---

Jeg kan ikke hverken logge ind på MSN Exploder eller Windows Messenger-Internet Exploder virker men der er mange ting den ikke kan finde og den meddeler at* Siden kan ikke vises*Hjælp mig er ikke noget ørn til det her

---

download spybot - http://www.spybot.info/

Installer den

Opdater den (tryk på update og sæt kryds i alle felterne det er muligt i og tryk download pådateringer)

når den er færdig med at opdatere klikker du på search & destroy - nu scanner den din PC og fjerner alt muligt snavs den finder. Prøv om det ikke virker - ellers må du lige sige til igen hvis det ikke gør.

---

Ellers må du ind og hente hijack this programmet evt her www.spywarefri.dk og evt også lave en onlinescan og også hente et program der hedder ad aware se og spybot er du jo også bedt om at hente så skulle du være garderet Hijackfilen som du laver med programmet lægger du så herind så vil du få hjælp til at fixe den
Mvh Sune

---

Hej til både *Sunowich *Flash77*der blev jo fundet en del snavs, men problemet er der stadig

En *klog mand* mente at jeg skulle geninstal. windows xp kan det være rigtig

---

lyder som en drastisk løsning.... Det ville jeg vente med som sidste udvej - synes du skal gøre som sunowich skriver og hente hijackthis og lave en log og poste herinde så der er en af eksperterne der kan se den igennem.

---

Logfile of HijackThis v1.99.1
Scan saved at 09:11:16, on 13-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\FSGK32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fssm32.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FCH32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FAMEH32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsrw.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE
C:\PROGRA~1\TDCKAB~1\ANTI-S~1\fsaw.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\fsguidll.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
C:\DOCUME~1\ALLUSE~1\DOKUME~1\Billeder\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Ejer\Lokale indstillinger\Temporary Internet Files\Content.IE5\O4ELV83A\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: TDC Online - {D37808DE-D46B-4DCC-95F8-188E33B95B36} - C:\PROGRA~1\TDCONL~1\TDCOBar.dll
O3 - Toolbar: De Gule Sider - {D4003A01-9B2C-4e24-9CD2-8D7DB1BDE096} - C:\WINDOWS\Downloaded Program Files\DGSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmer\NASDAK\OmniMouse Driver\4.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [OnsideScroller] C:\Programmer\OnsideNewsScroller\OnsideNewsScroller.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TDC Kabel TV Sikkerhedspakke.lnk = C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYDK
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:\Programmer\TDC Online Menubar\TDCOBar.dll/ADDBOOKMARKLINK_HTM
O8 - Extra context menu item: Tilføj Til Online Bookmark - Res://C:\Programmer\TDC Online Menubar\TDCOBar.dll/ADDBOOKMARK_HTM
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?08e40d29738c459cb17699b907325747
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?08e40d29738c459cb17699b907325747
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra button: Erotik - {95347D30-555E-4534-A05F-2229074E0A88} - http://www.porno.dk (file missing)
O9 - Extra 'Tools' menuitem: Erotik... - {95347D30-555E-4534-A05F-2229074E0A88} - http://www.porno.dk (file missing)
O9 - Extra button: Degulesider Toolbar - {B41E4A63-C2FD-4452-8BCA-D16FA5081080} - C:\WINDOWS\Downloaded Program Files\DGSToolbar.dll
O9 - Extra button: Sol Dating - {D5721FC7-8FBE-4d71-9C65-9718CFA078A8} - http://www.soldating.dk (file missing)
O9 - Extra 'Tools' menuitem: Sol Dating... - {D5721FC7-8FBE-4d71-9C65-9718CFA078A8} - http://www.soldating.dk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.englishtown.com/EtownResources/HearMe/hmvcfe.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {81296632-05C2-4A99-8271-77EBCFE7844A} (NPEVPCFG.UserControl1) - http://www.talkglobally.com/confighelp/NPEVPCFG.CAB
O16 - DPF: {9524BF70-90B6-48BE-BD81-A945EDC6EC17} (NetdebitSecureModule Control) - http://www.netdebit-dialer.de/NetDebitSecureModule.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D4003A01-9B2C-4E24-9CD2-8D7DB1BDE096} (De Gule Sider) - http://www.degulesider.dk/tool/DGSCab.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4375/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: TDC Kabel TV Sikkerhedspakke (BackWeb Plug-in - 7791805) - BackWeb Technologies Inc. - C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

