---

Jeg får små pop-up vinduer på min skærm med teksten WRDATE frem ved opstart - hvad er det og hvordan kommer jeg dem "til livs" ?

---

Du besøger www.spywarefri.dk

eller venter på stl_s kommer her

---

Du har noget spyware, så følg denne vejledning http://sptlarsenserious.googlepages.com/hijackthis

---

Tålmodighed belønnes

---

Logfile of HijackThis v1.99.1
Scan saved at 19:07:41, on 12-02-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TELIAS~1\backweb\9786136\Program\SERVIC~1.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsgk32st.exe
C:\Programmer\Telia SafeSurf\backweb\9786136\program\fsbwsys.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\FSGK32.EXE
C:\Programmer\Telia SafeSurf\Common\FSMA32.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fssm32.exe
C:\Programmer\Telia SafeSurf\Common\FSMB32.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Telia SafeSurf\Common\FSM32.EXE
C:\Programmer\Telia SafeSurf\Common\FCH32.EXE
C:\Programmer\Telia SafeSurf\backweb\9786136\Program\fspex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Telia SafeSurf\Common\FAMEH32.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsqh.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fsrw.exe
C:\Programmer\Telia SafeSurf\FSPC\fspc.exe
C:\Programmer\Telia SafeSurf\FWES\Program\fsdfwd.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fsav32.exe
C:\PROGRA~1\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Programmer\Telia SafeSurf\FSGUI\fsguidll.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RTV] c:\windows\system32\ShooDL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Topic lnternet] lnternet.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\Telia SafeSurf\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\Telia SafeSurf\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\Telia SafeSurf\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunServices: [RTV] c:\windows\system32\ShooDL
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RTV] c:\windows\system32\ShooDL.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Telia SafeSurf.lnk = C:\Programmer\Telia SafeSurf\backweb\9786136\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\Telia SafeSurf\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?10c333e59dfd471c8b8503f7f39cf720
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?10c333e59dfd471c8b8503f7f39cf720
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\Anti-Spyware\ieshield.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162023707925
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O17 - HKLM\Software\..\Telephony: DomainName = www.stofanet.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Telia SafeSurf (BackWeb Plug-in - 9786136) - BackWeb Technologies Inc. - C:\PROGRA~1\TELIAS~1\backweb\9786136\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Programmer\Telia SafeSurf\backweb\9786136\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\Common\FSMA32.EXE
O23 - Service: mansorr here (mans0r) - Unknown owner - C:\WINDOWS\finderd.exe (file missing)

---

Du har faktisk noget virkelig god beskyttelse, men alligevel er der sluppet ubehageligheder ind hos dig.


Hent og dobbeltklik denne fil. Den pakker sig ud til C:\SDFix:
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Så starter du op i fejlsikret tilstand http://www.spywareinfo.dk/htm/fejlsikret_tilstand.htm

Lykkes det ikke, så se her http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1

(OBS: Hvis du bruger Bootsafe, som er en nødløsning, så tjek vejledningen for hvordan du kommer tilbage i normal tilstand)


Gå så ind i mappen SDFix på C drevet. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.


Kom også med en frisk HijackThis log.

---

Når jeg går ind på c drevet får jeg at vide jeg skal trykke 1, 2 eller 3 for at køre run this bat;

1 download / run a- sqared (EMS software´- 10,5 MD)
2 download/run NGenFix (norman - 2,3MB)
3 download / run SAV 32 LCI (Sophos - 9,7 MB)

Hvad skal jeg vælge der ?

---

De ting skal du ikke bruge, og dem får du kun i normal tilstand. Hvis du følger vejledningen og går fejlsikret, ser du den mulighed som er beskrevet i vejledningen.

