Søgningsproblemer i Google - spyware?

Bliver vist omdirigeret http://www.search-daily.com/search.php?qq=gratis

Fostår da godt I ikke rigtig har nogle kloge svar for det ser ud til at det er et større problem, der måske kun løses med en formattering. Debatterne på nettet er ihvertfald talrige og jeg har endnu ikke set en løsning. Har tjekket min pc med indtil flere spyware programmer - intet resultat

Underligt at der ikke er lavet et simpelt tool til dette problem? I kan jo selv prøve at søge på problemet "search-daily" og se de mange bud på en løsning

Jeg tror det ender med en formattering, da løsningerne ligner raketvidenskab og virker ikke

Følg proceduren ("raketvidenskab" ???) herfra ->
http://www.eksperten.dk/artikler/1123

Ja, det er raketvidenskab selvom jeg har prøvet det meste - ender vist med en formattering såfremt ingen kan finde en nemmere løsning

... vil da gerne se/læse omtalte Logs ...

Jeg er ikke klog udi IT, men her er log fil

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:13, on 08-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\a-squared Anti-Malware\a2service.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Spyware Doctor\svcntaux.exe
C:\Programmer\Spyware Doctor\swdsvc.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AirLive Wireless LAN Utility\tiwlnsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Programmer\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Media Mouse\Muiltmedia.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\Search Settings\SearchSettings.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe
C:\Programmer\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\ScanWizard 5\ScannerFinder.exe
C:\Programmer\UltimateZip 2007\uzqkst.exe
C:\Programmer\inKline Global\PC Booster\PCBooster.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {148C180B-3A45-433C-88EE-E875A5F1BAB3} - c:\windows\system32\d3dxofq.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A78325AE-B2E4-41AA-B315-A31862528429} - C:\WINDOWS\system32\audiodevo.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmer\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Programmer\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programmer\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmer\Media Mouse\Muiltmedia.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Programmer\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [nog8u4] C:\WINDOWS\system32\nog8u4.exe
O4 - HKLM\..\Run: [SDTray] "C:\Programmer\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programmer\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmer\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [nog8u4] C:\WINDOWS\system32\nog8u4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Hurtigstart.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Scanner Finder.lnk = C:\Programmer\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmer\MP3 Player Utilities 3.76\AMVConverter\grab.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Konverter hyperlinkdestination til Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter hyperlinkdestination til eksisterende PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter markering til Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter markering til eksisterende PDF-fil - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter valgte hyperlinks til Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter valgte hyperlinks til eksisterende PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmer\MP3 Player Utilities 3.76\MediaManager\grab.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Panda ActiveScan Pro - {9B9B075F-22FF-48e7-A688-1719BE8873CC} - http://www.pandasoftware.com/products/activescanpro/default.asp (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: http://www.pc-gruppen.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: xmbdcuee - C:\WINDOWS\SYSTEM32\d3dxofq.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmer\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Programmer\AirLive Wireless LAN Utility\tiwlnsvc.exe

--
End of file - 13926 bytes

Jooo - der er 'snavs' elementer !
... og Loggen fra omtalte Combofix ?

Nu tager jeg et par dage til julemarkeder og Berlin - ser ud til Combofix fik løst mit problem. Nu ser alt ud til at være i orden - husk dine points!!

Her Combofix log

ComboFix 07-12-09.1 - Claus Andersen 2007-12-09  5:50:55.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1461 [GMT 1:00]
Running from: C:\Documents and Settings\Claus Andersen\Skrivebord\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Claus Andersen\Dokumenter\PPPATC~1
C:\Programmer\Fælles filer\{A0AED~1
C:\Programmer\Fælles filer\{A0AED~2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\~.exe . . . . failed to delete
C:\WINDOWS\system32\d3dxofq.dll . . . . failed to delete

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_THKKKWSQ
-------\thkkkwsq


(((((((((((((((((((((((((  Files Created from 2007-11-09 to 2007-12-09  )))))))))))))))))))))))))))))))
.

