Vil i kigge på min log - scvhost.exe kan ikke findes

Log fil for SUPERAntiSpyware
--------------------------------------------------------------------
SUPERAntiSpyware Scan Log
Generated 02/10/2007 at 00:24 AM

Application Version : 3.5.1016

Core Rules Database Version : 3181
Trace Rules Database Version: 1191

Scan type      : Complete Scan
Total Scan Time : 00:41:05

Memory items scanned      : 169
Memory threats detected  : 2
Registry items scanned    : 6878
Registry threats detected : 10
File items scanned        : 57674
File threats detected    : 162

Unclassified.Unknown Origin/System
    C:\WINDOWS\SYSTEM32\JKKLL.DLL
    C:\WINDOWS\SYSTEM32\JKKLL.DLL
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkll

Trojan.Downloader-WBRock
    C:\WINDOWS\SYSTEM32\YAYAWVV.DLL
    C:\WINDOWS\SYSTEM32\YAYAWVV.DLL
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\yayawvv

Trojan.WinFixer
    HKLM\Software\Classes\CLSID\{F5254D0B-7F2C-42D6-A34D-02FC9B3C85BF}
    HKCR\CLSID\{F5254D0B-7F2C-42D6-A34D-02FC9B3C85BF}
    HKCR\CLSID\{F5254D0B-7F2C-42D6-A34D-02FC9B3C85BF}\InprocServer32
    HKCR\CLSID\{F5254D0B-7F2C-42D6-A34D-02FC9B3C85BF}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5254D0B-7F2C-42D6-A34D-02FC9B3C85BF}

Adware.Tracking Cookie
    C:\Documents and Settings\Martin\Cookies\martin@1071890404[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@ads.humornsex[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@tribalfusion[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@serving-sys[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@usenext[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@yourmedia[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@list[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@tradedoubler[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@ehg-deltatre.hitbox[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@as-eu.falkag[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@cpvfeed[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@m1.webstats4u[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@vhost.oddcast[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@cgi-bin[4].txt
    C:\Documents and Settings\Martin\Cookies\martin@casalemedia[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@mb[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@adserver.easyad[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@www.searchenginetracking[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@blockbuster.112.2o7[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@stats1.reliablestats[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@ad1.emediate[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@www.burstnet[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@banner.bolddk[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@id1113[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@track.adform[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@flixbanner.bearshare[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@clicktorrent[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@targetnet[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@estat[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@sextracker[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@adserver.adreactor[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@adrevolver[3].txt
    C:\Documents and Settings\Martin\Cookies\martin@statcounter[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@data2.perf.overture[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@ad.abum[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@maxserving[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@adtech[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@mb[4].txt
    C:\Documents and Settings\Martin\Cookies\martin@tacoda[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@spylog[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@1072556060[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@edge.ru4[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@admarketplace[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@doubleclick[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@www.animalsex[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@audit.median[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@adfair[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@cgi-bin[3].txt
    C:\Documents and Settings\Martin\Cookies\martin@realmedia[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@xiti[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@496666666436666[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@cgi-bin[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@rambler[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@zedo[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@ehg-sigames.hitbox[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@as1.falkag[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@www.serials[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@toplist[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@cgi-bin[7].txt
    C:\Documents and Settings\Martin\Cookies\martin@bluestreak[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@hitbox[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@fastclick[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@partypoker[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@atwola[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@tracking.notabenestats[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@ads.rlcomics[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@as-us.falkag[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@mediametrics.mpsa[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@counter9.sextracker[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@media.fastclick[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@cgi-bin[5].txt
    C:\Documents and Settings\Martin\Cookies\martin@www.winantivirus[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@76711721[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@mtg.banneradministration[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@questionmarket[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@adrevolver[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@eaeacom.112.2o7[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@yadro[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@indextools[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@netmediagroup[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@programs.wegcash[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@ad.ifrance[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@mediaplex[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@revenue[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@adinterax[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@offers.intermediainteractive[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@mb[5].txt
    C:\Documents and Settings\Martin\Cookies\martin@usenext[3].txt
    C:\Documents and Settings\Martin\Cookies\martin@ehg-nokiafin.hitbox[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@advertising[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@revsci[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@adbrite[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@perf.overture[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@ad1.clickhype[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@stat.onestat[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@oddcast[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@id1777[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@dk.winantivirus[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@atdmt[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@ad.yieldmanager[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@2o7[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@yieldmanager[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@drivecleaner[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@clickbank[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@image.masterstats[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@ads.mediamayhemcorp[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@indexstats[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@stats[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@www.riverbelle[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@ad.zanox[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@a[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@warlog[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@adsrevenue[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@ads.estart[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@www.drivecleaner[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@bs.serving-sys[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@dk.drivecleaner[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@1071434493[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@www.humornsex[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@burstnet[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@stats.drivecleaner[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@counter1.sextracker[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@mb[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@cgi-bin[8].txt
    C:\Documents and Settings\Martin\Cookies\martin@focusin.ads.targetnet[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@server.iad.liveperson[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@networksolutions.112.2o7[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@e2.emediate[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@statse.webtrendslive[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@mtr.splash.sexsearch[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@adultfriendfinder[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@adultadworld[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@humornsex[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@winantivirus[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@1068415716[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@centrebet.advertserve[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@kinxxx[2].txt