---

SDFix: Version 1.66


Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\mirc.ini - Deleted
C:\WINDOWS\system32\TFTP2648 - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Programmer\\Telia SafeSurf\\backweb\\9786136\\Program\\fspex.exe"="C:\\Programmer\\Telia SafeSurf\\backweb\\9786136\\program\\fspex.exe:*:enabled:Telia SafeSurf"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Programmer\\Telia SafeSurf\\backweb\\9786136\\Program\\fspex.exe"="C:\\Programmer\\Telia SafeSurf\\backweb\\9786136\\program\\fspex.exe:*:enabled:Telia SafeSurf"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Programmer\Uninstall Information\IE40.Comctl32\AINF0000
C:\Programmer\Uninstall Information\mshtml.DllReg\AINF0000
C:\Programmer\F‘lles filer\Adobe\ESD\DLMCleanup.exe
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Add/Remove Programs List:

Adobe Shockwave Player
Adobe Download Manager 2.0 (kan kun fjernes)
AVG Anti-Spyware 7.5
Telia SafeSurf
HijackThis 1.99.1
mIRC
Panda ActiveScan
Adobe Flash Player 9 ActiveX
Windows Live Toolbar
Windows Live Sign-in Assistant
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Microsoft Office Professional Edition 2003
Faneopdelt s›gning (Windows Live Toolbar)
Adobe Reader 7.0.8 - Dansk
Windows Live Toolbar
Windows Live Toolbar MSN Extension (Windows Live Toolbar)
Windows Live Messenger
Feed Detector til Windows Live Toolbar (Windows Live Toolbar)

Finished

Logfile of HijackThis v1.99.1
Scan saved at 19:38:34, on 19-02-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TELIAS~1\backweb\9786136\Program\SERVIC~1.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsgk32st.exe
C:\Programmer\Telia SafeSurf\backweb\9786136\program\fsbwsys.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\FSGK32.EXE
C:\Programmer\Telia SafeSurf\Common\FSMA32.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fssm32.exe
C:\Programmer\Telia SafeSurf\Common\FSMB32.EXE
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Telia SafeSurf\Common\FCH32.EXE
C:\Programmer\Telia SafeSurf\Common\FAMEH32.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsqh.exe
C:\Programmer\Telia SafeSurf\FSPC\fspc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsrw.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fsav32.exe
C:\Programmer\Telia SafeSurf\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Telia SafeSurf\Common\FSM32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Programmer\Telia SafeSurf\FSGUI\fsguidll.exe
C:\Programmer\Telia SafeSurf\backweb\9786136\Program\fspex.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RTV] c:\windows\system32\ShooDL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Topic lnternet] lnternet.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\Telia SafeSurf\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\Telia SafeSurf\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\Telia SafeSurf\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunServices: [RTV] c:\windows\system32\ShooDL
O4 - HKLM\..\RunServices: [Topic lnternet] lnternet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RTV] c:\windows\system32\ShooDL.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Telia SafeSurf.lnk = C:\Programmer\Telia SafeSurf\backweb\9786136\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\Telia SafeSurf\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?10c333e59dfd471c8b8503f7f39cf720
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?10c333e59dfd471c8b8503f7f39cf720
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\Anti-Spyware\ieshield.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162023707925
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O17 - HKLM\Software\..\Telephony: DomainName = www.stofanet.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Telia SafeSurf (BackWeb Plug-in - 9786136) - BackWeb Technologies Inc. - C:\PROGRA~1\TELIAS~1\backweb\9786136\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Programmer\Telia SafeSurf\backweb\9786136\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\Common\FSMA32.EXE
O23 - Service: mansorr here (mans0r) - Unknown owner - C:\WINDOWS\finderd.exe (file missing)

---

Der er mere skidt:

1.

Hent denne virus scanner ned til skrivebordet.

http://www.spywareinfo.dk/download/mwav.exe

---------------------------------------------------------
2.

Så starter du op i fejlsikret tilstand http://www.spywareinfo.dk/htm/fejlsikret_tilstand.htm

Lykkes det ikke, så se her http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=110&PN=1

(OBS: Hvis du bruger Bootsafe, som er en nødløsning, så tjek vejledningen for hvordan du kommer tilbage i normal tilstand)

---------------------------------------------------------
3.

Kør nu zipfilen som du hentede og klik UNZIP, så bliver scanneren pakket ud og brugerfladen åbner.


Sæt et flueben i DRIVE. Klik nu på Scan/Clean, og så scanner den for virus og sletter hvad den finder.

---------------------------------------------------------
4.

