Security Alert: Spyware found

Hent http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php.
Kør HijackThis, klik på scan, kopier loggens tekst og smidt den herind.

Jeg har kørt HijackThis, men kan ikke markere (Ctrl+A)og kopiere.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:40, on 08-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
f:\programmer\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
F:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\Explorer.EXE
F:\Programmer\NetProject\scit.exe
F:\Programmer\NetProject\scm.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
F:\Programmer\Mouse Driver\MouseDrv.exe
F:\Programmer\Multimedia Combo Set\PS2USBKbdDrv.exe
F:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
F:\WINDOWS\system32\RunDll32.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinSpyKiller\WinSpyKiller.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
F:\Programmer\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\uWDF.exe
F:\Programmer\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
F:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e404 helper - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - F:\Programmer\Helper\1204733157.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmer\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmer\google\googletoolbar4.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - F:\Programmer\NetProject\wamdl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [APVXDWIN] "F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CreativeMouse ] F:\Programmer\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessMouse ] F:\Programmer\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] F:\Programmer\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [BullGuard] "F:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BullGuard] "F:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [WinSpyKiller] C:\Program Files\WinSpyKiller\WinSpyKiller.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] F:\Programmer\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = F:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/135p/html/gtdownlr.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - Unknown owner - F:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - F:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - f:\programmer\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

--
End of file - 8196 bytes

Jeg ser på det og vender tilbage om lidt med en vejledning.

*SUK* endnu et \NetProject\ offer...

Læs alle punkterne inden du gør noget.
Gem evt. denne vejledning som en tekstfil på skrivebordet vha. Notepad.

(1)
Hent AVG Anti-Spyware her: http://www.grisoft.com/doc/downloads-products/us/crp/0?prd=triasw
Installer programmer og opdater det, men vent med at scanne.

Hent Smitfraud her: http://siri.urz.free.fr/Fix/SmitfraudFix.exe og gem det på skrivebordet.

(2)
Hent AFT-cleaner her: http://www.geekstogo.com/forum/index.php?autocom=downloads&showfile=21
Start programmet og vælg "select all" og derefter "empty all".
Hvis du har Firefox skal du først vælge det i menuen og derefter "select all" og "empty all".

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op) og Fix følgende linjer med HijackThis:
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - F:\Programmer\NetProject\wamdl.dll
O4 - HKCU\..\Run: [WinSpyKiller] C:\Program Files\WinSpyKiller\WinSpyKiller.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] F:\Programmer\NetProject\scit.exe

(4)
Start AVG Anti-Spyware, vælg fanebladet "scanner" og klik på "complete system scan".
Bagefter klik "apply all actions", "save report", "save report as" og gem logfil, f.eks. på skrivebordet.

(5)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende mappe(r):
F:\Programmer\NetProject\
C:\Program Files\WinSpyKiller\

(6)
Dobbeltklik på Smitfraud.exe og vælg ”#2 – Clean”.
Hvis du bliver spurgt om noget vedr. filen wininet.dll, skal du vælge ”yes” ved at taste ”y”.
Det er normalt, hvis computeren genstarter undervejs.
Resultatet af scanningen gemmes i filen rapport.txt.

(7)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind sammen med loggen fra Smitfraud og AVG Anti-Spyware.

Jeg kan ikke finde en, der hedder AVG Anti-Spyware

Og måske: Den hedder AVG Anti-Spyware 7.5 (.1.43)

De har flyttet den. Du kan hente den her:
http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=asf

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:53, on 09-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
f:\programmer\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
F:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\wdfmgr.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\Explorer.EXE
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE
F:\Programmer\Mouse Driver\MouseDrv.exe
F:\Programmer\Multimedia Combo Set\PS2USBKbdDrv.exe
F:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
F:\WINDOWS\system32\RunDll32.exe
F:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
F:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Programmer\MSN Messenger\MsnMsgr.Exe
F:\Programmer\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\uWDF.exe
F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AvTask.exe
F:\Programmer\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e404 helper - {8F10DE2B-E923-4548-B524-4D9C5FA80777} - F:\Programmer\Helper\1204733157.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmer\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [APVXDWIN] "F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CreativeMouse ] F:\Programmer\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessMouse ] F:\Programmer\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] F:\Programmer\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [BullGuard] "F:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BullGuard] "F:\Programmer\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = F:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {10ABC6DB-E091-4EAE-98DD-21B5A2460714} (DetInstaller Class) - http://www.pandasoftware.es/avchecker/controles/AvDetInst.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/135p/html/gtdownlr.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - Unknown owner - F:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - F:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - f:\programmer\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - F:\Programmer\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

