Pop-up med WinAntiVirus, kan det fjernes?

en god ide er at køre en hijackthis 
og smide en log herind så der er en der kan kigge på den
HUSK du må ikke slette noget da det kan skade mere end at gavne

http://www.spywarefri.dk/vaerktoj.htm#hijackthis  tryk på ikonet for at hente det

Her med en længere smører :)
----------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:04:02, on 04-12-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programmer\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\F-Secure Internet Security\Common\FCH32.EXE
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Programmer\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmer\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\john\Skrivebord\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programmer\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BHR4.1] C:\Programmer\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Programmer\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160650612530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160652423624
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Mit antivirus fanger forskellige varianter af denne:Trojan-Spy.Win32.VBStat.h men den bliver tilsyneladende ikke fjernet helt...

-- Hent VirtumundoBeGone, gem det på skrivebordet:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

-- Luk alle kørende programmer, også Internetvinduer, dobbeltklik på VirtumundoBeGone.exe på skrivebordet, læs intro-informationen, klik så på Continue, klik på Start.
Når den spørger om du vil fortsætte, klik på Yes for at køre fixet.
Klik så på Save log.

-- Det sker sommetider at fixet afslutter med "BSOD"(blå skærm og frosset PC) så skal du bare genstarte på Resetknappen.

-- Der kommer en tekstfil på dit skrivebord der hedder VBG.TXT åbn den og kopier teksten herind

-- Omdøb så Hijackthis-programmet (så det hedder alternativ.exe), og lav en ny log med programmet, som du lægger herind.

[12/04/2006, 20:34:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\john\Skrivebord\VirtumundoBeGone.exe" )
[12/04/2006, 20:34:43] - Detected System Information:
[12/04/2006, 20:34:43] -  Windows Version: 5.1.2600, Service Pack 1
[12/04/2006, 20:34:43] -  Current Username: john (Admin)
[12/04/2006, 20:34:43] -  Windows is in NORMAL mode.
[12/04/2006, 20:34:43] - Searching for Browser Helper Objects:
[12/04/2006, 20:34:43] -  BHO 1: {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} ()
[12/04/2006, 20:34:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2006, 20:34:43] -  Checking for HKLM\...\Winlogon\Notify\pxolicky
[12/04/2006, 20:34:43] -  Key not found: HKLM\...\Winlogon\Notify\pxolicky, continuing.
[12/04/2006, 20:34:43] -  BHO 2: {62085230-BBE1-42A3-BEA7-784AC3B42812} ()
[12/04/2006, 20:34:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2006, 20:34:43] -  Checking for HKLM\...\Winlogon\Notify\pmnlk
[12/04/2006, 20:34:43] -  Found: HKLM\...\Winlogon\Notify\pmnlk - This is probably Virtumundo.
[12/04/2006, 20:34:43] -  Assigning {62085230-BBE1-42A3-BEA7-784AC3B42812} MSEvents Object
[12/04/2006, 20:34:43] - BHO list has been changed! Starting over...
[12/04/2006, 20:34:43] -  BHO 1: {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} ()
[12/04/2006, 20:34:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2006, 20:34:43] -  Checking for HKLM\...\Winlogon\Notify\pxolicky
[12/04/2006, 20:34:43] -  Key not found: HKLM\...\Winlogon\Notify\pxolicky, continuing.
[12/04/2006, 20:34:43] -  BHO 2: {62085230-BBE1-42A3-BEA7-784AC3B42812} (MSEvents Object)
[12/04/2006, 20:34:43] - ALERT: Found MSEvents Object!
[12/04/2006, 20:34:43] -  BHO 3: {67270207-b9ee-4d26-9270-860fdb060ca1} ()
[12/04/2006, 20:34:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2006, 20:34:43] -  Checking for HKLM\...\Winlogon\Notify\ixt0
[12/04/2006, 20:34:43] -  Key not found: HKLM\...\Winlogon\Notify\ixt0, continuing.
[12/04/2006, 20:34:43] - Finished Searching Browser Helper Objects
[12/04/2006, 20:34:43] - *** Detected MSEvents Object
[12/04/2006, 20:34:43] - Trying to remove MSEvents Object...
[12/04/2006, 20:34:44] -    Terminating Process: IEXPLORE.EXE
[12/04/2006, 20:34:45] -    Terminating Process: RUNDLL32.EXE
[12/04/2006, 20:34:45] -    Disabling Automatic Shell Restart
[12/04/2006, 20:34:45] -    Terminating Process: EXPLORER.EXE
[12/04/2006, 20:34:45] -    Suspending the NT Session Manager System Service
[12/04/2006, 20:34:45] -    Terminating Windows NT Logon/Logoff Manager