DET VAR HVAD DER KOM HEJ FRA VOLVO%"

---

hej volvo - det eneste du skal og kan lige nu er at vente til sikkerhedsgeniet stl_s kommer på -

---

Nu er der jo gået lidt tid, hvor Kandu har været nede. Hvis du ikke i mellemtiden har fået hjælp andetsteds, så kom lige med en frisk HijackThis log, så jeg kan se hvordan det ser ud nu.

---

Hej stl_s
her er det sidste nye fra hiackthis

Logfile of HijackThis v1.99.1
Scan saved at 18:00:02, on 15-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\FSGK32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fssm32.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FCH32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FAMEH32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsrw.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
C:\WINDOWS\SOINTGR.EXE
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\TDCKAB~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Softwin\BitDefender8\bdnagent.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\fsguidll.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmer\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ALLUSE~1\DOKUME~1\Billeder\iexplore.exe
C:\Documents and Settings\Ejer\Dokumenter\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: TDC Online - {D37808DE-D46B-4DCC-95F8-188E33B95B36} - C:\PROGRA~1\TDCONL~1\TDCOBar.dll
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [OnsideScroller] C:\Programmer\OnsideNewsScroller\OnsideNewsScroller.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmer\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmer\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TDC Kabel TV Sikkerhedspakke.lnk = C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:\Programmer\TDC Online Menubar\TDCOBar.dll/ADDBOOKMARKLINK_HTM
O8 - Extra context menu item: Tilføj Til Online Bookmark - Res://C:\Programmer\TDC Online Menubar\TDCOBar.dll/ADDBOOKMARK_HTM
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?08e40d29738c459cb17699b907325747
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?08e40d29738c459cb17699b907325747
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.englishtown.com/EtownResources/HearMe/hmvcfe.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {81296632-05C2-4A99-8271-77EBCFE7844A} (NPEVPCFG.UserControl1) - http://www.talkglobally.com/confighelp/NPEVPCFG.CAB
O16 - DPF: {9524BF70-90B6-48BE-BD81-A945EDC6EC17} (NetdebitSecureModule Control) - http://www.netdebit-dialer.de/NetDebitSecureModule.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D4003A01-9B2C-4E24-9CD2-8D7DB1BDE096} (De Gule Sider) - http://www.degulesider.dk/tool/DGSCab.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4375/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: TDC Kabel TV Sikkerhedspakke (BackWeb Plug-in - 7791805) - BackWeb Technologies Inc. - C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

mvh volvo52

---

Jeg kan se at du har kørt SuperAntiSpyware i mellemtiden, og det har ændret lidt på loggen.

Prøv også lige at køre denne scanner:

1.

Hent denne virus scanner ned til skrivebordet.

http://www.spywareinfo.dk/download/mwav.exe

---------------------------------------------------------
2.

Så starter du op i fejlsikret tilstand http://www.spywareinfo.dk/htm/fejlsikret_tilstand.htm

Lykkes det ikke, så se her http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1

---------------------------------------------------------
3.

Kør nu zipfilen som du hentede og klik UNZIP, så bliver scanneren pakket ud og brugerfladen åbner.


Sæt et flueben i DRIVE. Klik nu på Scan/Clean, og så scanner den for virus og sletter hvad den finder.

---------------------------------------------------------
4.

Jeg vil gerne se hvad scanneren har fundet og slettet, så gør venligst dette når scanningen er færdig (KAN tage lang tid):

I vinduet VIRUS LOG INFORMATION (vinduet åbner KUN hvis scanneren finder virus) markerer du teksten med musen, og trykker så på CTRL og C knapperne samtidig. Så er teksten kopieret til udklipsholderen. Sæt det ind i et tekst dokument (f,eks Notesblok eller Wordpad), og sæt det ind i tråden i dit næste indlæg.


OBS: Scanneren kan også generere en meget lang log. Den skal du venligst IKKE kopiere ind.


Luk scanneren ved at klikke EXIT og EXIT igen (Ignorer reklamen for købe versionen).

