CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede fnuggie Nybegynder
18. juni 2008 - 20:21 Der er 13 kommentarer

Ie lukker efter opstart

Hejsa

Jeg her en Xp maskine med et problem jeg ikke har set før.
Når man åbner ie, så loader den når den er færdig med at loade startsiden lukker den for ie igen. Jeg har prøvet at starte op i fejlsikkert tilstand og det virker på samme måde.
Hvis man prøver at gå ind i instillinger for ie så lukker den også det ned igen hurtigt efte opstart.

En der måske har en løsning???
Hvis ikke tror i så det ville hjælpe at installer firefox eller andet, også bruge det i stedt for???

Mvh
Tommy
Avatar billede Computer Hjælp (Gratis) Mester
18. juni 2008 - 20:38 #1
... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

------------------
Avatar billede olebole Juniormester
18. juni 2008 - 20:49 #2
<ole>

*LoL* jeg så spørgsmålet og tænkte: "Hvormange minutter skal vi mon give Michael?". Stor respekt for din utrættelige vodtrækning i folks HJT-logs!  ;D

/mvh
</bole>
Avatar billede Computer Hjælp (Gratis) Mester
18. juni 2008 - 21:04 #3
*KMPLAG*
(Nogle enkelte gange er 'nogen' dog hurtiger end mig; hvis jeg ikke lige er på...)
Avatar billede fnuggie Nybegynder
18. juni 2008 - 21:21 #4
Den får jeg lige lavet imorgen eftermiddag.

På forhånd tak.
Avatar billede fnuggie Nybegynder
19. juni 2008 - 19:19 #5
Her er HiJackThis fra den:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:13, on 19-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
E:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.opasia.dk/msie_search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [EC180BD2] C:\WINDOWS\System32\xaytcifs.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\nqafnbs.exe
O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\Run: [Microsoft Macro Protection Subsystems] mmps32.exe
O4 - HKLM\..\Run: [Task Manager] taskman.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\RunServices: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\RunServices: [Microsoft Macro Protection Subsystems] mmps32.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Task Manager] taskman.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 USB2.0 Driver] w32usb2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 USB2.0 Driver] w32usb2.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.opasia.dk/start
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1187686789735
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095101435460
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124168835225
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)

--
End of file - 9586 bytes

Jeg venter med spænding på hjælp
Avatar billede Computer Hjælp (Gratis) Mester
19. juni 2008 - 19:32 #6
YFFER PYFFER - Det ka' jeg da godt forstå!!! Der er mange Uønskede elementer ifølge din log.
Hvad har du dog haft gang i ?

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
PS: Brug stadig denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Avatar billede fnuggie Nybegynder
19. juni 2008 - 19:48 #7
Ok

Jeg har nu kørt Ccleaner, men jeg kan ikke køre SuperAntiSpyware da den kræver internet.. What to do???
Avatar billede Computer Hjælp (Gratis) Mester
19. juni 2008 - 22:10 #8
... Download fra en anden PC -> Copy programmet til omtalte PC via en USB Stick eller andet passende medie...

Især ComboFix !!!

(Skal se loggen derfra + tilsvarende fra SAS...)
Avatar billede fnuggie Nybegynder
22. juni 2008 - 12:25 #9
SAS Log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/19/2008 at 11:33 PM

Application Version : 4.0.1154

Core Rules Database Version : 3485
Trace Rules Database Version: 1476

Scan type      : Complete Scan
Total Scan Time : 01:14:23

Memory items scanned      : 178
Memory threats detected  : 0
Registry items scanned    : 5217
Registry threats detected : 0
File items scanned        : 31206
File threats detected    : 58