Ny log fra HJT
----------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:41:02, on 04-12-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programmer\F-Secure Internet Security\Common\FSMB32.EXE
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmer\F-Secure Internet Security\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Programmer\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programmer\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\john\Skrivebord\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\pxolicky.dll (file missing)
O2 - BHO: (no name) - {468182AB-B0EA-49DC-AE1D-344DD0EAEB28} - C:\WINDOWS\System32\pmnlk.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\System32\ixt0.dll (file missing)
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programmer\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BHR4.1] C:\Programmer\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Programmer\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160650612530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160652423624
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\System32\pmnlk.dll
O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-- Hent S!Ri's SmitfraudFix.zip og pak det ud til dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Programmet pakker sig ud i en mappe, der hedder SmitfraudFix.

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Hent AVG Anti-Spyware herfra (14 dages version af plus-versionen)
http://www.spywarefri.dk/downloads1.htm
Installer og opdater programmet, men vent med at scanne.

-- Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe

--  Klik så på START-KØR, og kopier følgende tekst ind i det vindue, der dukker op:
[Alt efter sprogversionen på computeren, skal én af følgende 2 linier så klippes ind:]
"%userprofile%\Skrivebord\combofix.exe" /v pmnlk

Klik herefter på OK, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\pxolicky.dll (file missing)
O2 - BHO: (no name) - {468182AB-B0EA-49DC-AE1D-344DD0EAEB28} - C:\WINDOWS\System32\pmnlk.dll
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - C:\WINDOWS\System32\ixt0.dll (file missing)
O20 - Winlogon Notify: pmnlk - C:\WINDOWS\System32\pmnlk.dll
O20 - Winlogon Notify: winbfi32 - winbfi32.dll (file missing)

-- Åbn mappen SmitfraudFix som du fik på Skrivebordet, og dobbeltklik på SmitfraudFix.cmd og tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Kør en fuld scanning med AVG Anti-Spyware, og tillad programmet at fixe de ting, som det finder. Programmet laver en lille log, som du skal kopiere herind.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra AVG Anti-Spyware, loggen fra SmitfraudFix (C:\rapport.txt), og loggen fra Combofix.

Denne linie skal du bare se bort fra (skulle ikke have været med i indlægget):

[Alt efter sprogversionen på computeren, skal én af følgende 2 linier så klippes ind:]

kan jeg undlade at bruge AVG??? Har allerede F-Secure installeret, og med min beskedne viden omkring emnet, mener jeg at 2 forskellige antivirus programmer sjældent har det godt sammen ?

Nu er det godt nok ikke deres Antivirus, men deres antispyware-program, som jeg opfordrer dig til at scanne med. Det skulle ikke give problemer. Men hvis du nødig vil have den ind, kan det godt undværes. Det er mest som en ekstra sikkerhed, at jeg lagde den ind i anvisninge. :-)

Undskyld... Jeg kan jo bare læse hvad det er du skriver :) Har allerede hentet det:) Her er loggen fra Combofix
----------------------------
john - 06-12-04 21:29:45,60    Service Pack 1
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\john\Skrivebord"
Command switches used :: /v pmnlk

((((((((((((((((((((((((((((((((((((((((((((((((  Vundo Log  )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\klnmp.bak2
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\klnmp.tmp