Jeg vil gerne se hvad scanneren har fundet og slettet, så gør venligst dette når scanningen er færdig (KAN tage lang tid):

I vinduet VIRUS LOG INFORMATION (vinduet åbner KUN hvis scanneren finder virus) markerer du teksten med musen, og trykker så på CTRL og C knapperne samtidig. Så er teksten kopieret til udklipsholderen. Sæt det ind i et tekst dokument (f,eks Notesblok eller Wordpad), og sæt det ind i tråden i dit næste indlæg.


OBS: Scanneren kan også generere en meget lang log. Den skal du venligst IKKE kopiere ind.


Luk scanneren ved at klikke EXIT og EXIT igen (Ignorer reklamen for købe versionen).


Kom også med en frisk HijackThis log.


Btw, du har ingen servicepacks til Windows eller IE installeret. Det vil betyde, at du vil få meget svært ved at holde skidt og møg ude. Jeg vil foreslå, at du går på Windows Update, og får opdateret.

---

File c:\windows\system32\ShooDL.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.59. No Action Taken.
File c:\windows\system32\ShooDL.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.59. No Action Taken.
File c:\windows\system32\ShooDL.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.59. No Action Taken.
File C:\WINDOWS\System32\LNTERNET.0XE infected by "Backdoor.Win32.Rbot.btr" Virus. Action Taken: File Renamed.
File C:\WINDOWS\System32\rtlman.exe tagged as not-a-virus:RiskTool.Win32.HideWindows. No Action Taken.
File C:\WINDOWS\System32\SAVCHOST.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.601. No Action Taken.
File C:\WINDOWS\System32\securaq.exe tagged as not-a-virus:RiskTool.Win32.HideWindows. No Action Taken.
File C:\WINDOWS\System32\ShooDL.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.59. No Action Taken.
File C:\Programmer\Norton AntiVirus\Quarantine\397D27E3 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programmer\Norton AntiVirus\Quarantine\39E23D74 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programmer\Norton AntiVirus\Quarantine\39F30F62 infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Programmer\Norton AntiVirus\Quarantine\4EA0372F infected by "Email-Worm.Win32.Bagle.z" Virus. Action Taken: File Deleted.
File C:\Setup2.exe tagged as not-a-virus:RiskTool.Win32.HideWindows. No Action Taken.
File C:\WINDOWS\system32\rtlman.exe tagged as not-a-virus:RiskTool.Win32.HideWindows. No Action Taken.
File C:\WINDOWS\system32\SAVCHOST.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.601. No Action Taken.
File C:\WINDOWS\system32\securaq.exe tagged as not-a-virus:RiskTool.Win32.HideWindows. No Action Taken.
File C:\WINDOWS\system32\ShooDL.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.59. No Action Taken.


Logfile of HijackThis v1.99.1
Scan saved at 19:30:26, on 20-02-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TELIAS~1\backweb\9786136\Program\SERVIC~1.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsgk32st.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\FSGK32.EXE
C:\Programmer\Telia SafeSurf\backweb\9786136\program\fsbwsys.exe
C:\Programmer\Telia SafeSurf\Common\FSMA32.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fssm32.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Telia SafeSurf\Common\FSM32.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Telia SafeSurf\Common\FSMB32.EXE
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Telia SafeSurf\Common\FCH32.EXE
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Telia SafeSurf\Common\FAMEH32.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsqh.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fsrw.exe
C:\Programmer\Telia SafeSurf\FSPC\fspc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Telia SafeSurf\backweb\9786136\Program\fspex.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fsav32.exe
C:\Programmer\Telia SafeSurf\FWES\Program\fsdfwd.exe
C:\PROGRA~1\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Programmer\Telia SafeSurf\FSGUI\fsguidll.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RTV] c:\windows\system32\ShooDL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\Telia SafeSurf\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\Telia SafeSurf\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\Telia SafeSurf\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunServices: [RTV] c:\windows\system32\ShooDL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RTV] c:\windows\system32\ShooDL.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Telia SafeSurf.lnk = C:\Programmer\Telia SafeSurf\backweb\9786136\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\Telia SafeSurf\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?10c333e59dfd471c8b8503f7f39cf720
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?10c333e59dfd471c8b8503f7f39cf720
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\Anti-Spyware\ieshield.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162023707925
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O17 - HKLM\Software\..\Telephony: DomainName = www.stofanet.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Telia SafeSurf (BackWeb Plug-in - 9786136) - BackWeb Technologies Inc. - C:\PROGRA~1\TELIAS~1\backweb\9786136\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Programmer\Telia SafeSurf\backweb\9786136\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\Common\FSMA32.EXE
O23 - Service: mansorr here (mans0r) - Unknown owner - C:\WINDOWS\finderd.exe (file missing)