Adware.Tracking Cookie
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@ads2.jubii[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@hitcount[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@Ad-Aware-SE-Personal-Edition[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@adform[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@track.adform[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@ad.ofir[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@track.adform[3].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@Ad-Aware-SE-Personal-Edition[3].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@click.tdc-online[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@track.adform[4].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@track.adform[5].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@track.adform[6].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@indextools[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@imrworldwide[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@e2.emediate[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@track.adform[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@ad1.emediate[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@track.adform[7].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif krumbak@e2.emediate[3].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@atdmt[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@track.adform[3].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@ads.revsci[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@specificclick[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@e2.emediate[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@adopt.specificclick[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@apmebf[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[4].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@tribalfusion[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@sales.liveperson[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@ads.revsci[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@e2.emediate[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@server.iad.liveperson[3].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[3].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@toplist[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[6].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@click.interactivebrands[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@realmedia[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[7].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[5].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@track.adform[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[9].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[8].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[10].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@adservicemedia[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@apmebf[3].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@www.googleadservices[11].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@eas4.emediate[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@versiontracker[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@media.adrevolver[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@adrevolver[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@doubleclick[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@casalemedia[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@adopt.specificclick[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@statcounter[1].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@ad.yieldmanager[2].txt
    C:\Documents and Settings\Leif Krumbak\Cookies\leif_krumbak@fastclick[2].txt

Hi Jack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:48, on 22-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\Leif Krumbak\Desktop\New Folder\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.opasia.dk/msie_search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [EC180BD2] C:\WINDOWS\System32\xaytcifs.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\nqafnbs.exe
O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\Run: [Microsoft Macro Protection Subsystems] mmps32.exe
O4 - HKLM\..\Run: [Task Manager] taskman.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\RunServices: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\RunServices: [Microsoft Macro Protection Subsystems] mmps32.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Task Manager] taskman.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 USB2.0 Driver] w32usb2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 USB2.0 Driver] w32usb2.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.opasia.dk/start
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1187686789735
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095101435460
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124168835225
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)

--
End of file - 9772 bytes

Combofix log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:48, on 22-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Documents and Settings\Leif Krumbak\Desktop\New Folder\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.opasia.dk/msie_search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [EC180BD2] C:\WINDOWS\System32\xaytcifs.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\nqafnbs.exe
O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\Run: [Microsoft Macro Protection Subsystems] mmps32.exe
O4 - HKLM\..\Run: [Task Manager] taskman.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\RunServices: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\RunServices: [Microsoft Macro Protection Subsystems] mmps32.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Task Manager] taskman.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 USB2.0 Driver] w32usb2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 USB2.0 Driver] w32usb2.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.opasia.dk/start
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1187686789735
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095101435460
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124168835225
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)

--
End of file - 9772 bytes
Avatar billede fnuggie Nybegynder
22. juni 2008 - 12:26 #10
Combo fix:
ComboFix 08-06-16.5 - Leif Krumbak 2008-06-22 10:19:37.1 - FAT32x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.91 [GMT 2:00]
Running from: C:\Documents and Settings\Leif Krumbak\Desktop\New Folder\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mdm.exe

.
(((((((((((((((((((((((((  Files Created from 2008-05-22 to 2008-06-22  )))))))))))))))))))))))))))))))
.

2008-06-19 20:01 . 2008-06-19 20:01    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 20:00 . 2008-06-19 20:00    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-06-19 20:00 . 2008-06-19 20:00    <DIR>    d--------    C:\Documents and Settings\Leif Krumbak\Application Data\SUPERAntiSpyware.com
2008-06-19 19:42 . 2008-06-19 19:42    <DIR>    d--------    C:\Program Files\CCleaner
2008-06-18 21:33 . 2002-07-07 14:22    <DIR>    dr-------    C:\Program Files
2008-06-18 21:32 . 2008-06-18 21:32    <DIR>    d--------    C:\fecb8a0a9bfcbdc53b06499d3b4eb7
2008-06-18 21:12 . 2008-06-18 21:12    <DIR>    d--------    C:\WINDOWS\LastGood(2)
2008-06-18 20:05 . 2008-06-18 20:05    <DIR>    d--------    C:\Program Files\PC Tools AntiVirus
2008-06-18 20:05 . 2008-06-18 20:05    <DIR>    d--------    C:\Documents and Settings\Leif Krumbak\Application Data\PC Tools(2)
2008-06-18 20:05 . 2008-06-18 20:05    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-18 20:05 . 2008-06-18 20:05    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\PC Tools(2)
2008-06-18 11:15 . 2008-06-18 11:15    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-18 07:54 . 2008-06-13 13:05    272,128    ---------    C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-18 06:35 . 2008-06-18 06:35    <DIR>    d--------    C:\Documents and Settings\LocalService\Application Data\MSN6
2008-06-17 12:34 . 2008-05-08 16:02    203,136    ---------    C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-06 11:44 . 2008-06-06 11:44    <DIR>    d--h-----    C:\WINDOWS\ie8
2008-06-05 10:34 . 2008-06-05 10:34    <DIR>    d--------    C:\Program Files\TechTracker
2008-06-05 10:34 . 2008-06-05 10:34    <DIR>    d--------    C:\Documents and Settings\Leif Krumbak\Application Data\VersionTracker Pro
2008-06-05 00:08 . 2008-06-05 00:08    <DIR>    dr-h-----    C:\Documents and Settings\All Users\Application Data\yahoo!
2008-06-05 00:07 . 2008-06-05 00:07    <DIR>    d--------    C:\Documents and Settings\Leif Krumbak\Application Data\Yahoo!
2008-06-04 23:55 . 2008-06-04 23:55    <DIR>    d--------    C:\Program Files\Windows Live
2008-06-04 23:55 . 2008-06-04 23:55    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-04 17:53 . 2008-06-04 17:53    <DIR>    d--------    C:\Program Files\filehippo.com