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\F‘lles filer\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\components


(((((((((((((((((((((((((((((((  Files Created from 2006-11-04 to 2006-12-04  ))))))))))))))))))))))))))))))))))


2006-12-04    20:11    <DIR>    d--------    C:\WINDOWS\pss
2006-12-04    18:23    <DIR>    d--------    C:\Programmer\Lavasoft
2006-12-04    18:23    <DIR>    d--------    C:\Documents and Settings\john\Application Data\Lavasoft
2006-12-04    18:10    <DIR>    d--------    C:\Programmer\Empty Temp Folders 2.8.3
2006-12-04    17:56    <DIR>    dr-h-----    C:\Documents and Settings\john\Recent
2006-12-04    17:52    <DIR>    d--------    C:\Programmer\CCleaner
2006-12-02    11:28    <DIR>    d--------    C:\Documents and Settings\john\Application Data\Apple Computer
2006-12-02    11:04    <DIR>    d--------    C:\Programmer\QuickTime
2006-12-02    11:03    <DIR>    d--------    C:\Programmer\Apple Software Update
2006-12-02    11:01    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-12-02    10:44    82,432    --a------    C:\WINDOWS\system32\msxml4r.dll
2006-12-02    10:44    1,233,920    --a------    C:\WINDOWS\system32\msxml4.dll
2006-12-01    17:37    <DIR>    d--------    C:\Programmer\ewido
2006-12-01    17:31    2,360    --a------    C:\WINDOWS\system32\tmp.reg
2006-12-01    13:03    88,340    --a------    C:\WINDOWS\system32\xpadgjag.exe
2006-12-01    13:03    <DIR>    d--------    C:\Documents and Settings\john\Application Data\SearchToolbarCorp
2006-11-26    19:05    <DIR>    d--------    C:\Documents and Settings\john\Application Data\Creative
2006-11-22    19:13    90,112    --a------    C:\WINDOWS\system\BisonVfw.dll
2006-11-22    19:13    82,038    --a------    C:\WINDOWS\system32\BisonRem.dll
2006-11-22    19:13    649,088    --a------    C:\WINDOWS\system32\drivers\BisonCam.sys
2006-11-22    19:13    180,224    --a------    C:\WINDOWS\system\StillDrv.dll
2006-11-22    19:13    126,976    --a------    C:\WINDOWS\system\BisonCam.dll
2006-11-22    19:13    <DIR>    d--------    C:\WINDOWS\Options
2006-11-22    19:13    <DIR>    d--------    C:\WINDOWS\ASUS USB2.0 Webcam
2006-11-20    22:21    208,896    --a------    C:\WINDOWS\system32\NVUNINST.EXE
2006-11-20    22:21    208,896    --a------    C:\WINDOWS\system32\nvudisp.exe
2006-11-20    18:49    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\nView_Profiles
2006-11-20    18:45    <DIR>    d--------    C:\WINDOWS\nview
2006-11-20    18:40    <DIR>    d--------    C:\WINDOWS\Minidump
2006-11-20    18:40    <DIR>    d--------    C:\WINDOWS\LogFiles
2006-11-16    16:13    68,096    --a------    C:\WINDOWS\system32\dpnhupnp.dll
2006-11-16    16:13    132,608    --a------    C:\WINDOWS\system32\devenum.dll
2006-11-16    16:13    13,312    --a------    C:\WINDOWS\system32\msdmo.dll
2006-11-16    15:55    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\NVIDIA
2006-11-16    15:41    <DIR>    d--------    C:\Program Files
2006-11-16    10:06    <DIR>    d--------    C:\WINDOWS\Internet Logs
2006-11-16    10:04    139,604    --a------    C:\WINDOWS\system32\drivers\dne2000.sys
2006-11-16    10:03    5,220    --a------    C:\WINDOWS\system32\drivers\CVirtA.sys
2006-11-16    10:03    269,387    --a------    C:\WINDOWS\system32\drivers\CVPNDRVA.sys
2006-11-16    10:03    143,384    --a------    C:\WINDOWS\system32\CSGina.dll
2006-11-16    10:03    135,168    --a------    C:\WINDOWS\system32\vpnapi.dll
2006-11-16    10:03    113,596    --a------    C:\WINDOWS\system32\dneinobj.dll
2006-11-16    10:03    <DIR>    d--------    C:\Programmer\F‘lles filer\Deterministic Networks
2006-11-16    10:03    <DIR>    d--------    C:\Programmer\Cisco Systems