2007-12-08 23:56 . 2007-12-08 23:56    19,456    --a------    C:\WINDOWS\system32\drivers\yfyxvpim.dat
2007-12-08 17:00 . 2007-12-08 17:17    <DIR>    d--------    C:\Programmer\a-squared Anti-Malware
2007-12-08 16:26 . 2007-12-08 16:26    <DIR>    d--------    C:\WINDOWS\system32\Kaspersky Lab
2007-12-08 16:26 . 2007-12-08 16:26    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-08 16:23 . 2007-12-08 16:23    <DIR>    d--------    C:\Programmer\Trend Micro
2007-12-08 16:18 . 2007-12-09 06:01    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2007-12-08 16:18 . 2007-12-08 16:18    1,409    --a------    C:\WINDOWS\QTFont.for
2007-12-08 14:54 .     <DIR>        C:\Programmer\Fælles filer\Scanner
2007-12-08 14:54 . 2007-12-08 14:54    <DIR>    d--------    C:\Programmer\CA
2007-12-08 14:54 . 2007-12-08 14:54    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\CA
2007-12-08 14:52 . 2007-09-05 23:22    289,144    --a------    C:\WINDOWS\system32\VCCLSID.exe
2007-12-08 14:52 . 2006-04-27 16:49    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-12-08 14:52 . 2003-06-05 20:13    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-12-08 14:52 . 2004-07-31 17:50    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-12-08 14:52 . 2007-10-03 23:36    25,600    --a------    C:\WINDOWS\system32\WS2Fix.exe
2007-12-08 14:37 . 2007-12-08 14:37    <DIR>    d--------    C:\Programmer\XoftSpySE
2007-12-08 14:24 . 2007-12-08 14:25    <DIR>    d--------    C:\Programmer\SPYWAREfighter
2007-12-08 14:24 .     <DIR>        C:\Programmer\Fælles filer\Application
2007-12-08 14:14 . 2007-12-08 16:08    <DIR>    d--------    C:\Programmer\Windows Defender
2007-12-08 14:02 . 2007-12-08 14:06    <DIR>    d--------    C:\Programmer\Spyware Doctor
2007-12-08 14:02 . 2007-12-08 14:02    <DIR>    d--------    C:\Documents and Settings\Claus Andersen\Application Data\PC Tools
2007-12-08 14:02 . 2007-10-18 00:16    79,688    --a------    C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-08 14:02 . 2007-10-18 00:15    62,280    --a------    C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-08 14:02 . 2007-10-18 00:14    41,288    --a------    C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-08 14:02 . 2007-10-18 00:16    29,000    --a------    C:\WINDOWS\system32\drivers\kcom.sys
2007-12-08 13:00 . 2007-12-08 13:00    1,374    --a------    C:\WINDOWS\imsins.BAK
2007-12-08 08:55 . 2007-12-08 08:55    741,632    --a------    C:\WINDOWS\system32\rlmhucmr.dat
2007-12-08 08:55 . 2007-12-08 08:55    246,545    --a------    C:\WINDOWS\system32\libssl32.dll
2007-12-08 08:55 . 2007-12-08 08:55    119,552    --a------    C:\WINDOWS\system32\exouhkbf.dat
2007-12-08 08:55 . 2007-12-08 08:55    42,240    --a------    C:\WINDOWS\system32\huqlclgl.dat
2007-12-08 08:55 . 2007-12-08 08:55    36,096    --a------    C:\WINDOWS\system32\mavptdvp.dat
2007-12-08 08:55 . 2007-12-08 08:55    35,072    --a------    C:\WINDOWS\system32\pjvruthl.dat
2007-12-08 08:47 . 2001-10-09 14:00    84,992    --a------    C:\WINDOWS\system32\d3dxofq.dll.bak
2007-12-08 08:47 . 2007-12-08 08:55    83,456    --a------    C:\WINDOWS\system32\d3dxofq.dll
2007-12-08 08:46 . 2006-10-18 21:47    84,992    --a------    C:\WINDOWS\system32\audiodevo.dll
2007-12-08 08:46 .     19,456        C:\WINDOWS\system32\drivers\kbjfykrg.dat
2007-12-08 08:46 . 2007-12-08 08:46    15,872    --a------    C:\WINDOWS\system32\nog8u4.exe
2007-12-08 08:45 . 2007-12-08 08:45    21,504    --a------    C:\WINDOWS\system32\~.exe
2007-12-01 17:56 . 2007-12-04 17:08    <DIR>    d--------    C:\Programmer\Image Echo Software
2007-12-01 15:41 . 2007-12-01 15:41    <DIR>    d--------    C:\WINDOWS\system32\QuickTime
2007-12-01 15:41 . 2004-01-28 08:03    1,544,542    --a------    C:\WINDOWS\system32\avcodec.dll
2007-12-01 12:46 . 2007-12-01 12:47    35,840    --a------    C:\WINDOWS\17PHolmes572.exe
2007-12-01 12:44 . 2007-12-01 12:44    <DIR>    d--------    C:\WINDOWS\system32\daSgo01
2007-12-01 12:44 . 2007-12-01 12:44    <DIR>    d--------    C:\Temp\bkR11
2007-12-01 11:51 .     <DIR>        C:\Programmer\Fælles filer\DVDVideoSoft
2007-12-01 11:50 . 2007-12-01 11:50    <DIR>    d--------    C:\Programmer\DVDVideoSoft
2007-12-01 09:49 . 2007-12-01 09:49    0    --ah-----    C:\WINDOWS\99313125
2007-12-01 00:20 . 2007-12-04 17:12    <DIR>    d--------    C:\Programmer\VisiFly
2007-12-01 00:20 .     <DIR>        C:\Programmer\Fælles filer\GeoVid
2007-12-01 00:20 . 2005-06-07 15:11    60,416    --a------    C:\WINDOWS\system32\dsetup.dll
2007-12-01 00:04 . 2006-10-11 19:03    75,264    --a------    C:\WINDOWS\system32\zlib1.dll
2007-12-01 00:04 . 2006-10-11 19:03    53,248    --a------    C:\WINDOWS\system32\MyFlashZip0.ax
2007-11-30 23:56 . 2007-12-08 13:28    <DIR>    d--------    C:\Programmer\Search Settings
2007-11-30 23:56 . 2007-11-30 23:56    <DIR>    d--------    C:\Documents and Settings\Claus Andersen\Application Data\Search Settings
2007-11-29 07:11 . 2007-12-08 13:28    <DIR>    d--------    C:\Programmer\iTunes
2007-11-29 07:11 . 2007-11-29 07:11    <DIR>    d--------    C:\Programmer\iPod
2007-11-27 09:53 . 2007-11-27 09:54    <DIR>    d--------    C:\Programmer\gs
2007-11-27 09:24 . 2007-11-27 10:26    <DIR>    d--------    C:\Programmer\ApFill
2007-11-26 16:34 . 2007-11-26 16:34    2,320,700    --a------    C:\PB170163.amv
2007-11-22 06:04 . 2007-12-08 13:28    <DIR>    d--------    C:\Programmer\Media Mouse
2007-11-21 00:01 . 2007-12-04 17:02    <DIR>    d--------    C:\Programmer\Flash Favorite
2007-11-20 23:20 . 2007-11-20 23:20    <DIR>    d--------    C:\ConverterOutput
2007-11-20 23:19 . 2007-11-20 23:19    <DIR>    d--------    C:\Programmer\Cucusoft
2007-11-20 23:19 . 2004-10-12 14:40    2,255,360    --a------    C:\WINDOWS\system32\libavcodec.dll
2007-11-20 23:19 . 2004-10-12 14:46    1,761,280    --a------    C:\WINDOWS\system32\ffdshow.ax
2007-11-20 23:19 . 2004-10-05 16:16    395,776    --a------    C:\WINDOWS\system32\libmplayer.dll
2007-11-20 23:19 . 2004-10-12 14:42    262,144    --a------    C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-20 23:19 . 2004-10-04 01:50    112,640    --a------    C:\WINDOWS\system32\libmpeg2_ff.dll
2007-11-20 23:19 . 2003-03-25 06:49    98,304    --a------    C:\WINDOWS\system32\L3CODECX.AX
2007-11-20 23:19 . 2004-09-10 13:50    34,820    --a------    C:\WINDOWS\system32\ffdshow.reg
2007-11-20 22:11 .     <DIR>        C:\Programmer\Fælles filer\SWF Studio
2007-11-20 22:10 . 2007-11-20 22:10    <DIR>    d--------    C:\Programmer\Riva
2007-11-20 21:43 . 2007-11-20 21:43    <DIR>    d--------    C:\Programmer\SourceTec
2007-11-20 21:36 . 2007-12-01 00:04    <DIR>    d--------    C:\Documents and Settings\Claus Andersen\Application Data\Moyea
2007-11-20 21:35 . 2003-09-04 08:53    16,384    --a------    C:\WINDOWS\system32\rtl3.dat
2007-11-20 20:45 . 2007-12-04 17:10    <DIR>    d--------    C:\Programmer\Eltima Software
2007-11-14 23:43 . 2007-11-14 23:43    65,536    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43    49,152    --a------    C:\WINDOWS\system32\QuickTime.qts