---

Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

1. Pak Avenger-programmet ud og dobbeltklik på avenger.exe

2. Sæt en prik i "Input Script Manually" og klik på luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------

Files to delete:
c:\windows\system32\ShooDL.exe
C:\WINDOWS\System32\rtlman.exe
C:\WINDOWS\System32\LNTERNET.0XE
C:\WINDOWS\System32\SAVCHOST.exe
C:\WINDOWS\System32\securaq.exe
C:\WINDOWS\finderd.exe
C:\Setup2.exe


-----------------------------

3. Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

4. Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.


Gå i Start/Kør, skriv cmd og tast <enter> I cmd vinduet skriver du sc delete mans0r og taster <enter>

Kom også med en frisk HijackThis log, efter en genstart.

---

Kom også lige med en log fra dette program http://www.uploads.ejvindh.net/rootchk.exe Kør filen, og vent til der åbner en log. Kopier loggen her ind.

---

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mqvimocb

*******************

Script file located at: \??\C:\WINDOWS\System32\sacpxfqt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File c:\windows\system32\ShooDL.exe deleted successfully.
File C:\WINDOWS\System32\rtlman.exe deleted successfully.


File C:\WINDOWS\System32\LNTERNET.0XE not found!
Deletion of file C:\WINDOWS\System32\LNTERNET.0XE failed!

Could not process line:
C:\WINDOWS\System32\LNTERNET.0XE
Status: 0xc0000034

File C:\WINDOWS\System32\SAVCHOST.exe deleted successfully.
File C:\WINDOWS\System32\securaq.exe deleted successfully.


File C:\WINDOWS\finderd.exe not found!
Deletion of file C:\WINDOWS\finderd.exe failed!

Could not process line:
C:\WINDOWS\finderd.exe
Status: 0xc0000034

File C:\Setup2.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 21:08:08, on 20-02-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TELIAS~1\backweb\9786136\Program\SERVIC~1.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsgk32st.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\FSGK32.EXE
C:\Programmer\Telia SafeSurf\backweb\9786136\program\fsbwsys.exe
C:\Programmer\Telia SafeSurf\Common\FSMA32.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fssm32.exe
C:\Programmer\Telia SafeSurf\Common\FSMB32.EXE
C:\Programmer\Telia SafeSurf\Common\FSM32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Telia SafeSurf\backweb\9786136\Program\fspex.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Telia SafeSurf\Common\FCH32.EXE
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\Telia SafeSurf\Common\FAMEH32.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fsrw.exe
C:\Programmer\Telia SafeSurf\FSPC\fspc.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Telia SafeSurf\FWES\Program\fsdfwd.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\PROGRA~1\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Programmer\Telia SafeSurf\FSGUI\fsguidll.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RTV] c:\windows\system32\ShooDL.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\Telia SafeSurf\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\Telia SafeSurf\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\Telia SafeSurf\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\RunServices: [RTV] c:\windows\system32\ShooDL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RTV] c:\windows\system32\ShooDL.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Telia SafeSurf.lnk = C:\Programmer\Telia SafeSurf\backweb\9786136\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\Telia SafeSurf\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?10c333e59dfd471c8b8503f7f39cf720
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?10c333e59dfd471c8b8503f7f39cf720
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\Anti-Spyware\ieshield.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162023707925
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O17 - HKLM\Software\..\Telephony: DomainName = www.stofanet.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Telia SafeSurf (BackWeb Plug-in - 9786136) - BackWeb Technologies Inc. - C:\PROGRA~1\TELIAS~1\backweb\9786136\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Programmer\Telia SafeSurf\backweb\9786136\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\Common\FSMA32.EXE

********************************* ROOTCHK-LOG, by ejvindh
20-02-2007 21:12:20,77

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

---

Kør en scanning med HijackThis, og maximer derefter Hijackthis vinduet, så du kan se alle linierne.

Luk alle vinduer, på nær HijackThis. Sæt flueben ved disse linier, og klik på fix checked knappen.