((((((((((((((((((((((((((((((((((((((((((((((((  Find3M Report  )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-04 21:30    --------    d--------    C:\Programmer\F‘lles filer
2006-12-04 21:06    --------    d--------    C:\Documents and Settings\john\Application Data\Adobe
2006-12-04 20:41    --------    d--------    C:\Programmer\Mozilla Firefox
2006-12-02 11:32    --------    d--------    C:\Documents and Settings\john\Application Data\Macromedia
2006-12-02 10:49    --------    d--h-----    C:\Programmer\InstallShield Installation Information
2006-12-02 10:49    --------    d--------    C:\Programmer\F‘lles filer\Adobe
2006-12-02 10:47    --------    d--------    C:\Programmer\Adobe
2006-11-02 21:19    73216    --a------    C:\WINDOWS\ST6UNST.EXE
2006-11-02 21:19    249856    ---------    C:\WINDOWS\Setup1.exe
2006-11-02 21:19    --------    d--------    C:\Programmer\HLTooLz
2006-10-28 16:56    --------    d--------    C:\Programmer\WinRAR
2006-10-22 16:24    --------    d--------    C:\Documents and Settings\john\Application Data\Skype
2006-10-22 15:08    --------    d--------    C:\Programmer\Skype
2006-10-22 14:18    --------    d--------    C:\Programmer\Teamspeak2_RC2
2006-10-22 14:18    --------    d--------    C:\Documents and Settings\john\Application Data\teamspeak2
2006-10-22 12:22    888832    --a------    C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22    86016    --a------    C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22    81920    --a------    C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22    794624    --a------    C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22    7700480    --a------    C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22    581632    --a------    C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22    5644288    --a------    C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22    5619712    --a------    C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22    5255168    --a------    C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22    466944    --a------    C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22    458752    --a------    C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22    4527488    --a------    C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22    45056    --a------    C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22    442368    --a------    C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22    425984    --a------    C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22    3994624    --a------    C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-22 12:22    35840    --a------    C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22    35840    --a------    C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22    335872    --a------    C:\WINDOWS\system32\nvwrses.dll
2006-10-22 12:22    335872    --a------    C:\WINDOWS\system32\nvwrsel.dll
2006-10-22 12:22    327680    --a------    C:\WINDOWS\system32\nvwrsfr.dll
2006-10-22 12:22    327680    --a------    C:\WINDOWS\system32\nvwrsesm.dll
2006-10-22 12:22    323584    --a------    C:\WINDOWS\system32\nvwrspt.dll
2006-10-22 12:22    323584    --a------    C:\WINDOWS\system32\nvwrsit.dll
2006-10-22 12:22    323584    --a------    C:\WINDOWS\system32\nvrshe.dll
2006-10-22 12:22    323584    --a------    C:\WINDOWS\system32\nvrsar.dll
2006-10-22 12:22    3203072    --a------    C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22    319488    --a------    C:\WINDOWS\system32\nvwrsptb.dll
2006-10-22 12:22    319488    --a------    C:\WINDOWS\system32\nvwrsnl.dll
2006-10-22 12:22    315392    --a------    C:\WINDOWS\system32\nvwrsru.dll
2006-10-22 12:22    315392    --a------    C:\WINDOWS\system32\nvwrshu.dll
2006-10-22 12:22    311296    --a------    C:\WINDOWS\system32\nvwrsde.dll
2006-10-22 12:22    311296    --a------    C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22    3047424    --a------    C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22    303104    --a------    C:\WINDOWS\system32\nvwrstr.dll
2006-10-22 12:22    303104    --a------    C:\WINDOWS\system32\nvwrssl.dll
2006-10-22 12:22    303104    --a------    C:\WINDOWS\system32\nvwrsfi.dll
2006-10-22 12:22    299008    --a------    C:\WINDOWS\system32\nvwrssk.dll
2006-10-22 12:22    299008    --a------    C:\WINDOWS\system32\nvwrsno.dll
2006-10-22 12:22    2973696    --a------    C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22    294912    --a------    C:\WINDOWS\system32\nvwrssv.dll