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 05:01    ---------    d-----w    C:\Programmer\UltimateZip 2007
2007-12-08 16:44    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2007-12-08 12:28    ---------    d-----w    C:\Programmer\ScanWizard 5
2007-12-08 12:28    ---------    d-----w    C:\Programmer\PC Connectivity Solution
2007-12-08 12:28    ---------    d-----w    C:\Programmer\AirLive Wireless LAN Utility
2007-12-08 10:00    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 16:12    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-04 16:11    ---------    d-----w    C:\Programmer\VIDEOzilla
2007-12-04 16:10    ---------    d-----w    C:\Documents and Settings\Claus Andersen\Application Data\Eltima Software
2007-12-04 16:07    ---------    d-----w    C:\Programmer\Moyea
2007-12-04 15:59    ---------    d-----w    C:\Programmer\Corel
2007-12-01 14:41    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-11-30 22:46    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 12:05    30    ----a-w    C:\Programmer\Exiferupdate.ini
2007-11-24 12:10    ---------    d-----w    C:\Programmer\Audacity
2007-11-20 13:03    ---------    d-----w    C:\Programmer\Easy CD-DA Extractor 10
2007-11-15 15:32    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-05 16:03    ---------    d-----w    C:\Programmer\AusLogics Disk Defrag
2007-11-01 05:40    ---------    d-----w    C:\Programmer\Fælles filer\Ulead Systems
2007-11-01 05:40    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-01 05:37    ---------    d-----w    C:\Programmer\Alchemy Mindworks
2007-10-31 08:27    ---------    d-----w    C:\Programmer\SDC udvikling
2007-10-27 09:44    ---------    d-----w    C:\Programmer\ZSoft
2007-10-19 13:13    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-19 13:12    ---------    d-----w    C:\Documents and Settings\Claus Andersen\Application Data\SUPERAntiSpyware.com
2007-10-14 12:16    ---------    d-----w    C:\Programmer\Microsoft CAPICOM 2.1.0.2
2007-10-10 12:56    ---------    d-----w    C:\Documents and Settings\Claus Andersen\Application Data\Corel
2007-10-10 12:55    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Corel
2007-10-10 11:32    ---------    d-----w    C:\Programmer\Picasa2
2007-09-19 12:11    74,752    ----a-w    C:\WINDOWS\cadkasdeinst01e.exe
2007-06-19 21:00    92,064    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmmdm.sys
2007-06-19 21:00    9,232    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmmdfl.sys
2007-06-19 21:00    79,328    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmserd.sys
2007-06-19 21:00    66,656    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmbus.sys
2007-06-19 21:00    6,208    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmcmnt.sys
2007-06-19 21:00    5,936    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmwhnt.sys
2007-06-19 21:00    4,048    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmcr.sys
2007-06-19 21:00    25,600    ----a-w    C:\Documents and Settings\Claus Andersen\usbsermptxp.sys
2007-06-19 21:00    22,768    ----a-w    C:\Documents and Settings\Claus Andersen\usbsermpt.sys
2007-05-01 21:39    0    ----a-w    C:\Documents and Settings\Claus Andersen\template.dat
2007-03-09 07:12    27,648    --sha-w    C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32    616,448    --sha-r    C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37    45,568    --sha-r    C:\WINDOWS\system32\cygz.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{148C180B-3A45-433C-88EE-E875A5F1BAB3}]
2007-12-08 08:55    83456    --a------    c:\windows\system32\d3dxofq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A78325AE-B2E4-41AA-B315-A31862528429}]
2006-10-18 21:47    84992    --a------    C:\WINDOWS\system32\audiodevo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-11-22 21:35    1195360    --a------    C:\Programmer\Search Settings\kb125\SearchSettings.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nog8u4"="C:\WINDOWS\system32\nog8u4.exe" [2007-12-08 08:46]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-26 16:53 C:\WINDOWS\system32\rundll32.exe]
"REGSHAVE"="C:\Programmer\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07]
"PC Pitstop Optimize Scheduler"="C:\Programmer\PCPitstop\Optimize\PCPOptimize.exe" [2007-04-05 11:53]
"TotalRecorderScheduler"="C:\Programmer\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 00:32]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe" []
"PCSuiteTrayApplication"="C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
"FLMOFFICE4DMOUSE"="C:\Programmer\Media Mouse\Muiltmedia.exe" [2007-11-22 06:04]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SearchSettings"="C:\Programmer\Search Settings\SearchSettings.exe" [2007-11-26 12:48]
"nog8u4"="C:\WINDOWS\system32\nog8u4.exe" [2007-12-08 08:46]
"SDTray"="C:\Programmer\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
"CaISSDT"="C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42]
"eTrustPPAP"="C:\Programmer\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2007-12-08 14:55]
"a-squared"="C:\Programmer\a-squared Anti-Malware\a2guard.exe" [2007-08-31 20:24]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-26 16:53]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 13:50]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]

