Adgang til kontrolpanel nægtet + HJTlog

... det er jo noget være noget ... der er også en del Uønskede elementer i dit system...

Gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123

Hmm..det er sgu noget værre noget ja..men jeg har nu gennemført proceduren og har umiddelbart fået skidtet til at virke igen. Ingen popups og fin kontakt med kontrolpanel osv.

Men jeg lægger lige nogle logfiler, og så må du da meget gerne lige beskrive de uønskede elementer du kan se jeg har liggende og om de skal slettes eller hvad. Det lyder farligt men er måske ikke så slemt??


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:20, on 18-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Programmer\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmer\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Programmer\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\SiteAdvisor\6172\SiteAdv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Programmer\Fælles filer\Microsoft Shared\MODI\11.0\MSPVIEW.EXE
C:\Documents and Settings\Michael\Skrivebord\Antivirus og Spyware programmer\HiJackThis V. 2.00.2 - alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SpyBlocker] C:\Programmer\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmer\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.get2net.dk/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157855007953
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Programmer\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server -  - C:\Programmer\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SiteAdvisor-tjeneste (SiteAdvisor Service) - Unknown owner - C:\Programmer\SiteAdvisor\6172\SAService.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe

--
End of file - 9895 bytes


------------------------------------------------------------------------------------

ComboFix 07-08-14.4 - "Michael" 2007-09-18  0:03:31.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.439 [GMT 2:00]
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start.\autorun.exe
C:\DOCUME~1\Michael\APPLIC~1\install.dat
C:\DOCUME~1\Michael\MENUEN~1\PROGRA~1\Start.\system.exe
C:\WINDOWS\system32\components
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\WinAvXX.exe


(((((((((((((((((((((((((  Files Created from 2007-08-17 to 2007-09-17  )))))))))))))))))))))))))))))))


2007-09-17 22:51    <DIR>    d--------    C:\Programmer\CCleaner
2007-09-17 22:25    0    --a------    C:\WINDOWS\system32\CMMGR32.EXE
2007-09-17 22:19    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-17 22:19    <DIR>    d--------    C:\DOCUME~1\Michael\APPLIC~1\SUPERAntiSpyware.com
2007-09-17 22:19    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-17 19:06    <DIR>    d--------    C:\Programmer\Windows Defender
2007-09-17 19:04    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-09-17 19:02    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-09-16 16:24    94,480    --a------    C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-16 12:14    <DIR>    d--------    C:\Programmer\cicp
2007-09-16 11:50    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-16 12:45    ---------    d--------    C:\Programmer\Windows Media Connect 2
2007-09-16 12:45    ---------    d--------    C:\Programmer\Windows Live Toolbar
2007-09-16 12:23    ---------    d--------    C:\DOCUME~1\Michael\APPLIC~1\Lavasoft
2007-09-16 12:04    ---------    d--------    C:\Programmer\Lavasoft
2007-09-14 21:33    ---------    d--------    C:\Programmer\MSN Messenger
2007-09-12 17:17    ---------    d--------    C:\Programmer\SiteAdvisor
2007-08-15 19:43    ---------    d--------    C:\Programmer\MSXML 6.0
2007-08-07 18:44    ---------    d--------    C:\Programmer\MSBuild
2007-08-07 18:40    ---------    d--------    C:\Programmer\Reference Assemblies
2007-08-02 18:02    ---------    d--------    C:\DOCUME~1\Michael\APPLIC~1\AdobeUM
2007-07-31 00:17    ---------    d--------    C:\DOCUME~1\Michael\APPLIC~1\SiteAdvisor
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 08:58    3583488    --a------    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 19:14    24575    --a------    C:\WINDOWS\system32\MSWINSYSPIOSCUP24.DLL
2007-07-13 01:31    765952    --a------    C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 16:05    823808    --a------    C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:05    671232    --a------    C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:05    6058496    ---------    C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:05    52224    ---------    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:05    477696    --a------    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:05    459264    ---------    C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:05    44544    ---------    C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:05    27648    --a------    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:05    267776    ---------    C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:05    232960    ---------    C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:05    193024    --a------    C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:05    1152000    --a------    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:05    105984    ---------    C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:05    102400    ---------    C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:04    384512    ---------    C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:04    230400    ---------    C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:04    153088    ---------    C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:04    132608    --a------    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:04    124928    ---------    C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34    317952    --a------    C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-27 10:27    63488    ---------    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27    13824    ---------    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:25    625152    ---------    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00    161792    ---------    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10    1104896    ---------    C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32    282112    ---------    C:\WINDOWS\system32\dllcache\gdi32.dll
2005-04-28 18:52    7122    --a------    C:\Programmer\core.ini
2005-04-28 18:52    3667    --a------    C:\Programmer\app.ini
2005-04-28 15:21    345    --a------    C:\Programmer\rend_d3d.ini
2003-09-06 01:58    12193792    --a------    C:\Programmer\Flash.exe
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\System
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 14:59 C:\WINDOWS\SOUNDMAN.EXE]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10]
"SunJavaUpdateSched"="C:\Programmer\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 18:23]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" []
"CleanEasyImg"="c:\apps\easydvd\cleanall.exe" []
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 09:19]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2003-05-27 04:08]
"SpyBlocker"="C:\Programmer\SpyBlocker Software\spyblocker.exe" []
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 13:45 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-02-16 11:54]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-03-02 16:24]
"SiteAdvisor"="C:\Programmer\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 17:42]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Begone"="c:\freescan\freescan.exe" []
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2003-05-27 04:08]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2006-09-25 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-01-10 15:14]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2004-05-16 22:39:16]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
AutoCAD Startup Accelerator.lnk - C:\Programmer\F‘lles filer\Autodesk Shared\acstart17.exe [2006-03-23 21:16:32]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2006-04-25 20:31:42]
Service Manager.lnk - C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\systems.txt