Kom også lige med en frisk HijackThis log, kørt efter genstart til normal tilstand.

---

hej stl_s

her er den første

File C:\WINDOWS\system32\BO2802040113.dll tagged as not-a-virus:AdWare.Win32.VirtualBouncer.d. No Action Taken.
File C:\WINDOWS\system32\cglbar.dll tagged as not-a-virus:AdWare.Win32.LiveCam. No Action Taken.
File C:\WINDOWS\system32\Denmark_dude-uninstall.exe tagged as not-a-virus:Dialer.Win32.gen. No Action Taken.
File C:\WINDOWS\system32\Mservice.0ll infected by "Trojan-Downloader.Win32.Wintrim.cj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Gæst.MEDION-HHB6L09L.000\Lokale indstillinger\Temp\Tvm.upd tagged as not-a-virus:AdWare.Win32.TotalVelocity.s. No Action Taken.
File C:\Programmer\MSN Messenger\riched20.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\23A34828.exe tagged as not-a-virus:Porn-Dialer.Win32.Generic. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\23A34828.exe tagged as not-a-virus:Porn-Dialer.Win32.Generic. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\sexyFLAT.0xe infected by "Trojan.Win32.Dialer.cj" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1015.dll tagged as not-a-virus:AdWare.Win32.Gator.1015. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1015.dll tagged as not-a-virus:AdWare.Win32.Gator.1015. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1015.dll tagged as not-a-virus:AdWare.Win32.Gator.1015. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\cssweb.dll tagged as not-a-virus:AdWare.Win32.CSSWeb.b. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\sexyFLAT.0xe infected by "Trojan.Win32.Dialer.cj" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Downloaded Program Files\StripSaver_116.EXE tagged as not-a-virus:Porn-Downloader.Win32.StripSaver.a. No Action Taken.
File C:\WINDOWS\system32\BO2802040113.dll tagged as not-a-virus:AdWare.Win32.VirtualBouncer.d. No Action Taken.
File C:\WINDOWS\system32\cglbar.dll tagged as not-a-virus:AdWare.Win32.LiveCam. No Action Taken.
File C:\WINDOWS\system32\Denmark_dude-uninstall.exe tagged as not-a-virus:Dialer.Win32.gen. No Action Taken.

Og her er hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 20:22:14, on 15-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\FSGK32.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fssm32.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmer\Softwin\BitDefender8\bdnagent.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FCH32.EXE
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FAMEH32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsrw.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TDCKAB~1\ANTI-S~1\fsaw.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\fsguidll.exe
C:\Documents and Settings\Ejer\Dokumenter\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: TDC Online - {D37808DE-D46B-4DCC-95F8-188E33B95B36} - C:\PROGRA~1\TDCONL~1\TDCOBar.dll
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [BDMCon] "C:\Programmer\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmer\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TDC Kabel TV Sikkerhedspakke.lnk = C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:\Programmer\TDC Online Menubar\TDCOBar.dll/ADDBOOKMARKLINK_HTM
O8 - Extra context menu item: Tilføj Til Online Bookmark - Res://C:\Programmer\TDC Online Menubar\TDCOBar.dll/ADDBOOKMARK_HTM
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?08e40d29738c459cb17699b907325747
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?08e40d29738c459cb17699b907325747
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.englishtown.com/EtownResources/HearMe/hmvcfe.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {81296632-05C2-4A99-8271-77EBCFE7844A} (NPEVPCFG.UserControl1) - http://www.talkglobally.com/confighelp/NPEVPCFG.CAB
O16 - DPF: {9524BF70-90B6-48BE-BD81-A945EDC6EC17} (NetdebitSecureModule Control) - http://www.netdebit-dialer.de/NetDebitSecureModule.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D4003A01-9B2C-4E24-9CD2-8D7DB1BDE096} (De Gule Sider) - http://www.degulesider.dk/tool/DGSCab.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4375/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: TDC Kabel TV Sikkerhedspakke (BackWeb Plug-in - 7791805) - BackWeb Technologies Inc. - C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

mvh volvo52

---

Der er nogle filer du skal slette manuelt.