C:\Documents and Settings\Claus Andersen\Menuen Start\Programmer\Start\
UltimateZip Quick Start.lnk - C:\Programmer\UltimateZip 2007\uzqkst.exe [2007-02-02 06:19:51]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Acrobat Hurtigstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2006-12-21 18:44:25]
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
Free WebSite Tools.lnk - C:\Programmer\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2006-12-18 17:50:57]
Scanner Finder.lnk - C:\Programmer\ScanWizard 5\ScannerFinder.exe [2006-12-17 22:56:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoRecentDocsMenu"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoShellSearchButton"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11    267048    --a------    C:\Programmer\iTunes\iTunesHelper.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
2006-05-12 00:32    86016    --a------    C:\Programmer\HighCriteria\TotalRecorder\TotRecSched.exe

R0 ofubutfn;ofubutfn;C:\WINDOWS\system32\drivers\kbjfykrg.dat
R3 TNET1130;802.11 WLAN;C:\WINDOWS\system32\DRIVERS\TNET1130.sys
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 SpyFighter;SpyFighter Guard Device;\??\C:\Programmer\SPYWAREfighter\spyfighter.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 06:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-12-09 05:04:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2007-12-09 05:01:19 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Programmer\XoftSpySE\XoftSpy.exe
"2007-12-08 13:37:58 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Programmer\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 06:02:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09  6:06:44 - machine was rebooted
.
    --- E O F ---

Hvordan fanden kan I læse noget ud af disse logs - det ligner virkelig raketvidenskab

Takker for hjælp - husk points

Hmmm... det var noget af det...