Adware.Vundo Variant
    HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}
    HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}\InprocServer32
    HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}\InprocServer32#ThreadingModel

Adware.VSToolbar
    C:\Program Files\VSAdd-in\VSAdd-in.#ll
    C:\Program Files\VSAdd-in

BearShare File Sharing Client
    C:\MY DOWLOADS\BEARSHARE.EXE

Trace.Known Threat Sources
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\2DS703O1\wav_banner[1].swf
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\C5S3WJ4V\tracking[1].js
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\C5S3WJ4V\checksoft[1].js
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\IVIT2TWT\ico1[1].gif
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\C5S3WJ4V\index[3].htm
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\YXCBQVCF\ico4[1].gif
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\YXCBQVCF\2006[1].htm
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\2DS703O1\2006[2].htm
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\YXCBQVCF\download2[1].htm
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\IVIT2TWT\logo[1].gif
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\IVIT2TWT\ico5[1].gif
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\ZEVHP53F\2006[1].htm
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\YXCBQVCF\top_pic2[1].gif
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\YXCBQVCF\arrow[2].gif
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\2DS703O1\spacer[1].gif
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\2DS703O1\ico2[1].gif
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\C5S3WJ4V\ico3[1].gif
    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\ZEVHP53F\index[1].htm

Logfil for Dr.Web
--------------------------------------------------------------
jkkll.dll    c:\windows\system32    Trojan.Virtumod    Will be cured after reboot.
webupdate.exe    c:\windows\system32    Win32.HLLW.MyBot    Deleted.
yayawvv.dll    c:\windows\system32    Trojan.Virtumod    Will be cured after reboot.
P2P Networkingp2p10C.EXE\data001    C:\Documents and Settings\Martin\Local Settings\Temp\P2P Networkingp2p10C.EXE    Adware.PeerNet   
P2P Networkingp2p10C.EXE    C:\Documents and Settings\Martin\Local Settings\Temp    Archive contains infected objects    Moved.
p2psetup.exe\data001    C:\Documents and Settings\Martin\Local Settings\Temp\p2psetup.exe    Adware.PeerNet   
p2psetup.exe    C:\Documents and Settings\Martin\Local Settings\Temp    Archive contains infected objects    Moved.
WinAntiVirusPro2006FreeInstall_dk[1].exe    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\2DS703O1    Trojan.DownLoader.10963    Deleted.
lo1[1]    C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\IVIT2TWT    Trojan.Virtumod    Deleted.
NAV071400.exe    C:\Documents and Settings\Martin\My Documents\McAfee 2007 Plus & Norton Antivirus 2007 Incl SERIAL & KEY & UPDATES AVAILABLE\No    Program.Ardamax    Renamed.
VSAdd-in.dll    C:\Program Files\VSAdd-in    Adware.TopSearch    Renamed.
A0028711.exe\data001    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP67\A0028711.exe    Adware.PeerNet   
A0028711.exe    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP67    Archive contains infected objects    Moved.
A0028715.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP68    Adware.RXToolbar    Renamed.