2006-10-22 12:22    294912    --a------    C:\WINDOWS\system32\nvwrspl.dll
2006-10-22 12:22    294912    --a------    C:\WINDOWS\system32\nvwrsda.dll
2006-10-22 12:22    2924544    --a------    C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22    286720    --a------    C:\WINDOWS\system32\nvwrseng.dll
2006-10-22 12:22    286720    --a------    C:\WINDOWS\system32\nvwrscs.dll
2006-10-22 12:22    286720    --a------    C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22    2859008    --a------    C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22    282624    --a------    C:\WINDOWS\system32\nvwrsar.dll
2006-10-22 12:22    278528    --a------    C:\WINDOWS\system32\nvwrshe.dll
2006-10-22 12:22    278528    --a------    C:\WINDOWS\system32\nvrsfr.dll
2006-10-22 12:22    274432    --a------    C:\WINDOWS\system32\nvrsit.dll
2006-10-22 12:22    274432    --a------    C:\WINDOWS\system32\nvrses.dll
2006-10-22 12:22    274432    --a------    C:\WINDOWS\system32\nvrsel.dll
2006-10-22 12:22    270336    --a------    C:\WINDOWS\system32\nvrsde.dll
2006-10-22 12:22    266240    --a------    C:\WINDOWS\system32\nvrspt.dll
2006-10-22 12:22    266240    --a------    C:\WINDOWS\system32\nvrsnl.dll
2006-10-22 12:22    266240    --a------    C:\WINDOWS\system32\nvrsesm.dll
2006-10-22 12:22    262144    --a------    C:\WINDOWS\system32\nvrsru.dll
2006-10-22 12:22    262144    --a------    C:\WINDOWS\system32\nvrsptb.dll
2006-10-22 12:22    262144    --a------    C:\WINDOWS\system32\nvrsja.dll
2006-10-22 12:22    258048    --a------    C:\WINDOWS\system32\nvrsko.dll
2006-10-22 12:22    253952    --a------    C:\WINDOWS\system32\nvrshu.dll
2006-10-22 12:22    249856    --a------    C:\WINDOWS\system32\nvrstr.dll
2006-10-22 12:22    249856    --a------    C:\WINDOWS\system32\nvrssl.dll
2006-10-22 12:22    249856    --a------    C:\WINDOWS\system32\nvrssk.dll
2006-10-22 12:22    249856    --a------    C:\WINDOWS\system32\nvrspl.dll
2006-10-22 12:22    249856    --a------    C:\WINDOWS\system32\nvrsno.dll
2006-10-22 12:22    245760    --a------    C:\WINDOWS\system32\nvrssv.dll
2006-10-22 12:22    245760    --a------    C:\WINDOWS\system32\nvrsda.dll
2006-10-22 12:22    241664    --a------    C:\WINDOWS\system32\nvrsfi.dll
2006-10-22 12:22    241664    --a------    C:\WINDOWS\system32\nvrseng.dll
2006-10-22 12:22    241664    --a------    C:\WINDOWS\system32\nvrscs.dll
2006-10-22 12:22    229376    --a------    C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22    221184    --a------    C:\WINDOWS\system32\nvrszhc.dll
2006-10-22 12:22    212992    --a------    C:\WINDOWS\system32\nvwrsja.dll
2006-10-22 12:22    212992    --a------    C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22    196608    --a------    C:\WINDOWS\system32\nvwrsko.dll
2006-10-22 12:22    188416    --a------    C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22    1732608    --a------    C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22    167936    --a------    C:\WINDOWS\system32\nvwrszht.dll
2006-10-22 12:22    1662976    --a------    C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22    163840    --a------    C:\WINDOWS\system32\nvwrszhc.dll
2006-10-22 12:22    1622016    --a------    C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22    159810    --a------    C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22    147456    --a------    C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22    1470464    --a------    C:\WINDOWS\system32\nview.dll
2006-10-22 12:22    1339392    --a------    C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22    1236992    --a------    C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22    118784    --a------    C:\WINDOWS\system32\nvrszht.dll
2006-10-22 12:22    1019904    --a------    C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22    1011712    --a------    C:\WINDOWS\system32\nvcpluir.dll
2006-10-21 22:11    --------    d--------    C:\Programmer\ASUS LifeFrame
2006-10-19 16:01    --------    d--------    C:\Programmer\F‘lles filer\AnwSoft
2006-10-14 21:09    --------    d--------    C:\Programmer\Elaborate Bytes
2006-10-14 18:19    34308    --a------    C:\WINDOWS\system32\BASSMOD.dll
2006-10-13 15:37    --------    d--------    C:\Documents and Settings\john\Application Data\Ahead
2006-10-13 15:31    --------    d--------    C:\Programmer\Ahead
2006-10-13 15:26    --------    d--------    C:\Programmer\F‘lles filer\Ahead