Næste step ->

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~~~~~~~~~~~~~~~~~~~~~~ ind:

~~~~~~~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\d3dxofq.dll
~~~~~~~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {148C180B-3A45-433C-88EE-E875A5F1BAB3} - c:\windows\system32\d3dxofq.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Programmer\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [nog8u4] C:\WINDOWS\system32\nog8u4.exe
O4 - HKCU\..\Run: [nog8u4] C:\WINDOWS\system32\nog8u4.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Panda ActiveScan Pro - {9B9B075F-22FF-48e7-A688-1719BE8873CC} - http://www.pandasoftware.com/products/activescanpro/default.asp (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.


-------------------------

Først Point når problemet bliver løst!!!

Beklager ventetid, men skulle lige 3 dage på Weihnachtsmarkt i Berlin - er lige kommet hjem. Tror porblemeter løst? Her er resultat efter anvisning fra dig

Og jeg er sgu imponeret over at du kan læse det her raketvidenskab - du skulle have dobbelt points


Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sdcbxlaa

*******************

Script file located at: \??\C:\WINDOWS\lvxxhajt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\~.exe for deletion
Deletion of file C:\WINDOWS\system32\~.exe failed!

Could not process line:
C:\WINDOWS\system32\~.exe
Status: 0xc0000022



Could not open file C:\WINDOWS\system32\d3dxofq.dll for deletion
Deletion of file C:\WINDOWS\system32\d3dxofq.dll failed!

Could not process line:
C:\WINDOWS\system32\d3dxofq.dll
Status: 0xc0000022


Completed script processing.

*******************

Finished!  Terminate.

Hijach this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:47, on 12-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\a-squared Anti-Malware\a2service.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Spyware Doctor\svcntaux.exe
C:\Programmer\Spyware Doctor\swdsvc.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AirLive Wireless LAN Utility\tiwlnsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Media Mouse\Muiltmedia.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\SPYWAREfighter\spftray.exe
C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe
C:\Programmer\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\ScanWizard 5\ScannerFinder.exe
C:\Programmer\UltimateZip 2007\uzqkst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {148C180B-3A45-433C-88EE-E875A5F1BAB3} - c:\windows\system32\d3dxofq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A78325AE-B2E4-41AA-B315-A31862528429} - C:\WINDOWS\system32\audiodevo.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmer\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Programmer\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Programmer\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmer\Media Mouse\Muiltmedia.exe
O4 - HKLM\..\Run: [SDTray] "C:\Programmer\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programmer\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmer\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2007\uzqkst.exe
O4 - Global Startup: Adobe Acrobat Hurtigstart.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Scanner Finder.lnk = C:\Programmer\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmer\MP3 Player Utilities 3.76\AMVConverter\grab.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Konverter hyperlinkdestination til Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter hyperlinkdestination til eksisterende PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter markering til Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter markering til eksisterende PDF-fil - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter til Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Konverter til eksisterende PDF-fil - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Konverter valgte hyperlinks til Adobe PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Konverter valgte hyperlinks til eksisterende PDF - res://C:\Programmer\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmer\MP3 Player Utilities 3.76\MediaManager\grab.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmer\Fælles filer\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.pc-gruppen.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Programmer\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Programmer\AirLive Wireless LAN Utility\tiwlnsvc.exe

--
End of file - 12633 bytes

Øv, øv

Ser ud til problemet dukkede op igen, så måske er det alligevel en formattering, der skal til? Prøvede igen med ComboFix og her er log


ComboFix 07-12-09.1 - Claus Andersen 2007-12-12 23:59:22.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1502 [GMT 1:00]
Running from: C:\Documents and Settings\Claus Andersen\Skrivebord\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-11-12 to 2007-12-12  )))))))))))))))))))))))))))))))
.