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 11:05    272,128    ----a-w    C:\WINDOWS\system32\drivers\bthport.sys
2008-05-18 11:20    ---------    d-----w    C:\Program Files\Java
2008-05-15 08:40    126    ------w    C:\Delapp.bat
2008-05-11 16:24    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 12:24    ---------    d-----w    C:\Program Files\Alwil Software
2008-05-11 10:46    ---------    d-----w    C:\Documents and Settings\Leif Krumbak\Application Data\RegistrySmart
2008-05-11 09:06    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-11 07:00    ---------    d-----w    C:\Documents and Settings\Leif Krumbak\Application Data\BullGuard
2008-05-11 07:00    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\BullGuard
2008-05-11 06:59    ---------    d-----w    C:\Program Files\BullGuard Ltd
2008-05-10 10:46    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AVG7(2)
2008-05-10 08:36    45,568    ----a-w    C:\WINDOWS\system32\avgfwdx.dll
2008-05-10 08:36    22,528    ----a-w    C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-08 14:02    203,136    ----a-w    C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-07 05:12    1,288,192    ----a-w    C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12    1,288,192    ------w    C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-01 10:27    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-04-14 03:42    985,088    ----a-w    C:\WINDOWS\system32\setupapi.dll
2008-04-14 03:42    11,264    ------w    C:\WINDOWS\system32\spnpinst.exe
2008-04-14 03:41    423,936    ----a-w    C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25    1,804    ----a-w    C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16    329,728    ----a-w    C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13    92,424    ----a-w    C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13    87,176    ----a-w    C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13    12,168    ----a-w    C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11    98,304    ----a-w    C:\WINDOWS\system32\actxprxy.dll
2008-04-14 00:10    53,279    ----a-w    C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10    4,126    ----a-w    C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10    3,584    ----a-w    C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10    102,912    ----a-w    C:\WINDOWS\system32\dpcdll.dll
2008-04-14 00:10    102,912    ------w    C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-04-13 19:30    1,845,632    ----a-w    C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27    2,188,928    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:45    17,664    ----a-w    C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43    9,728    ------w    C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43    12,800    ------w    C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31    7,424    ----a-w    C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31    2,065,792    ----a-w    C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30    61,440    ----a-w    C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14    76,800    ------w    C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39    438,784    ----a-w    C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39    2,897,920    ----a-w    C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39    187,392    ------w    C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37    208,384    ----a-w    C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37    138,752    ----a-w    C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27    79,872    ----a-w    C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27    79,872    ------w    C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26    94,208    ----a-w    C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26    12,288    ----a-w    C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26    12,288    ----a-w    C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24    20,480    ----a-w    C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21    733,696    ----a-w    C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09    4,096    ------w    C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03    63,488    ----a-w    C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03    549,376    ----a-w    C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48    1,647,616    ------w    C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45    216,064    ----a-w    C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23    48,128    ----a-w    C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22    48,128    ----a-w    C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39    884,736    ----a-w    C:\WINDOWS\system32\msimsg.dll
1601-01-01 00:00    0    ------w    C:\Prog?am Files\Common Files\
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Win32 USB2.0 Driver"="w32usb2.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]
"ISUSPM"="C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe" [2007-03-29 15:41 222128]
"VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [2007-11-07 13:05 131072]
"filehippo.com"="C:\Program Files\filehippo.com\UpdateChecker.exe" [2008-04-30 14:50 136704]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 18:41 223984]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-03 10:11 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\Updreg.exe" [2000-05-11 01:00 90112]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 18:49 102400]
"PMXInit"="C:\WINDOWS\System32\pmxinit.exe" [2002-08-22 00:00 745543]
"EC180BD2"="C:\WINDOWS\System32\xaytcifs.exe" [ ]
"Windows Registry Scan"="regscan.exe" []
"System Uptime Server"="sysentry32.exe" []
"Win32 USB2.0 Driver"="w32usb2.exe" []
"Microsoft Macro Protection Subsystems"="mmps32.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-06-06 09:51 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-08 14:50 185896]
"hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-04-08 12:38 1757184]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 18:41 223984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Registry Scan"="regscan.exe" []
"System Uptime Server"="sysentry32.exe" []
"Win32 USB2.0 Driver"="w32usb2.exe" []
"Microsoft Macro Protection Subsystems"="mmps32.exe" []
"Media Player"="wmplayer.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 02:12 15360]
"Win32 USB2.0 Driver"="w32usb2.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Win32 USB2.0 Driver"="w32usb2.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [7/11/2002 8:48:54 PM 127488]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [6/4/2008 9:56:55 PM 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\System32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\System32\ir32_32.dll
"aux"= ctwdm32.dll
"VIDC.JPEG"= JpegCode.dll
"VIDC.MJPG"= JpegCode.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Support.com\\bin\\tgcmd.exe"=