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Instant Access"=rundll32.exe EGCOMSERVICE_1042.dll,InstantAccess

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Programmer\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe
R3 FileSpy5;BullGuard File Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\filespy5.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
R3 Reconn;BullGuard Email Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\reconn.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\Drivers\L8042mou.sys
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Programmer\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech WingMan USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bg5    BGMainSvc BsFileSpy BsMailProxy BsFirewall


Contents of the 'Scheduled Tasks' folder
2007-03-12 20:01:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-09-17 21:04:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programmer\Windows Defender\MpCmdRun.exe
2007-09-17 21:24:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 00:07:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  EPSON Stylus Photo R200 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"?????E??????????????w????????????????p??????????????????????w????p???????????8???????????*W?w????p???????<W?wp???????????5N?w???????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="System32\DRIVERS\viaagp.sys"

Completion time: 2007-09-18  0:07:53
C:\ComboFix-quarantined-files.txt ... 2007-09-18 00:07

    --- E O F ---

********************************* ROOTCHK-(15-08-07)-LOG, by ejvindh
18-09-2007 21:17:25,82

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 21:17:26
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aeucmgrrze]
"ErrorControl"=dword:00000000
"Type"=dword:00000010
"Group"="Filter"
"Tag"=dword:00000001
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Aeucmgrrze\Security]

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

.... jeps - der er blever ædt nogle Uønskede elementer - BINGO...

Hvordan kører PC'en så nu ???

Den kører meget bedre nu; på nettet skifter den feks hurtigere mellem siderne i forhold til før, hvor den havde tendens til at fryse.
Kan du udfra loggen se om PC'en er helt ren og lækker nu, eller er der evt noget jeg kan rense yderligere ud i??
Når PC'en bare og står og passer sig selv uden der er nogle programmer igang, synes jeg nemlig den lyder som om den bliver belastet af et eller andet - som om den arbejder/harddisken går op og ned i omdrejninger(eller hvad det hedder)?!

Den er ikke helt ren endnu.

-- Din Java er forældet. Den bør du få opdateret.

-- Hent S!Ri's SmitfraudFix.zip og gem det på dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Alternativt herfra:
http://72.232.135.12/siri/SmitfraudFix.exe

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør SmitfraudFix. Tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Genstart til normal tilstand igen.

-- Kopiér så indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
Driver::
Aeucmgrrze

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCSPlayer"=-
"CleanEasyImg"=-
"SpyBlocker"=-
"TkBellExe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Begone"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=""
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn

Ok..det vil jeg lige prøve når jeg kommer hjem fra arbejde. Og så vender jeg tilbage med de forskellige logs.