2007-12-12 21:54 . 2007-12-12 21:55    <DIR>    d--------    C:\Programmer\JAlbumWin
2007-12-08 23:56 . 2007-12-08 23:56    19,456    --a------    C:\WINDOWS\system32\drivers\yfyxvpim.dat
2007-12-08 16:26 . 2007-12-08 16:26    <DIR>    d--------    C:\WINDOWS\system32\Kaspersky Lab
2007-12-08 16:23 . 2007-12-08 16:23    <DIR>    d--------    C:\Programmer\Trend Micro
2007-12-08 14:52 . 2007-09-05 23:22    289,144    --a------    C:\WINDOWS\system32\VCCLSID.exe
2007-12-08 14:52 . 2006-04-27 16:49    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-12-08 14:52 . 2003-06-05 20:13    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-12-08 14:52 . 2004-07-31 17:50    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-12-08 14:52 . 2007-10-03 23:36    25,600    --a------    C:\WINDOWS\system32\WS2Fix.exe
2007-12-08 14:14 . 2007-12-08 16:08    <DIR>    d--------    C:\Programmer\Windows Defender
2007-12-08 13:00 . 2007-12-08 13:00    1,374    --a------    C:\WINDOWS\imsins.BAK
2007-12-08 08:55 . 2007-12-08 08:55    741,632    --a------    C:\WINDOWS\system32\rlmhucmr.dat
2007-12-08 08:55 . 2007-12-08 08:55    246,545    --a------    C:\WINDOWS\system32\libssl32.dll
2007-12-08 08:55 . 2007-12-08 08:55    119,552    --a------    C:\WINDOWS\system32\exouhkbf.dat
2007-12-08 08:55 . 2007-12-08 08:55    42,240    --a------    C:\WINDOWS\system32\huqlclgl.dat
2007-12-08 08:55 . 2007-12-08 08:55    36,096    --a------    C:\WINDOWS\system32\mavptdvp.dat
2007-12-08 08:55 . 2007-12-08 08:55    35,072    --a------    C:\WINDOWS\system32\pjvruthl.dat
2007-12-08 08:47 . 2001-10-09 14:00    84,992    --a------    C:\WINDOWS\system32\d3dxofq.dll.bak
2007-12-08 08:47 . 2007-12-08 08:55    83,456    --a------    C:\WINDOWS\system32\d3dxofq.dll
2007-12-08 08:46 . 2006-10-18 21:47    84,992    --a------    C:\WINDOWS\system32\audiodevo.dll
2007-12-08 08:46 .     19,456        C:\WINDOWS\system32\drivers\kbjfykrg.dat
2007-12-08 08:46 . 2007-12-08 08:46    15,872    --a------    C:\WINDOWS\system32\nog8u4.exe
2007-12-08 08:45 . 2007-12-08 08:45    21,504    --a------    C:\WINDOWS\system32\~.exe
2007-12-01 17:56 . 2007-12-04 17:08    <DIR>    d--------    C:\Programmer\Image Echo Software
2007-12-01 15:41 . 2007-12-01 15:41    <DIR>    d--------    C:\WINDOWS\system32\QuickTime
2007-12-01 15:41 . 2004-01-28 08:03    1,544,542    --a------    C:\WINDOWS\system32\avcodec.dll
2007-12-01 12:46 . 2007-12-01 12:47    35,840    --a------    C:\WINDOWS\17PHolmes572.exe
2007-12-01 12:44 . 2007-12-01 12:44    <DIR>    d--------    C:\WINDOWS\system32\daSgo01
2007-12-01 12:44 . 2007-12-01 12:44    <DIR>    d--------    C:\Temp\bkR11
2007-12-01 11:51 .     <DIR>        C:\Programmer\Fælles filer\DVDVideoSoft
2007-12-01 11:50 . 2007-12-01 11:50    <DIR>    d--------    C:\Programmer\DVDVideoSoft
2007-12-01 09:49 . 2007-12-01 09:49    0    --ah-----    C:\WINDOWS\99313125
2007-12-01 00:20 . 2007-12-04 17:12    <DIR>    d--------    C:\Programmer\VisiFly
2007-12-01 00:20 .     <DIR>        C:\Programmer\Fælles filer\GeoVid
2007-12-01 00:20 . 2005-06-07 15:11    60,416    --a------    C:\WINDOWS\system32\dsetup.dll
2007-12-01 00:04 . 2006-10-11 19:03    75,264    --a------    C:\WINDOWS\system32\zlib1.dll
2007-12-01 00:04 . 2006-10-11 19:03    53,248    --a------    C:\WINDOWS\system32\MyFlashZip0.ax
2007-11-30 23:56 . 2007-12-08 13:28    <DIR>    d--------    C:\Programmer\Search Settings
2007-11-30 23:56 . 2007-11-30 23:56    <DIR>    d--------    C:\Documents and Settings\Claus Andersen\Application Data\Search Settings
2007-11-29 07:11 . 2007-12-08 13:28    <DIR>    d--------    C:\Programmer\iTunes
2007-11-29 07:11 . 2007-11-29 07:11    <DIR>    d--------    C:\Programmer\iPod
2007-11-27 09:53 . 2007-11-27 09:54    <DIR>    d--------    C:\Programmer\gs
2007-11-27 09:24 . 2007-11-27 10:26    <DIR>    d--------    C:\Programmer\ApFill
2007-11-26 16:34 . 2007-11-26 16:34    2,320,700    --a------    C:\PB170163.amv
2007-11-22 06:04 . 2007-12-08 13:28    <DIR>    d--------    C:\Programmer\Media Mouse
2007-11-21 00:01 . 2007-12-04 17:02    <DIR>    d--------    C:\Programmer\Flash Favorite
2007-11-20 23:20 . 2007-11-20 23:20    <DIR>    d--------    C:\ConverterOutput
2007-11-20 23:19 . 2007-11-20 23:19    <DIR>    d--------    C:\Programmer\Cucusoft
2007-11-20 23:19 . 2004-10-12 14:40    2,255,360    --a------    C:\WINDOWS\system32\libavcodec.dll
2007-11-20 23:19 . 2004-10-12 14:46    1,761,280    --a------    C:\WINDOWS\system32\ffdshow.ax
2007-11-20 23:19 . 2004-10-05 16:16    395,776    --a------    C:\WINDOWS\system32\libmplayer.dll
2007-11-20 23:19 . 2004-10-12 14:42    262,144    --a------    C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-20 23:19 . 2004-10-04 01:50    112,640    --a------    C:\WINDOWS\system32\libmpeg2_ff.dll
2007-11-20 23:19 . 2003-03-25 06:49    98,304    --a------    C:\WINDOWS\system32\L3CODECX.AX
2007-11-20 23:19 . 2004-09-10 13:50    34,820    --a------    C:\WINDOWS\system32\ffdshow.reg
2007-11-20 22:11 .     <DIR>        C:\Programmer\Fælles filer\SWF Studio
2007-11-20 22:10 . 2007-11-20 22:10    <DIR>    d--------    C:\Programmer\Riva
2007-11-20 21:43 . 2007-11-20 21:43    <DIR>    d--------    C:\Programmer\SourceTec
2007-11-20 21:36 . 2007-12-01 00:04    <DIR>    d--------    C:\Documents and Settings\Claus Andersen\Application Data\Moyea
2007-11-20 21:35 . 2003-09-04 08:53    16,384    --a------    C:\WINDOWS\system32\rtl3.dat
2007-11-20 20:45 . 2007-12-04 17:10    <DIR>    d--------    C:\Programmer\Eltima Software
2007-11-14 23:43 . 2007-11-14 23:43    65,536    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43    49,152    --a------    C:\WINDOWS\system32\QuickTime.qts