A0028723.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP68    Adware.Altnet    Renamed.
A0028724.exe    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP68    Adware.Altnet    Renamed.
A0001284.ocx    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP7    Trojan.Isbar.439    Deleted.
A0041207.exe    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP83    BackDoor.Generic.1453    Deleted.
A0044997.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP85    Trojan.Virtumod    Deleted.
A0045184.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP85    Trojan.Virtumod    Deleted.
A0048808.exe    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Win32.HLLW.MyBot    Deleted.
A0048809.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Adware.TopSearch    Renamed.
actskn45.ocx    C:\WINDOWS\system32    Trojan.Isbar.439    Deleted.
gbatpdux.exe    C:\WINDOWS\system32    Adware.TopSearch    Renamed.
jkkll.dll    C:\WINDOWS\system32    Trojan.Virtumod    Will be cured after reboot.
ljjkkif.dll    C:\WINDOWS\system32    Trojan.Virtumod    Deleted.
pmnopop.dll    C:\WINDOWS\system32    Trojan.Virtumod    Deleted.
spqxjhrw.dll    C:\WINDOWS\system32    Trojan.Virtumod    Deleted.
vtuvvtr.dll    C:\WINDOWS\system32    Trojan.Virtumod    Deleted.
yayawvv.dll    C:\WINDOWS\system32    Trojan.Virtumod    Will be cured after reboot.

Log fil for HiJackThis
---------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 00:37:12, on 10-02-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WIDCOMM\Bluetooth-software\BTTray.exe
C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\93VP7X3K\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=64&bd=pavilion&pf=laptop
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BFACBC52-B6D2-4F84-A486-37A921169F28} - C:\WINDOWS\system32\yayawvv.dll (file missing)
O2 - BHO: (no name) - {F5254D0B-7F2C-42D6-A34D-02FC9B3C85BF} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

scvhost.exe er en virus
svchost.exe er OK

har du kørt en reg-cleaner som rydder op efter gamle allerede afinstallerede programmer ?

det er scvhost, så åbentbart er en virus...

Ja det har jeg.. Dr.Web og SUPERAntiSpyware rydder op i gamle programmer...

prøv at køre en regcleaner:

RegCleaner:  http://www.ccleaner.com/

Manual her:  http://www.spywarefri.dk/manualer/ccleaner-manual.htm

Du er temmelig inficeret. Prøv lige at køre rootchk:
Hent dette værktøj, og gem det på dit skrivebord:
http://www.uploads.ejvindh.net/rootchk.exe

Kør programmet. Efter kort tid vil der dukke en logfil op. Kopier indholdet af denne log herind i tråden.

ejvindh

----------------
********************************* ROOTCHK-LOG, by ejvindh
10-02-2007 16:36:03,85

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end
det var hvad der stod

hcma
--------------------
Prøvede det tool som du foreslog, og fulgte guiden, men har stadig problemet med "Windows kan ikke finde 'scvhost.exe'. Kontroller, at du skrev nanvet korrekt og forsøg derefter igen. Hvis du vil søge på en fil, skal du klikke på knappen Start og derefter klikke på Søg." ved opstart af Windows....

Min tanke er så at formatere hele lortet, men så har HP lavet det så smart at man selv skal lave sine cd'er til programmerne og windows osv.. Men hvis jeg nu går igang med at lave de skiver, vil dette problem med scvhost.exe så ikke bare kopieres med på cd'en og stadig volde mig problemer, selvom jeg formatter hele computeren?