R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-10 10:36]
R3 powervr;powervr;C:\WINDOWS\system32\DRIVERS\powervr.sys [2002-08-22 19:48]
S2 CoachCap;Concord EyeQ Duo 2000 USB Video Capture V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys [2002-03-03 12:26]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2002-01-17 16:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01d6e3d0-24de-11dd-9671-000795272998}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d53a140-24d7-11dd-9670-000795272998}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f081810-ecd4-11dc-95c3-000795272998}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-22 01:30:02 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-06-22 01:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 10:22:35
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-22 10:23:41
ComboFix-quarantined-files.txt  2008-06-22 08:23:38

Pre-Run: 58,496,057,344 bytes free
Post-Run: 58,531,315,712 bytes free

225    --- E O F ---    2008-06-20 15:29:14
Avatar billede Computer Hjælp (Gratis) Mester
22. juni 2008 - 12:47 #11
PUHA - dette bliver en lang smøre *S* ->


-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Delapp.bat
C:\WINDOWS\Updreg.exe
C:\WINDOWS\System32\pmxinit.exe
C:\WINDOWS\System32\xaytcifs.exe
C:\WINDOWS\System32\nqafnbs.exe
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job

Folders to delete:
C:\Program Files\Yahoo!\
C:\Program Files\ErrorSmart\
C:\Documents and Settings\All Users\Application Data\
C:\Program Files\RegistrySmart
C:\Documents and Settings\Leif Krumbak\Application Data\RegistrySmart
C:\Documents and Settings\Leif Krumbak\Application Data\BullGuard
C:\Documents and Settings\All Users\Application Data\BullGuard
C:\Program Files\BullGuard Ltd
C:\Documents and Settings\All Users\Application Data\AVG7(2)
C:\Program Files\PC Tools AntiVirus\