--
End of file - 8091 bytes

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    13:56:05 09-03-2008

+ Scan result:   



C:\System Volume Information\_restore{8EB305C7-6224-4B22-85CE-10CA89C132AF}\RP549\A0114734.dll -> Adware.BraveSentry : Ignored.
C:\Program Files\AntiSpywareShield\AntiSpywareShield0.ad -> Adware.DrAntispy : Ignored.
C:\Program Files\WinSpyKiller\WinSpyKiller0.wk -> Adware.DrAntispy : Ignored.
F:\WINDOWS\system32\gtdownlr_118.ocx -> Adware.Gdown : Ignored.
C:\Documents and Settings\Klaus Møss\Cookies\klaus møss@www.adobe[3].txt -> TrackingCookie.Adobe : Cleaned.
C:\Documents and Settings\Klaus Møss\Cookies\klaus møss@hit.gemius[2].txt -> TrackingCookie.Gemius : Cleaned.
C:\Documents and Settings\Klaus Møss\Cookies\klaus møss@skype[1].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\Klaus Møss\Cookies\klaus møss@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Klaus Møss\Cookies\klaus møss@esads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Klaus Møss\Cookies\klaus møss@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end

SmitFraudFix v2.300

Scan done at 14:12:25,64, 09-03-2008
Run from F:\Documents and Settings\Klaus\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1      localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

F:\Documents and Settings\Klaus\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.3.lnk Deleted
F:\DOCUME~1\Klaus\MENUEN~1\VirusHeat 4.3.lnk Deleted
F:\DOCUME~1\Klaus\MENUEN~1\PROGRA~1\VirusHeat 4.3 Deleted
F:\DOCUME~1\ALLUSE~1\MENUEN~1\Online Security Guide.url Deleted
F:\DOCUME~1\ALLUSE~1\MENUEN~1\Security Troubleshooting.url Deleted
F:\DOCUME~1\Klaus\FORETR~1\Online Security Test.url Deleted
F:\Programmer\Helper\ Deleted
F:\Programmer\VirusHeat 4.3\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{267C03A0-734A-4EB0-A5AA-D476C8C821BF}: DhcpNameServer=192.168.2.1 194.239.134.83 193.162.153.164
HKLM\SYSTEM\CS3\Services\Tcpip\..\{267C03A0-734A-4EB0-A5AA-D476C8C821BF}: DhcpNameServer=192.168.2.1 194.239.134.83 193.162.153.164
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 194.239.134.83 193.162.153.164
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 194.239.134.83 193.162.153.164


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Det var en ordentlig omgang.
Tilsyneladende har det hjulpet, så mange tak!
Hvis du lægger et svar, skal jeg med stor glæde acceptere!

Ja, jeg glemte vist at sige, at det godt kan tage lang tid :-)

Det her "nulstiller" windows mht. systemgendannelse:

(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Genstart normalt og aktiver systemgendannelse igen.

1)Der er begyndt at dukke en meddelelse op nede i højre hjørne:
"Forsøg på kapring af Internet Explorer
Angrebstype:
Forsøg på at ændre Search Assistent (all useres)
Program:
F:\PROGRAMMER\GOOGLE
\GOOGLETOOLBARNOTIFIER
\ -------------        "

2) Burde PANDA ikke forhindre spyware?

Skal jeg oprette et (eller to nye) nyt spørgsmål med dette.

GOOGLETOOLBARNOTIFIER er ikke spyware. Det er blot en besked om, at du forsøger at ændre searh engine i Internet Explorer væk fra google.