For at kunne se alle filer og mapper, gør du dette http://www.spywareinfo.dk/#/tip-og-tricks/mappeindstillinger.htm

Så gør du dette:

1. Klik på "Start" - Vælg "Søg".

2. Klik på linket "Skift indstillinger".

3. Klik på "Skift søgefunktioner for filer og mapper"

4. Sæt prik i "Avanceret" og klik OK.

5. Klik på "Alle filer og mapper"

6. Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.

--------------------------------------------------------

Så lukker du computeren, og lader den være i ca. 30 sekunder. Så starter du op i fejlsikret tilstand http://www.spywareinfo.dk/htm/fejlsikret_tilstand.htm

Lykkes det ikke, så se her http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1

(OBS: Hvis du bruger Bootsafe, som er en nødløsning, så tjek vejledningen for hvordan du kommer tilbage i normal tilstand)


Slet de mapper og/eller filer som er markeret med fed skrift. Brug "Søg" til at finde dem. Der kan være flere af samme navn:


BO2802040113.dll

cglbar.dll

Denmark_dude-uninstall.exe

Tvm.upd

riched20.dll

23A34828.exe

HDPlugin1015.dll

StripSaver_116.EXE

----------------------------------------------------------


Kør en scanning med HijackThis (Do a systemscan only), og maximer derefter Hijackthis vinduet, så du kan se alle linierne.

Luk alle vinduer, på nær HijackThis. Sæt flueben ved disse linier, og klik på fix checked knappen.


F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {9524BF70-90B6-48BE-BD81-A945EDC6EC17} (NetdebitSecureModule Control) - http://www.netdebit-dialer.de/NetDebitSecureModule.cab

----------------------------------------------------------

Genstat til normal tilstand.


Ryd op i tempfiler. Hent evt ATF Cleaner her fra http://www.atribune.org/content/view/19/2/

Start ATF Cleaner. Sæt flueben i "Select all" (du kan undlade cookies, hvis du vil). Klik "Empty selected".

Kom med en frisk HijackThis log fra normal tilstand.

---

hej stl_s

kan ikke slette
StripSaver_116.EXE
HDPlugin1015.dll
23A34828.exe
riched20.dll --må ikke slettes da den åbenbar bruges når man åbner mail!

her er den seneste hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 00:50:17, on 16-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\FSGK32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fssm32.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe
C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FCH32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FAMEH32.EXE
C:\Programmer\Softwin\BitDefender8\bdnagent.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsrw.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsav32.exe
C:\PROGRA~1\TDCKAB~1\ANTI-S~1\fsaw.exe
C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\fsguidll.exe
C:\Programmer\Outlook Express\msimn.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\ALLUSE~1\DOKUME~1\Billeder\iexplore.exe
C:\Documents and Settings\Ejer\Dokumenter\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programmer\TDC Kabel TV Sikkerhedspakke\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [BDMCon] "C:\Programmer\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmer\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: TDC Kabel TV Sikkerhedspakke.lnk = C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tilføj Link Til Online Bookmark - Res://C:\Programmer\TDC Online Menubar\TDCOBar.dll/ADDBOOKMARKLINK_HTM
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?08e40d29738c459cb17699b907325747
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?08e40d29738c459cb17699b907325747
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {498A0AC2-A3AC-11D4-80A9-0050DA680987} (HearMe (Firewall) Voice Control) - http://www.englishtown.com/EtownResources/HearMe/hmvcfe.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O16 - DPF: {81296632-05C2-4A99-8271-77EBCFE7844A} (NPEVPCFG.UserControl1) - http://www.talkglobally.com/confighelp/NPEVPCFG.CAB
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D4003A01-9B2C-4E24-9CD2-8D7DB1BDE096} (De Gule Sider) - http://www.degulesider.dk/tool/DGSCab.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9.5/ticker.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4375/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: TDC Kabel TV Sikkerhedspakke (BackWeb Plug-in - 7791805) - BackWeb Technologies Inc. - C:\PROGRA~1\TDCKAB~1\backweb\7791805\Program\SERVIC~1.EXE
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\TDC Kabel TV Sikkerhedspakke\backweb\7791805\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmer\TDC Kabel TV Sikkerhedspakke\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmer\Fælles filer\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

hej fra volvo52

---

Så må vi have grovfilen frem:

Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

1. Pak Avenger-programmet ud og dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------

Files to delete:
C:\WINDOWS\Downloaded Program Files\StripSaver_116.EXE
C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll
C:\WINDOWS\Downloaded Program Files\23A34828.exe
C:\Programmer\MSN Messenger\riched20.dll

-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-----------------------------

riched20.dll skal væk. Den er en del af MyWebSearchs adwarebehæftede emailplugin.