2006-10-13 10:44    --------    d--------    C:\Documents and Settings\john\Application Data\AdobeUM
2006-10-13 09:52    --------    d--------    C:\Programmer\GrabIt
2006-10-12 19:06    --------    d--------    C:\Documents and Settings\john\Application Data\Ventrilo
2006-10-12 19:02    --------    d--------    C:\Programmer\Ventrilo
2006-10-12 19:01    --------    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2006-10-12 15:18    --------    d--------    C:\Programmer\ALCATech
2006-10-12 14:58    --------    d--------    C:\Programmer\F‘lles filer\Macromedia Shared
2006-10-12 14:58    --------    d--------    C:\Programmer\F‘lles filer\Macromedia
2006-10-12 14:57    --------    d--------    C:\Programmer\Macromedia
2006-10-12 14:55    --------    d---s----    C:\Documents and Settings\john\Application Data\Microsoft
2006-10-12 14:55    --------    d--------    C:\Programmer\F‘lles filer\InstallShield
2006-10-12 13:58    --------    d--------    C:\Programmer\F‘lles filer\Adobe Systems Shared
2006-10-12 13:56    223128    --a------    C:\WINDOWS\system32\drivers\dtscsi.sys
2006-10-12 13:56    --------    d--------    C:\Programmer\DAEMON Tools
2006-10-12 13:51    --------    d--------    C:\Documents and Settings\john\Application Data\F-Secure
2006-10-12 13:47    --------    d--------    C:\Documents and Settings\john\Application Data\ispnews
2006-10-12 13:41    --------    d--------    C:\Programmer\F-Secure Internet Security
2006-10-12 13:40    118842    -r-------    C:\WINDOWS\bwUnin-6.3.2.123-4476822L.exe
2006-10-12 13:39    90240    --a------    C:\WINDOWS\system32\drivers\sptd8221.sys
2006-10-12 13:39    664064    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2006-10-12 13:36    --------    d--------    C:\Programmer\SlySoft
2006-10-12 13:35    --------    d--------    C:\Programmer\SLD Codec Pack
2006-10-12 13:35    --------    d--------    C:\Programmer\DivX
2006-10-12 13:35    --------    d--------    C:\Programmer\Alcohol Soft
2006-10-12 13:34    --------    d--------    C:\Programmer\XP Codec Pack
2006-10-12 13:26    --------    d--------    C:\Programmer\QuickPar
2006-10-12 13:23    --------    d--------    C:\Documents and Settings\john\Application Data\Mozilla
2006-10-12 13:13    --------    d--------    C:\Programmer\MSN Messenger
2006-10-12 13:13    --------    d--------    C:\Programmer\F‘lles filer\Microsoft Shared
2006-10-12 13:02    --------    d--------    C:\Programmer\Windows Media Player
2006-10-12 13:01    --------    d--------    C:\Programmer\Creative
2006-10-12 12:54    --------    d--------    C:\Programmer\Internet Explorer
2006-10-12 12:43    --------    d--------    C:\Programmer\Messenger
2006-10-12 12:41    --------    d--------    C:\Programmer\Outlook Express
2006-10-12 12:41    --------    d--------    C:\Programmer\NetMeeting
2006-10-12 12:41    --------    d--------    C:\Programmer\Movie Maker
2006-10-12 12:41    --------    d--------    C:\Programmer\F‘lles filer\System
2006-10-12 12:24    62    --ahs----    C:\Documents and Settings\john\Application Data\desktop.ini
2006-10-12 12:24    --------    d--------    C:\Programmer\F‘lles filer\SpeechEngines
2006-10-12 12:24    --------    d--------    C:\Programmer\F‘lles filer\ODBC
2006-10-12 12:11    --------    d--------    C:\Programmer\F‘lles filer\Services
2006-10-12 11:57    --------    d--h-----    C:\Programmer\WindowsUpdate
2006-10-12 11:46    --------    d--------    C:\Programmer\AMD
2006-10-12 11:38    --------    d--h-----    C:\Programmer\Uninstall Information
2006-10-12 11:38    --------    d--------    C:\Documents and Settings\john\Application Data\Identities
2006-10-12 11:35    0    -rahs----    C:\MSDOS.SYS
2006-10-12 11:35    0    -rahs----    C:\IO.SYS
2006-10-12 11:35    0    --a------    C:\CONFIG.SYS
2006-10-12 11:35    0    --a------    C:\AUTOEXEC.BAT
2006-10-12 11:35    --------    d--------    C:\Programmer\xerox
2006-10-12 11:35    --------    d--------    C:\Programmer\microsoft frontpage
2006-10-12 11:34    --------    d--------    C:\Programmer\Onlinetjenester
2006-10-12 11:32    --------    d--------    C:\Programmer\F‘lles filer\Tjenester
2006-10-12 11:32    --------    d--------    C:\Programmer\F‘lles filer\MSSoap
2006-10-12 11:32    --------    d--------    C:\Programmer\ComPlus Applications
2006-10-12 11:31    --------    d--------    C:\Programmer\Windows NT
2006-10-12 11:31    --------    d--------    C:\Programmer\MSN Gaming Zone
2006-10-12 11:31    --------    d--------    C:\Programmer\MSN


