Særdeles

Jeg har noget på pc'en som jeg ikke kan få væk.. Jeg har (som i kan se) fået hjælp 2 gange indenfor en måned. Jeg har opdaget at når jeg har scannet og fjernet uønsket spyware/virus. Er det gendannet næstegang jeg starter windows. Nogen der kan hjælpe?

Logfile of HijackThis v1.99.1
Scan saved at 22:05:09, on 05-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\SiteAdvisor\SiteAdv.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.dk/
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmer\SiteAdvisor\saIE.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\saIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [ccApp] C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /M "Stylus C86" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmer\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmer\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmer\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmer\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Programmer\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

SUPERAntiSpyware Scan Log
Generated 05/04/2006 at 10:10 PM

Core Rules Database Version : 2912
Trace Rules Database Version: 1043

Memory threats detected  : 0
Registry threats detected : 1
File threats detected    : 16

Adware.Tracking Cookie
    C:\Documents and Settings\standard\Cookies\standard@globalstat[2].txt
    C:\Documents and Settings\standard\Cookies\standard@cz11.clickzs[2].txt
    C:\Documents and Settings\standard\Cookies\standard@ad.ofir[1].txt
    C:\Documents and Settings\standard\Cookies\standard@tradedoubler[1].txt
    C:\Documents and Settings\standard\Cookies\standard@sextracker[1].txt
    C:\Documents and Settings\standard\Cookies\standard@image.masterstats[1].txt
    C:\Documents and Settings\standard\Cookies\standard@cgi-bin[18].txt
    C:\Documents and Settings\standard\Cookies\standard@adtech[2].txt
    C:\Documents and Settings\standard\Cookies\standard@track.adform[1].txt
    C:\Documents and Settings\standard\Cookies\standard@counter13.sextracker[1].txt
    C:\Documents and Settings\standard\Cookies\standard@ad1.emediate[2].txt
    C:\Documents and Settings\standard\Cookies\standard@counter16.sextracker[1].txt
    C:\Documents and Settings\standard\Cookies\standard@sextracker[2].txt
    C:\Documents and Settings\standard\Cookies\standard@cs.sexcounter[2].txt
    C:\Documents and Settings\standard\Cookies\standard@track.adform[2].txt

Trojan.Homepage/Puper
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#wininet.dll [ regperf.exe ]

Trojan.UnSpyPC Spyware Scanner
    C:\System Volume Information\_restore{28384791-0234-4FBD-845B-24BD2CB0E71B}\RP342\A0065499.exe

Det er hvad de to programmer har fundet sidst.

Når jeg åbner Windows jobliste (ctrl-alt-delete) Er der et program SGBHP.EXE som jeg mistænker for at være indblandet. Det åbner igen når jeg har afsluttet processen.

Hilsen Alex