Bare kom med loggen fra Avenger. Jeg behøver ikke flere HijackThis logs.

---

hej stl_s

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xuenubfi

*******************

Script file located at: \??\C:\WINDOWS\ueaghluc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Downloaded Program Files\StripSaver_116.EXE deleted successfully.


File C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll not found!
Deletion of file C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll failed!

Could not process line:
C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll
Status: 0xc0000034

File C:\WINDOWS\Downloaded Program Files\23A34828.exe deleted successfully.
File C:\Programmer\MSN Messenger\riched20.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

godnat herfra
volvo52

---

Tjek lige at HDPlugin1015.dll er væk. Er den det, så tøm lige tempfiler igen, og fjern systemgendannelses punkter http://spywareinfo.dk/tip-og-tricks/deaktiver_systemgendannelse.htm

Hvordan går det med dine oprindelige problemer nu ?

---

hej
ja de 2.her er der endnu
HDPlugin1015.dll
23A34828.exe

Den oprindelige problem er der endnu
så ny computer?
men firefox virker da -og synes det hele sker i en tempo
som ikke var der før

hej hej

---

Prøv lige at køre Avenger proceduren igen. Hvis de ikke går væk, så prøv at slette dem med Unlocker http://ccollomb.free.fr/unlocker/

Når du har installeret programmet, så højreklik på filerne og klik Unlocker. Så klikker du "Lås alle op". I menuen ovre til venstre vælger du "Slet". Hvis programmet tilbyder at slette ved genstart, så lad det gøre det.

Prøv derefter om denne lille fil kan løse dine oprindelige problemer:

Hent denne fil og pak den ud til skrivebordet. Dobbeltklik på IEReg.bat
http://www.fbeej.dk/Programmer/iereg.zip

Genstart når den er færdig..

---

The page cannot be found... siger ovennævnte link til iereg

---

Æv, så er den nede igen. Den ligger også her http://www.fbeej.ctrlaltdel.dk/Programmer/iereg.zip

---

Beklager stl_s men
HDPlugin1015.dll
23A34828.exe
kan ikke fjernes

og
http://www.fbeej.ctrlaltdel.dk/Programmer/iereg.zip
kan ikke løse ploblemet med at lokke ind på mmsn exploder & messenger

øv

---

Væk det skal de. Prøv Avenger igen, og denne gang kopierer du nedenstående ind:


Files to delete:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\23A34828.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1015.dll
File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1015.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1015.dll

---

Den ovenover er forkert. Brug denne istedet:


Files to delete:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\23A34828.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1015.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1015.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1015.dll

---

hallo så fik du dem

jeg kom til at afinstallere messenger
kan ikke installere den igen
og kan stadig ikke lokke på MSN exploder
men har vist en ren computer nu
hej

---

Din maskine burde være ren nu, men din Internet Explorer er stadigvæk syg. Jeg kan foreslå to mulige løsninger:

Du kan geninstallere IE med dette lille program. Din Windows CD skal være i drevet http://windowsxp.mvps.org/IEFIX.htm

Alternativt kan du gå på Windows Update og hente IE7. Jeg har selv lige hentet den, og den lader til at at køre fint.

MHT til login problemerne har dette ofte virket:

1. Klik på "Start", "Kør", skriv "REGEDIT" i feltet, og tryk på ENTER.
2. Klik på "HKEY_CURRENT_USER" i registreringeditoren, efterfulgt af "Software", derefter "Microsoft", "MSNMessenger" og til sidst "Policies".
3. Vælg nøglen "Policies" og slet mappen.
4. Genstart din computer.
5. Log igen på Messenger.

---

Tak for svaret stl_s.

---

Jeg tolker det sådan at tingene fungerer nu .

Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.