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 22:04    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-12 18:14    ---------    d-----w    C:\Programmer\UltimateZip 2007
2007-12-12 18:09    ---------    d-----w    C:\Programmer\PC Drivers HeadQuarters
2007-12-08 16:44    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2007-12-08 12:28    ---------    d-----w    C:\Programmer\ScanWizard 5
2007-12-08 12:28    ---------    d-----w    C:\Programmer\PC Connectivity Solution
2007-12-08 12:28    ---------    d-----w    C:\Programmer\AirLive Wireless LAN Utility
2007-12-08 10:00    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 16:12    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-04 16:11    ---------    d-----w    C:\Programmer\VIDEOzilla
2007-12-04 16:10    ---------    d-----w    C:\Documents and Settings\Claus Andersen\Application Data\Eltima Software
2007-12-04 16:07    ---------    d-----w    C:\Programmer\Moyea
2007-12-04 15:59    ---------    d-----w    C:\Programmer\Corel
2007-12-01 14:41    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-11-25 12:05    30    ----a-w    C:\Programmer\Exiferupdate.ini
2007-11-24 12:10    ---------    d-----w    C:\Programmer\Audacity
2007-11-20 13:03    ---------    d-----w    C:\Programmer\Easy CD-DA Extractor 10
2007-11-15 15:32    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-05 16:03    ---------    d-----w    C:\Programmer\AusLogics Disk Defrag
2007-11-01 05:40    ---------    d-----w    C:\Programmer\Fælles filer\Ulead Systems
2007-11-01 05:40    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-01 05:37    ---------    d-----w    C:\Programmer\Alchemy Mindworks
2007-10-31 08:27    ---------    d-----w    C:\Programmer\SDC udvikling
2007-10-27 09:44    ---------    d-----w    C:\Programmer\ZSoft
2007-10-19 13:13    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-19 13:12    ---------    d-----w    C:\Documents and Settings\Claus Andersen\Application Data\SUPERAntiSpyware.com
2007-10-14 12:16    ---------    d-----w    C:\Programmer\Microsoft CAPICOM 2.1.0.2
2007-09-19 12:11    74,752    ----a-w    C:\WINDOWS\cadkasdeinst01e.exe
2007-06-19 21:00    92,064    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmmdm.sys
2007-06-19 21:00    9,232    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmmdfl.sys
2007-06-19 21:00    79,328    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmserd.sys
2007-06-19 21:00    66,656    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmbus.sys
2007-06-19 21:00    6,208    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmcmnt.sys
2007-06-19 21:00    5,936    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmwhnt.sys
2007-06-19 21:00    4,048    ----a-w    C:\Documents and Settings\Claus Andersen\mqdmcr.sys
2007-06-19 21:00    25,600    ----a-w    C:\Documents and Settings\Claus Andersen\usbsermptxp.sys
2007-06-19 21:00    22,768    ----a-w    C:\Documents and Settings\Claus Andersen\usbsermpt.sys
2007-05-01 21:39    0    ----a-w    C:\Documents and Settings\Claus Andersen\template.dat
2007-03-09 07:12    27,648    --sha-w    C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32    616,448    --sha-r    C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37    45,568    --sha-r    C:\WINDOWS\system32\cygz.dll
.