Hvis du formaterer computeren, vil problemet helt sikkert forsvinde. Hvis du vil rense den, kan du prøve følgende. Jeg tror at det allerede vil hjælpe meget:

-- Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind, sammen med en ny log fra Hijackthis.

log fra SDFix
------------------------------------------------

SDFix: Version 1.64

Run by: Martin - 11-02-2007 @ 22:30:48,07

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found..




ADS Check:

C:\WINDOWS\system32
No streams found.

                                Final Check:


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"="C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe:*:Enabled:Pro Cycling Manager"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\My Dowloads\\BearShare.exe"="C:\\My Dowloads\\BearShare.exe:*:Enabled:BearShare"
"C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Microsoft Windows"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

                                Finished

log fra HijackThis
-----------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:46:58, on 11-02-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth-software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\AZSDUJ63\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=64&bd=pavilion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BFACBC52-B6D2-4F84-A486-37A921169F28} - C:\WINDOWS\system32\yayawvv.dll (file missing)
O2 - BHO: (no name) - {F5254D0B-7F2C-42D6-A34D-02FC9B3C85BF} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

det må jeg sige.. det løste problemet... har jeg andre problemer på min computer?

men smid lige et svar

Ja, det har hjulpet rigtig meget, men du er ikke helt i hus endnu. Og jeg tror også jeg har fundet kilden til din infektion. Du har (mindst) 4 p2p-klienter installeret (Limewire, Bittorrent, Azureus og Bearshare). Selvom 3 af disse klienter i sig selv ikke er inficeret, så er de ting man henter over disse netværk en meget hyppig kilde til infektion. Og Bearshare er så notorisk kendt for i sig selv at være inficeret. Det er nogle ret ondskabsfulde ting, du har haft inde her, så jeg vil kraftigt opfordre dig til at genoverveje brugen af disse netværk. Dertil kommer naturligvis at mange af de ting, som man henter heller ikke er lovlige...

Men prøv nu følgende for at komme i bund med infektionerne:

-- Hent Dr. Web, og gem det på skrivebordet:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

-- Opdater din Superantispyware-scanner.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: (no name) - {BFACBC52-B6D2-4F84-A486-37A921169F28} - C:\WINDOWS\system32\yayawvv.dll (file missing)
O2 - BHO: (no name) - {F5254D0B-7F2C-42D6-A34D-02FC9B3C85BF} - (no file)

-- Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet på skrivebordet som regfix.reg. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=-
"C:\\Program Files\\Azureus\\Azureus.exe"=-
"C:\\My Dowloads\\BearShare.exe"=-
"C:\\WINDOWS\\scvhost.exe"=-
------------------------------
Dobbeltklik så på den fil, som du lige har lavet, og bekræft at du vil tilføje oplysningerne til registreringsdatabasen.

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Du skal nu til at slette. Som indledning hertil skal du have slået "Udvidet filvisning" til:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

-- Slet herefter følgende (hvis du kan finde dem):
C:\WINDOWS\scvhost.exe

-- Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til. Lad den slette hvad den finder (say Yes to all). Undervejs i scanningen vil der dukke en grøn popup som tilbyder dig at købe Dr.Web, hvor du får mulighederne "Buy" eller "50% discount". Her skal du bare lukke popuppen, ved at klikke på krydset øverst til højre.

Når den skriver "Select object for Scanning" nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet - File Types, prik i - All Files
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Move.
Fjern flueben ved "Prompt on action"
Ved "Move path", skriver du i tekstboksen "c:\" Så der kommer til at stå "c:\infected".
Skift til fanbladet Log File. Der fjerner du flueben ved: "Scanned objects" og "Archivers name".
Tryk på Anvend

Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.
Tryk så på den grønne pil nederst til højre, så scanner den.
Lad den slette/move hvad den finder (Say yes to all)

Når scanningen er færdig, gå op i file – Tryk på- Save Report list.