((((((((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTHelper"="CTHELPER.EXE"
"Jet Detection"="C:\\Programmer\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe"
"F-Secure Manager"="\"C:\\Programmer\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Programmer\\F-Secure Internet Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Programmer\\F-Secure Internet Security\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Programmer\\F-Secure Internet Security\\FSGUI\\ispnews.exe\""
"DAEMON Tools"="\"C:\\Programmer\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Adobe Version Cue CS2"="\"C:\\Programmer\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AnyDVD"="C:\\Programmer\\SlySoft\\AnyDVD\\AnyDVD.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"BHR4.1"="C:\\Programmer\\Zamaan's Software\\Browser Hijack Retaliator 4.1\\BHR4.1.exe"
"QuickTime Task"="\"C:\\Programmer\\QuickTime\\qttask.exe\" -atboottime"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbfi32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-04 21:31:01.75
C:\ComboFix.txt ... 06-12-04 21:31

Disse meddelser kommer når antispyware programmet scanner i INFORMATION\_RESTORE{E057822B-7E43-4A86-B344-56B908DF9947...:

Ondsindet kode fundet i filen C:\SYSTEM VOLUME INFORMATION\_RESTORE{E057822B-7E43-4A86-B344-56B908DF9947}\RP85\A0016885.DLL.
Inficering: Trojan.Win32.BHO.g
Handling: Filen blev omdøbt.