(((((((((((((((((((((((((((((  snapshot@2007-12-09_ 6.03.17.01  )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-09 04:03:49    81,144    ----a-w    C:\WINDOWS\system32\perfc006.dat
+ 2007-12-12 18:18:24    81,144    ----a-w    C:\WINDOWS\system32\perfc006.dat
- 2007-12-09 04:03:49    70,066    ----a-w    C:\WINDOWS\system32\perfc009.dat
+ 2007-12-12 18:18:24    70,066    ----a-w    C:\WINDOWS\system32\perfc009.dat
- 2007-12-09 04:03:49    450,422    ----a-w    C:\WINDOWS\system32\perfh006.dat
+ 2007-12-12 18:18:24    450,422    ----a-w    C:\WINDOWS\system32\perfh006.dat
- 2007-12-09 04:03:49    435,920    ----a-w    C:\WINDOWS\system32\perfh009.dat
+ 2007-12-12 18:18:24    435,920    ----a-w    C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{148C180B-3A45-433C-88EE-E875A5F1BAB3}]
2007-12-08 08:55    83456    --a------    c:\windows\system32\d3dxofq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A78325AE-B2E4-41AA-B315-A31862528429}]
2006-10-18 21:47    84992    --a------    C:\WINDOWS\system32\audiodevo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-11-22 21:35    1195360    --a------    C:\Programmer\Search Settings\kb125\SearchSettings.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-26 16:53 C:\WINDOWS\system32\rundll32.exe]
"REGSHAVE"="C:\Programmer\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07]
"PC Pitstop Optimize Scheduler"="C:\Programmer\PCPitstop\Optimize\PCPOptimize.exe" [2007-04-05 11:53]
"TotalRecorderScheduler"="C:\Programmer\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 00:32]
"PCSuiteTrayApplication"="C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10]
"FLMOFFICE4DMOUSE"="C:\Programmer\Media Mouse\Muiltmedia.exe" [2007-11-22 06:04]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-26 16:53]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 13:50]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]

C:\Documents and Settings\Claus Andersen\Menuen Start\Programmer\Start\
UltimateZip Quick Start.lnk - C:\Programmer\UltimateZip 2007\uzqkst.exe [2007-02-02 06:19:51]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Acrobat Hurtigstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2006-12-21 18:44:25]
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
Free WebSite Tools.lnk - C:\Programmer\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe [2006-12-18 17:50:57]
Scanner Finder.lnk - C:\Programmer\ScanWizard 5\ScannerFinder.exe [2006-12-17 22:56:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoRecentDocsMenu"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoShellSearchButton"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11    267048    --a------    C:\Programmer\iTunes\iTunesHelper.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
2006-05-12 00:32    86016    --a------    C:\Programmer\HighCriteria\TotalRecorder\TotRecSched.exe

R0 ofubutfn;ofubutfn;C:\WINDOWS\system32\drivers\kbjfykrg.dat
R3 TNET1130;802.11 WLAN;C:\WINDOWS\system32\DRIVERS\TNET1130.sys
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 06:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-12-12 18:16:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\CLAUSA~1\LOKALE~1\Temp\fprwvjrsF6B108D.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 00:04:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-13  0:07:05 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-09 06:06
.
    --- E O F ---

Ifølge loggen fra Avenger er

C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\d3dxofq.dll
C:\WINDOWS\system32\audiodevo.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\kbjfykrg.dat

ikke blevet slettet !!!

1) Kør Avenger proceduren med de ovennævnte
eller
2) Startop i fejlsikker tilstand [F8] og slet dem manuelt - husk at aktivere skjulte/system mapper/filer...

Efter en normal genstart check med HiJackThis om de er 'aktive' eller hyr ???

Det kunne ikke slettes via Avenger og manuelt kunne det heller ikke. Fandt nogle filekiller programmer og de slog sgu alt ihjel - også mit styresystem.

Formatterede ikke, men har tidligere lavet et driveImage med Runtime DriveImage Xml og det brugte jeg så. Visse ting må så ind igen

Synes du skal have nogle points for det flotte arbejde? Jeg er imponeret over din viden - det er jo ikke din skyld at jeg fik "slået mit XP ihjel"

Takker for at jeg fik indsigt i din viden

Det var da 'pokkers' ...

Du ka' jo se/læse i ovenstående hvilke ting der skal på bagefter (og IKKE skal på *S*)

Læg selv et [svar] og efterfølgende makér dig selv og [Accepter] for at lukke pænt...

Modtager principielt ikke P da problemet ikke blev løst ...

Ja, men du gjorde nu en stor indsats. Vender garanteret tilbage for jeg er lidt anarkistisk når det gælder internettet

Tak for indsatsen