Så ligger der en en fil der her hedder "drweb.csv" på skrivebordet. Luk Programmet

-- Start SuperAntispyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

-- Genstart til normal tilstand. Åbn SuperAntispyware-scannereren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden. Lav også en frisk log med Hijackthis, som du lægger herind. Kopiér også indholdet af drweb.csv herind.

har lige set hvad du har skrevet... prøver... men er ikke hjemme. men svarer imorgen

sådan,

log fil fra Dr.Web
NAV071400.#xe    C:\Documents and Settings\Martin\My Documents\McAfee 2007 Plus & Norton Antivirus 2007 Incl SERIAL & KEY & UPDATES AVAILABLE\No    Program.Ardamax    Moved.
Process.exe    C:\SDFix\apps    Tool.Prockill    Moved.
A0028715.#ll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP68    Adware.RXToolbar    Moved.
A0028723.#ll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP68    Adware.Altnet    Moved.
A0028724.#xe    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP68    Adware.Altnet    Moved.
A0048809.#ll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Adware.TopSearch    Moved.
A0048810.ocx    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Trojan.Isbar.439    Deleted.
A0048811.exe    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Adware.TopSearch    Moved.
A0048812.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Trojan.Virtumod    Deleted.
A0048813.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Trojan.Virtumod    Deleted.
A0048814.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Trojan.Virtumod    Deleted.
A0048815.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Trojan.Virtumod    Deleted.
A0048821.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Trojan.Virtumod    Deleted.
A0048822.dll    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP87    Trojan.Virtumod    Deleted.
A0052816.exe    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP91    Tool.Prockill    Moved.
A0054060.exe    C:\System Volume Information\_restore{8A6E0DCF-04FF-4752-8465-1C935F3B92FF}\RP94    Tool.Prockill    Moved.
gbatpdux.#xe    C:\WINDOWS\system32    Adware.TopSearch    Moved.

log fil fra SUPERAntiSpyware

SUPERAntiSpyware Scan Log
Generated 02/14/2007 at 06:47 PM

Application Version : 3.5.1016

Core Rules Database Version : 3182
Trace Rules Database Version: 1192

Scan type      : Complete Scan
Total Scan Time : 00:35:06

Memory items scanned      : 189
Memory threats detected  : 0
Registry items scanned    : 6865
Registry threats detected : 0
File items scanned        : 50886
File threats detected    : 40

Adware.Tracking Cookie
    C:\Documents and Settings\Martin\Cookies\martin@ads.humornsex[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@fight-violent[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@tradedoubler[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@view-1531[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@blockbuster.112.2o7[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@page-116[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@page-19[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@banner.bolddk[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@ad1.emediate[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@stats[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@track.adform[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@comments-2096[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@statcounter[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@adtech[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@mb[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@doubleclick[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@wt.sexsearchcom[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@xiti[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@cgi-bin[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@www.humornsex[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@page-10[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@find-violent[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@page-28[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@mtg.banneradministration[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@questionmarket[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@page-37[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@view-417[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@S153997[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@mediaplex[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@statse.webtrendslive[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@e2.emediate[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@mtr.splash.sexsearch[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@view-1553[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@advertising[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@adultadworld[2].txt
    C:\Documents and Settings\Martin\Cookies\martin@adbrite[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@humornsex[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@view-1486[1].txt
    C:\Documents and Settings\Martin\Cookies\martin@ad.yieldmanager[2].txt

BearShare File Sharing Client
    C:\RECYCLER\S-1-5-21-3235933031-2317625210-85450177-1005\DC13\BEARSHARE.EXE

log fra HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 18:53:37, on 14-02-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Martin\Local Settings\Temporary Internet Files\Content.IE5\AZSDUJ63\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=64&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=64&bd=pavilion&pf=laptop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Så blev loggen ren :-)

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37