoader.14336;Deleted.;
A0018469.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP161;Trojan.Popuper;Deleted.;
A0018490.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP161;Trojan.Popuper;Deleted.;
A0018505.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP161;Trojan.Popuper;Deleted.;
A0018522.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP161;Trojan.Popuper;Deleted.;
A0018746.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167;Trojan.Popuper;Deleted.;
A0018762.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167;Trojan.Popuper;Deleted.;
A0018786.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167;Trojan.Popuper;Deleted.;
A0018802.exe;C:\System Volume Information\_restore{B1829B26-DD2F-4063-B395-DB9B61FBA91D}\RP167;Trojan.Popuper;Deleted.;
A0018804.exe\data001;C:\System Volume Information\_restore{B18

Så mangler du vist bare at lægge en log fra HiJackThis.

Ok - har desværre ikke adgang til nettet i dag(timerne).
Den bliver lagt ind ved 19'tiden.

HijackThis:
-----------------------
Logfile of HijackThis v1.99.1
Scan saved at 08:15:17, on 18-11-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Programmer\webserver\bin\win32\matlabserver.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programmer\bin\win32\matlab.exe
C:\Programmer\National Instruments\MAX\nimxs.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nicitdl5.exe
C:\Programmer\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Programmer\National Instruments\Shared\Tagger\tagsrv.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\flexlm\SolidWorks 2005 SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\flexlm\SolidWorks 2005 SolidNetWork License Manager\SW_D.EXE
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\nipalsm.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Apoint\Apntex.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmer\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FÆLLES~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\dummy\1\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IE Privacy Keeper] "C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKLM\..\Run: [dbservices] scm -Silent 1 -Action 1 -Service mssqlserver
O4 - HKLM\..\Run: [RIS2PostReboot] C:\Programmer\LEGO MINDSTORMS\RIS 2.0\LaunchRIS2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [niDevMon] C:\Programmer\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162401676093
O17 - HKLM\System\CCS\Services\Tcpip\..\{4201A17B-9190-40D2-806E-7976D30D8D06}: NameServer = 85.255.113.139,85.255.112.22
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: IntelWireless - C:\Programmer\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: tuvutrr - tuvutrr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programmer\webserver\bin\win32\matlabserver.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Programmer\National Instruments\MAX\nimxs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: National Instruments Citadel (NICitadel5Service) - National Instruments, Inc. - C:\WINDOWS\system32\nicitdl5.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Programmer\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Programmer\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Programmer\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\SolidWorks 2005 SolidNetWork License Manager\lmgrd.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
--------------------------------------

Saksede dette fra en anden tråd:

1. Hent FixWareout fra et af disse links:

http://forums.subratam.org/index.php?act=A...e=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

2. Gem filen på dit Skrivebord og dobbeltklik på den. Klik Next -> Install og check, at der er et flueben i "Run fixit" - klik herefter på Finish. Fixet vil nu starte, og du skal blot følge instruktionerne. Du vil blive bedt om at genstarte din computer - gør venligst det. Genstarten vil tage lidt længere tid end normalt...

3. Når dit system genstarter skal du fortsat følge den vejledning, der gives på skærmen. Når fixet er færdigt vil HijackThis starte automatisk - klik på Scan, og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

Hvis disse linier stadig er i HiJackThis efter Fixwareout skal de fixes:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4201A17B-9190-40D2-806E-7976D30D8D06}: NameServer = 85.255.113.139,85.255.112.22
O20 - Winlogon Notify: tuvutrr - tuvutrr.dll (file missing)
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)

Lægger et svar, som du bare afviser, hvis du ikke kunne bruge mit input.

nva - undskyld at jeg ikke har fået lukket dette.