Ondsindet kode fundet i filen C:\SYSTEM VOLUME INFORMATION\_RESTORE{E057822B-7E43-4A86-B344-56B908DF9947}\RP92\A0017846.DLL.
Inficering: Trojan.Win32.BHO.g
Handling: Filen blev omdøbt.

Ondsindet kode fundet i filen C:\SYSTEM VOLUME INFORMATION\_RESTORE{E057822B-7E43-4A86-B344-56B908DF9947}\RP92\A0017849.DLL.
Inficering: Trojan.Win32.BHO.g
Handling: Filen blev omdøbt.

SmitFraudFix v2.127

Scan done at 21:43:48,71, 04-12-2006
Run from C:\Documents and Settings\john\Skrivebord\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    22:20:13 04-12-2006

+ Scan result:   



C:\Programmer\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Ignored.
G:\Appz\Adobe CS\Massive Plugins\Mega Pack plugins for Adobe Photoshop\Universe Image Creator Plug-ins\TNT-Universe.Image.Creator.Plug-ins_CRK.ZIP/bl_UniverseImageCreatorPlug-ins.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.13:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.37:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.39:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.65:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.20:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.25:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Itrack : Cleaned.
:mozilla.6:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.56:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.76:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.77:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.78:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.81:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\john\Cookies\john@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\john\Cookies\john@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.49:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.70:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.71:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.72:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.73:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.74:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\ql7gdmz3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Det ser fornuftigt ud. Så mangler du bare at poste en frisk log fra Hijackthis.

Den kommer her....
----------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:50:47, on 04-12-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programmer\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\F-Secure Internet Security\Common\FSMB32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\F-Secure Internet Security\Common\FCH32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programmer\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE
C:\Programmer\F-Secure Internet Security\FSGUI\ispnews.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programmer\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\john\Skrivebord\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programmer\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BHR4.1] C:\Programmer\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Programmer\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160650612530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160652423624
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Jeg tror efterhånden vi kan begynde at konkludere, at du er kommet til bunds i problemet. Kører computeren også bedre nu?

Et sidste check kunne jeg dog godt tænke mig at foretage. Prøv derfor følgende:

Gå ind på følgende hjemmeside:
http://virusscan.jotti.org/

Klik på Gennemse, og klik dig så frem til C:\WINDOWS\system32\xpadgjag.exe

Klik så Submit. Så kommer der en lille log over forskellige scanninger frem. Den må du gerne klippe ind i næste svar.

Den adresse du har skrevet ovenfor virker ikke pt. Men maskinen finder ingen virus længere og der er ikke poppet noget op de sidste par timer.

Så er der vist ikke andet ende at sige mange tak for hjælpen. Nu vil jeg komme igang med arbejdet... endnu engang tak!

smid lige et svar så jeg kan give dig dine yderst fortjente point :)

Der kommer et svar her. Alternativt til Jotti, kan du uploade filen her, hvis du vil:
http://www.virustotal.com/en/indexx.html

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

... godt fanget af <ejvindh> mht 'manglende' O2/O20 linier i den oprindeligt HJT Log [04/12-2006 20:06:42] ... - derfor omdøbning til alternativ.exe ...

<vandrefuglen>: Understreget = OG OPDATÉR til M$ ServicePack2 !!!

Du kan hente ServicePack2 (SP2) her som 'løs' fil (~280Mb):
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/
Download/copy til et passende sted på din PC.
Afbryd fra det 'farlige' internet (stikket fysisk UD).
Instaler SP2 pakken.
Når det er så gået godt og efter en genstart eller to - først DA tilslut internettet igen og gå i start ->programmer ->Windowsupdate og lade din maskine scanne for nyeste opdateringer. Installer dem du får anbefalet.
Der skal nok være mere end 60 'pakker' ...

"Ubeskyttede pc’er holder i 20 minutter]":
http://forum.mib-eu.dk/forum_posts.asp?TID=44