I skal have tak for hjælpen indtil videre.

Min Java er nu opdateret og jeg har kørt de forskellige ting du beskrev.
Da combofixen var færdig og pcen genstartet, kunne jeg konstatere at mit skrivebord var ændret og min startside pludselig var en anden. Hvorfor nu det?? Det er jo ikke klassisk fedt, da det plejer at være tegn på at der er snavs på pcen..eller hvad!?

Nåh, men her er lidt logs...ser det bedre ud nu?


SmitFraudFix v2.225

Scan done at 20:42:29,76, 19-09-2007
Run from C:\Documents and Settings\Michael\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1      localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9EBC6191-C2A3-47CB-8A18-417492EF2F5A}: DhcpNameServer=212.242.40.3 212.242.40.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9EBC6191-C2A3-47CB-8A18-417492EF2F5A}: DhcpNameServer=212.242.40.3 212.242.40.51
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.242.40.3 212.242.40.51
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.242.40.3 212.242.40.51


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


ComboFix 07-08-14.4 - "Michael" 2007-09-19 20:56:03.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.401 [GMT 2:00]
Command switches used ::  C:\Documents and Settings\Michael\Skrivebord\Antivirus og Spyware programmer\CFScript.txt
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\Aeucmgrrze


(((((((((((((((((((((((((  Files Created from 2007-08-19 to 2007-09-19  )))))))))))))))))))))))))))))))


2007-09-19 20:42    3,532    --a------    C:\WINDOWS\system32\tmp.reg
2007-09-17 22:51    <DIR>    d--------    C:\Programmer\CCleaner
2007-09-17 22:25    0    --a------    C:\WINDOWS\system32\CMMGR32.EXE
2007-09-17 22:19    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-17 22:19    <DIR>    d--------    C:\DOCUME~1\Michael\APPLIC~1\SUPERAntiSpyware.com
2007-09-17 22:19    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-17 19:06    <DIR>    d--------    C:\Programmer\Windows Defender
2007-09-17 19:04    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-09-17 19:02    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-09-16 16:24    94,480    --a------    C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-16 12:14    <DIR>    d--------    C:\Programmer\cicp
2007-09-16 11:50    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-16 12:45    ---------    d--------    C:\Programmer\Windows Media Connect 2
2007-09-16 12:45    ---------    d--------    C:\Programmer\Windows Live Toolbar
2007-09-16 12:23    ---------    d--------    C:\DOCUME~1\Michael\APPLIC~1\Lavasoft
2007-09-16 12:04    ---------    d--------    C:\Programmer\Lavasoft
2007-09-14 21:33    ---------    d--------    C:\Programmer\MSN Messenger
2007-09-12 17:17    ---------    d--------    C:\Programmer\SiteAdvisor
2007-08-15 19:43    ---------    d--------    C:\Programmer\MSXML 6.0
2007-08-07 18:44    ---------    d--------    C:\Programmer\MSBuild
2007-08-07 18:40    ---------    d--------    C:\Programmer\Reference Assemblies
2007-08-02 18:02    ---------    d--------    C:\DOCUME~1\Michael\APPLIC~1\AdobeUM
2007-07-31 00:17    ---------    d--------    C:\DOCUME~1\Michael\APPLIC~1\SiteAdvisor
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 08:58    3583488    --a------    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-15 19:14    24575    --a------    C:\WINDOWS\system32\MSWINSYSPIOSCUP24.DLL
2007-07-13 01:31    765952    --a------    C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 16:05    823808    --a------    C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:05    671232    --a------    C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:05    6058496    ---------    C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:05    52224    ---------    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:05    477696    --a------    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:05    459264    ---------    C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:05    44544    ---------    C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:05    27648    --a------    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:05    267776    ---------    C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:05    232960    ---------    C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:05    193024    --a------    C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:05    1152000    --a------    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:05    105984    ---------    C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:05    102400    ---------    C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:04    384512    ---------    C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:04    230400    ---------    C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:04    153088    ---------    C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:04    132608    --a------    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:04    124928    ---------    C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 15:34    317952    --a------    C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-27 10:27    63488    ---------    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27    13824    ---------    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:25    625152    ---------    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00    161792    ---------    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10    1104896    ---------    C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32    282112    ---------    C:\WINDOWS\system32\dllcache\gdi32.dll
2005-04-28 18:52    7122    --a------    C:\Programmer\core.ini
2005-04-28 18:52    3667    --a------    C:\Programmer\app.ini
2005-04-28 15:21    345    --a------    C:\Programmer\rend_d3d.ini
2003-09-06 01:58    12193792    --a------    C:\Programmer\Flash.exe
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\System
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 14:59 C:\WINDOWS\SOUNDMAN.EXE]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2003-01-21 09:19]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2003-05-27 04:08]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 13:45 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-02-16 11:54]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-03-02 16:24]
"SiteAdvisor"="C:\Programmer\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 17:42]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2003-05-27 04:08]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"BullGuard"="C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" [2006-09-25 15:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-01-10 15:14]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"ALUAlert"=C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe
"DWQueuedReporting"="C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2004-05-16 22:39:16]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
AutoCAD Startup Accelerator.lnk - C:\Programmer\F‘lles filer\Autodesk Shared\acstart17.exe [2006-03-23 21:16:32]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2006-04-25 20:31:42]
Service Manager.lnk - C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Programmer\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe
R3 FileSpy5;BullGuard File Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\filespy5.sys
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys
R3 Reconn;BullGuard Email Monitor;\??\C:\Programmer\BullGuard Software\BullGuard\reconn.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\Drivers\L8042mou.sys
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Programmer\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech WingMan USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bg5    BGMainSvc BsFileSpy BsMailProxy BsFirewall


