Kan ikke fjerne trojan helt.

Startsiden vil ændres til dbsarticles.com

Har fulgt http://www.eksperten.dk/artikler/1123

Logfile of HijackThis v1.99.1
Scan saved at 18:30:47, on 02-05-2008
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\wuaclt.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Winamp Remote\bin\OrbTray.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Ditte K\Dokumenter\Rensning\Hja\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {DA86175F-BF2F-4354-AA26-167BB8684D6C} - (no file)
O2 - BHO: {39a8eae4-406b-6898-fe94-e6141c3afc1f} - {f1cfa3c1-416e-49ef-8986-b6044eae8a93} - C:\WINDOWS\System32\thknimhl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Networking Monitoring] C:\WINDOWS\System32\mdm.exe
O4 - HKLM\..\Run: [Modifiet Amateur HTPB] C:\WINDOWS\System32\wuaclt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Programmer\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Modifiet Amateur HTPB] C:\WINDOWS\System32\wuaclt.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm147YYDK
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194438919077
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/02/2008 at 06:22 PM

Application Version : 4.0.1154

Core Rules Database Version : 3451
Trace Rules Database Version: 1443

Scan type      : Complete Scan
Total Scan Time : 00:18:14

Memory items scanned      : 160
Memory threats detected  : 2
Registry items scanned    : 3352
Registry threats detected : 10
File items scanned        : 8100
File threats detected    : 110

Trojan.Vundo-Variant/F
    C:\WINDOWS\SYSTEM32\OPNMFVOG.DLL
    C:\WINDOWS\SYSTEM32\OPNMFVOG.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}
    HKCR\CLSID\{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}
    HKCR\CLSID\{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}\InprocServer32
    HKCR\CLSID\{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{7F3EA905-DE65-4D00-BC1F-FF3A77F8CA30}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\opnMFVOG
    C:\WINDOWS\SYSTEM32\DDCBRJJY.DLL
    C:\WINDOWS\SYSTEM32\FCCBRQIJ.DLL
    C:\WINDOWS\SYSTEM32\FCCCYWXQ.DLL
    C:\WINDOWS\SYSTEM32\HGGWMLCU.DLL
    C:\WINDOWS\SYSTEM32\IIFEDBAX.DLL
    C:\WINDOWS\SYSTEM32\RQRJAATK.DLL
    C:\WINDOWS\SYSTEM32\TUDKMCES.DLL

Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\NNNNLBXR.DLL
    C:\WINDOWS\SYSTEM32\NNNNLBXR.DLL

Adware.Vundo-Variant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7587FA0E-09C5-4EFC-BBF1-58CF6491B726}
    HKCR\CLSID\{7587FA0E-09C5-4EFC-BBF1-58CF6491B726}
    HKCR\CLSID\{7587FA0E-09C5-4EFC-BBF1-58CF6491B726}\InprocServer32
    HKCR\CLSID\{7587FA0E-09C5-4EFC-BBF1-58CF6491B726}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
    C:\Documents and Settings\Ditte K\Cookies\ditte k@banner.joylandcasino[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@atwola[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@bluestreak[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@eas4.emediate[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@tribalfusion[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@mediaplex[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ads.addynamix[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@azjmp[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@cassava[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@19238[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ad[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@e2.emediate[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@pacificpoker[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@serving-sys[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@adopt.specificclick[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@windowsmedia[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@adnetserver[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ads.gamershell[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@3.adbrite[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@apmebf[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@qxl.adservinginternational[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@bestsexworld[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@zedo[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@metacafe.122.2o7[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@qxl.banneradministration[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@tacoda[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@banner.eurogrand[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@server.cpmstar[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@date.ventivmedia[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@bs.serving-sys[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@akira[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ad1.emediate[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@anad.tacoda[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@statse.webtrendslive[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@xiti[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@adfair[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@casalemedia[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@www.zanox-affiliate[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@atdmt[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@hitbox[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@statcounter[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@adopt.euroclick[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ad.yieldmanager[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@media.adrevolver[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ads.planetactive[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@adserver.adservinginternational[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@www.clickmanage[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@revenue[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@track.adform[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@advertising[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@888[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@eas.apm.emediate[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ehg-hollywood.hitbox[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@1070847646[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@doubleclick[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@indextools[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@adserver.banneradministration[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@clicktorrent[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@revsci[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ads.pointroll[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ads2.jubii[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@shopping.112.2o7[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@stat.dealtime[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@tradedoubler[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ads.adbrite[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@fastclick[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@mywebsearch[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ads.zam[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@2o7[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@adserver[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@1066821213[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@nordea.112.2o7[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@specificclick[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@tracking.vindicosuite[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@adtech[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@www.windowsmedia[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@smartadserver[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@edsa.122.2o7[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@new-pcp[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ad.zanox[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@maxserving[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@cgi-bin[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@partypoker[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@ehg-nokiafin.hitbox[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@adbrite[2].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@traffictracker[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@www.burstnet[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@accounts[1].txt
    C:\Documents and Settings\Ditte K\Cookies\ditte k@burstnet[1].txt
    C:\Documents and Settings\Ditte K\Lokale indstillinger\Temp\Cookies\ditte k@adopt.euroclick[2].txt
    C:\Documents and Settings\Ditte K\Lokale indstillinger\Temp\Cookies\ditte k@atdmt[2].txt
    C:\Documents and Settings\Ditte K\Lokale indstillinger\Temp\Cookies\ditte k@date.ventivmedia[1].txt
    C:\Documents and Settings\Ditte K\Lokale indstillinger\Temp\Cookies\ditte k@ads.zam[2].txt
    C:\Documents and Settings\Ditte K\Lokale indstillinger\Temp\Cookies\ditte k@fastclick[2].txt
    C:\Documents and Settings\Ditte K\Lokale indstillinger\Temp\Cookies\ditte k@ad.yieldmanager[1].txt
    C:\Documents and Settings\Ditte K\Lokale indstillinger\Temp\Cookies\ditte k@track.adform[1].txt
    C:\Documents and Settings\Ditte K\Lokale indstillinger\Temp\Cookies\ditte k@tribalfusion[2].txt
    C:\Documents and Settings\Ditte K\Lokale indstillinger\Temp\Cookies\ditte k@mywebsearch[2].txt
    C:\Documents and Settings\Ditte K\Lokale indstillinger\Temp\Cookies\ditte k@advertising[1].txt