problemer med pop up

Følg vejledningen her: http://www.eksperten.dk/artikler/1123
Bagefter send en ny hijackthis-log herind.

mit internet lukker ned hver gang jeg forsøger at hente super anti spyware

(Kør de programmer du ka' i første omgang: Jeg ka pænt se - noget af - 'snavset' allerede...)

<levich> fortsætter...

føst combo log

ComboFix 08-06-16.5 - kim 2008-06-18 22:01:51.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.66 [GMT 2:00]
Running from: C:\Documents and Settings\kim\Dokumenter\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM5377164d.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byXOHBtT.dll
C:\WINDOWS\system32\cMWGgfii.ini
C:\WINDOWS\system32\cMWGgfii.ini2
C:\WINDOWS\system32\esdvtjhy.dll
C:\WINDOWS\system32\geBtQjjg.dll
C:\WINDOWS\system32\hdsjiyvs.ini
C:\WINDOWS\system32\hdsjiyvs.tmp
C:\WINDOWS\system32\ijl11pro.dll
C:\WINDOWS\system32\ljJBUmKB.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mnvgpewa.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mxlwgpdu.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qidxoxsr.dll
C:\WINDOWS\system32\svyijsdh.dll
C:\WINDOWS\system32\vdtvwlfa.dll
C:\WINDOWS\system32\wvUnMCVL.dll
C:\WINDOWS\system32\xejilfmm.dll
C:\WINDOWS\system32\xpvwdnsl.dll
C:\WINDOWS\system32\xsanrlrg.ini
C:\WINDOWS\winhelp.ini

.
(((((((((((((((((((((((((  Files Created from 2008-05-18 to 2008-06-18  )))))))))))))))))))))))))))))))
.

2008-06-18 21:15 . 2008-06-18 21:15    <DIR>    d--------    C:\Programmer\CCleaner
2008-06-18 17:46 . 2008-06-18 17:46    0    --a------    C:\WINDOWS\system32\mnvgpewa.tmp
2008-06-16 17:47 . 2008-06-16 17:47    <DIR>    d--------    C:\Programmer\Lavasoft
2008-06-16 17:47 . 2008-06-16 17:50    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 15:49 . 2008-06-16 17:36    <DIR>    d--------    C:\WINDOWS\system32\netrax18
2008-06-13 22:57 . 2008-06-13 22:57    299,520    --a------    C:\WINDOWS\system32\iifgGWMc.dll
2008-06-13 22:52 . 2008-06-15 17:00    <DIR>    d--------    C:\WINDOWS\system32\netrax05
2008-06-13 22:52 . 2008-06-13 22:52    <DIR>    d--------    C:\Temp\itmp4
2008-06-13 22:52 . 2008-06-13 22:52    52,224    ---hs----    C:\Documents and Settings\kim\lsass.exe
2008-06-13 21:23 . 2008-06-13 21:23    <DIR>    d--------    C:\Documents and Settings\kim\Application Data\GARMIN
2008-06-13 21:22 . 2008-06-15 15:44    <DIR>    d--------    C:\Program Files
2008-06-08 04:25 . 2008-06-08 04:25    32,768    --a------    C:\WINDOWS\system32\netrax18\netrax182328.exe
2008-06-04 13:46 . 2008-06-04 13:46    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\e-Safekey

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 19:16    ---------    d-----w    C:\Programmer\BearFlix
2008-06-16 15:49    9,344    ----a-w    C:\WINDOWS\system32\drivers\NSDriver.sys
2008-06-16 15:49    8,320    ----a-w    C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-06-15 14:21    ---------    d-----w    C:\Documents and Settings\kim\Application Data\AVG7
2008-05-16 13:30    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2001-11-23 04:08    712,704    ----a-w    C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06201E8E-74D2-4826-865F-6AE9FEDE69CB}]
2008-06-13 22:57    299520    --a------    C:\WINDOWS\system32\iifgGWMc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 12:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"Cmaudio"="cmicnfg.cpl" []
"zBrowser Launcher"="C:\Programmer\Logitech\iTouch\iTouch.exe" [2003-04-07 03:16 631364]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 21:10 335872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-17 22:35 219136]

C:\Documents and Settings\kim\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=


.
Contents of the 'Scheduled Tasks' folder
"2008-06-04 14:53:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-25 15:53:51 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 22:10:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-18 22:15:02 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-18 20:14:55

Pre-Run: 35,252,838,400 byte ledig
Post-Run: 35,193,298,944 byte ledig

134


så hjt log

Logfile of HijackThis v1.99.1
Scan saved at 22:17:16, on 18-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\programmer\internet explorer\iexplore.exe
C:\Documents and Settings\kim\Skrivebord\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com//
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {06201E8E-74D2-4826-865F-6AE9FEDE69CB} - C:\WINDOWS\system32\iifgGWMc.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

(1)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op) og Fix følgende linje med HijackThis:
O2 - BHO: (no name) - {06201E8E-74D2-4826-865F-6AE9FEDE69CB} - C:\WINDOWS\system32\iifgGWMc.dll


(2)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende fil(er):
C:\WINDOWS\system32\iifgGWMc.dll

(3)
Genstart computeren normalt. Lav en ny log med HijackThis (med ver. 2.02) og send den herind.

jeg har forsøgt at fixe
O2 - BHO: (no name) - {06201E8E-74D2-4826-865F-6AE9FEDE69CB} - C:\WINDOWS\system32\iifgGWMc.dll

det kan jeg ikke, jeg kan heller ikke slette C:\WINDOWS\system32\iifgGWMc.dll

Er du sikker på, at du er i fejlsikret tilstand, når du forsøger at fixe/slette filen?

Du kan også prøve dette:
Start hijackthis -> vælg "misc tools -> vælg "delete file on reboot" -> vælg C:\WINDOWS\system32\iifgGWMc.dll -> sig ja til at genstarte.
Bagefter fix filen med hijackthis.

da jeg forsøgte at fjerne den i fejlsikret tilstand fik jeg besked om at den enten var fuld eller skrivebeskyttet.
har lige prøvet at fjerne den med hjt men den er der stadig

Jeg ved ikke, hvorfor du ikke kan komme til at slette den.

Får du stadig de irriterende popups?

nej de har ikke været der den sidste 1/2 time, nu kan jeg bare ikke bruge msn.com som startside, den melder fejl.
Jeg laver lige en ny hjt og lægger ind

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:13, on 19-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eksperten.dk/spm/835421
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [504425d1] rundll32.exe "C:\WINDOWS\system32\ogeurfck.dll",b
O4 - HKLM\..\Run: [BM5377164d] Rundll32.exe "C:\WINDOWS\system32\stwseyei.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213900834843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213900768171
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 5140 bytes

Følge vejledningen i afsnittet "Normal Usage for Removal" på denne side: http://vundofix.atribune.org/

jeg kan ikke hente vundofix, siden kan ikke vises

Brug det her link i stedet til at hente vundofix

min pc gik helt banan så jeg har formateret harddisken, så nu er der ingen problemer med den

Husk M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da