Contents of the 'Scheduled Tasks' folder
2007-03-12 20:01:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-09-19 19:04:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programmer\Windows Defender\MpCmdRun.exe
2007-09-19 18:24:01 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 21:01:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  EPSON Stylus Photo R200 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"?????E??????????????w????????????????p??????????????????????w????p???????????8???????????*W?w????p???????<W?wp???????????5N?w???????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="System32\DRIVERS\viaagp.sys"

Completion time: 2007-09-19 21:04:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-19 21:04
C:\ComboFix2.txt ... 2007-09-18 21:25
C:\ComboFix3.txt ... 2007-09-18 00:07

    --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:26, on 19-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Programmer\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmer\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Programmer\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\SiteAdvisor\6172\SiteAdv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\BullGuard Software\BullGuard\bullguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Michael\Skrivebord\Antivirus og Spyware programmer\HiJackThis V. 2.00.2 - alternativ.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmer\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmer\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.get2net.dk/
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157855007953
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Programmer\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server -  - C:\Programmer\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SiteAdvisor-tjeneste (SiteAdvisor Service) - Unknown owner - C:\Programmer\SiteAdvisor\6172\SAService.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Programmer\Virtual CD v4 SDK\system\vcssecs.exe

--
End of file - 9367 bytes

Så har jeg ikke rigtig mere at "brokke" mig over. Du kan dog lige fixe denne linie med Hijackthis, men det skulle ikke give de store problemer:

O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab

Angående startsiden, så ville jeg i udgangspunktet ikke bekymre mig, hvis jeg var dig. Combofix nulstiller startsiden. Jeg kan ikke lige huske præcis til hvad, men enten er det en tom start side, google eller msn.com. Hvis det er én af disse, der nu dukker op, så er alt i orden, og du kan bare manuelt indstille det, som du vil have det.

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

Hehe..ja du er vist et værre "brokkehoved"..arj..men nu er info6 slettet og vil så bare lige gøre arbejdet færdigt med gendannelsen osv dér.
Startsiden var ændret til msn.com, så problemet var til at overskue.

Du skal have mange tak for hjælpen.
Hvordan får jeg afleveret de hér point til dig?

Det kan du nu, hvor jeg har lagt et svar :-). Markér mit navn nederst til venstre, og klik på Accepter.

Det vil dog være rimeligt lige at vente på dr1_larry, der også har bidraget med rensningen. Så kan vi dele de point, du har udlovet, ved at du markerer begge vore navne :-)

Nåhh på den måde..smart :)
Jamen jeg venter lige så han også kan få en tak for hjælpen så..selvfølgelig.

Ping...
(Det var et [svar]...)

Ping ping..det var point :)

Det var sgu godt i kunne hjælpe.. endnu engang tak til jer begge..

Du er velkommen :-)