O4 - HKLM\..\Run: [RTV] c:\windows\system32\ShooDL.exe

O4 - HKLM\..\RunServices: [RTV] c:\windows\system32\ShooDL

O4 - HKCU\..\Run: [RTV] c:\windows\system32\ShooDL.exe

Genstart, og kom lige med en (sikkert den sidste) frisk log.

---

Logfile of HijackThis v1.99.1
Scan saved at 08:41:35, on 21-02-2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TELIAS~1\backweb\9786136\Program\SERVIC~1.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsgk32st.exe
C:\Programmer\Telia SafeSurf\backweb\9786136\program\fsbwsys.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\FSGK32.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fssm32.exe
C:\Programmer\Telia SafeSurf\Common\FSMA32.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Telia SafeSurf\Common\FSMB32.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\Telia SafeSurf\Common\FCH32.EXE
C:\Programmer\Telia SafeSurf\backweb\9786136\Program\fspex.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Telia SafeSurf\Common\FAMEH32.EXE
C:\Programmer\Telia SafeSurf\Anti-Virus\fsqh.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fsrw.exe
C:\Programmer\Telia SafeSurf\FSPC\fspc.exe
C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmer\Telia SafeSurf\Common\FSM32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Telia SafeSurf\Anti-Virus\fsav32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Telia SafeSurf\FWES\Program\fsdfwd.exe
C:\PROGRA~1\TELIAS~1\ANTI-S~1\fsaw.exe
C:\Programmer\Telia SafeSurf\FSGUI\fsguidll.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\Telia SafeSurf\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\Telia SafeSurf\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\Telia SafeSurf\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Telia SafeSurf.lnk = C:\Programmer\Telia SafeSurf\backweb\9786136\Program\fspex.exe
O8 - Extra context menu item: &Bloker dette pop up-vindue - C:\Programmer\Telia SafeSurf\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?10c333e59dfd471c8b8503f7f39cf720
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?10c333e59dfd471c8b8503f7f39cf720
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programmer\Telia SafeSurf\FSPC\fspcmsie.dll
O9 - Extra button: Internet Explorer-beskyttelse - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Internet Explorer-beskyttelse... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmer\Telia SafeSurf\Anti-Spyware\ieshield.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162023707925
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O17 - HKLM\Software\..\Telephony: DomainName = www.stofanet.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = www.stofanet.dk
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Telia SafeSurf (BackWeb Plug-in - 9786136) - BackWeb Technologies Inc. - C:\PROGRA~1\TELIAS~1\backweb\9786136\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Programmer\Telia SafeSurf\backweb\9786136\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\Telia SafeSurf\Common\FSMA32.EXE

---

Så er din log ren.


Efter et virus/spyware angreb, er det altid en god ide at rydde op i systemgendannelses filerne. Deaktiver systemgendannelse http://spywareinfo.dk/tip-og-tricks/deaktiver_systemgendannelse.htm - genstart din computer - aktiver systemgendannelse.

Ryd op i tempfiler. Hent evt ATF Cleaner her fra http://www.atribune.org/content/view/19/2/

Start ATF Cleaner. Sæt flueben i "Select all" (du kan undlade cookies, hvis du vil). Klik "Empty selected".

Hvordan med WRDATE. Spøger den stadigvæk ?

Iøvrigt, loggen er ren, men det er kun et spørgsmål om tid, med de manglende servicepacks og hotfix. Dine sikkerhedsprogrammer kan ikke beskytte dig optimalt uden, og jeg vil klart fraråde dig at bruge maskinen til netbank og kreditkortbetaling, idet du aldrig kan vide om du er inficeret af malware.

---

WRDATEN er væk

Jeg har hentet opdateringerne på windows update - er computeren ok nu eller er der mere jeg kan gøre ?

---

Der ikke umiddelbart mere du kan gøre.

---

Super - 1000 tak for hjælpen !

---

Tak for svaret stl_s.

---

Velbekomme , og tak for point og stjerner.

Eftersom du ikke er logget ind i systemet, kan du ikke skrive et indlæg til dette spørgsmål.

Hvis du ikke allerede er registreret, kan du gratis blive medlem, ved at trykke på "Bliv medlem" ude i menuen.