~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [EC180BD2] C:\WINDOWS\System32\xaytcifs.exe
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\nqafnbs.exe
O4 - HKLM\..\Run: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\Run: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\Run: [Microsoft Macro Protection Subsystems] mmps32.exe
O4 - HKLM\..\Run: [Task Manager] taskman.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\RunServices: [Windows Registry Scan] regscan.exe
O4 - HKLM\..\RunServices: [System Uptime Server] sysentry32.exe
O4 - HKLM\..\RunServices: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKLM\..\RunServices: [Microsoft Macro Protection Subsystems] mmps32.exe
O4 - HKLM\..\RunServices: [Media Player] wmplayer.exe
O4 - HKLM\..\RunServices: [Task Manager] taskman.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Win32 USB2.0 Driver] w32usb2.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [Win32 USB2.0 Driver] w32usb2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Win32 USB2.0 Driver] w32usb2.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://scanner.virus112.com/cabs/cssweb.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.
Avatar billede fnuggie Nybegynder
22. juni 2008 - 15:29 #12
Avenger log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Delapp.bat" deleted successfully.
File "C:\WINDOWS\Updreg.exe" deleted successfully.
File "C:\WINDOWS\System32\pmxinit.exe" deleted successfully.

Error:  file "C:\WINDOWS\System32\xaytcifs.exe" not found!
Deletion of file "C:\WINDOWS\System32\xaytcifs.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\System32\nqafnbs.exe" not found!
Deletion of file "C:\WINDOWS\System32\nqafnbs.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job" deleted successfully.
File "C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" deleted successfully.
Folder "C:\Program Files\Yahoo!" deleted successfully.
Folder "C:\Program Files\ErrorSmart" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data" deleted successfully.

Error:  folder "C:\Program Files\RegistrySmart" not found!
Deletion of folder "C:\Program Files\RegistrySmart" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\Documents and Settings\Leif Krumbak\Application Data\RegistrySmart" deleted successfully.
Folder "C:\Documents and Settings\Leif Krumbak\Application Data\BullGuard" deleted successfully.

Error:  could not open folder "C:\Documents and Settings\All Users\Application Data\BullGuard"
Deletion of folder "C:\Documents and Settings\All Users\Application Data\BullGuard" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist

Folder "C:\Program Files\BullGuard Ltd" deleted successfully.

Error:  could not open folder "C:\Documents and Settings\All Users\Application Data\AVG7(2)"
Deletion of folder "C:\Documents and Settings\All Users\Application Data\AVG7(2)" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist

Folder "C:\Program Files\PC Tools AntiVirus" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Hi Jack Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:29, on 22-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
\Kontor-pc\leif\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [EC180BD2] C:\WINDOWS\System32\xaytcifs.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2.0 Driver] w32usb2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Win32 USB2.0 Driver] w32usb2.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.opasia.dk/start
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1187686789735
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095101435460
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124168835225
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - Unknown owner - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe (file missing)

--
End of file - 6522 bytes
Avatar billede Computer Hjælp (Gratis) Mester
22. juni 2008 - 21:35 #13
Lige en hurtig ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [EC180BD2] C:\WINDOWS\System32\xaytcifs.exe
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2.0 Driver] w32usb2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Win32 USB2.0 Driver] w32usb2.exe (User 'Default user')

Genstart normalt, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Windows kategorien

Titel Indlæg Oprettet Seneste aktivitet
driver til platonic 3200, på win 10 Af Novice-1 i Windows 1 20/11/202419:06 20/11/202419:31
Ældre version af windows media player Af absalon i Windows 4 16/11/202422:42 17/11/202420:15
Telefonlink Af jesperodde i Windows 10 14/11/202412:43 22/11/202416:13
Lenovo bruger strøm selvom den er slukket. Af Magnus Allin i Windows 8 28/10/202411:10 30/10/202414:32
Kan man ændre farve på Proceslinjen ? (Windows 11) ... Af Ikke-ekspert i Windows 4 25/10/202412:00 25/10/202420:57
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 22:30 Underlig meddelelse på skærmen Af Jordegern i E-mail programmer
I går 15:56 Navigation i Peugeot 3-2008 fra 2017 Af arnepedersen i Andet software
I går 14:10 Outlook henter ikke mails Af TTA i Office & Kontorpakker
I går 13:58 vise billeder i kartotek med store ikoner inklusive optagelsesdato Af Malm i Billedbehandling
I går 13:35 Adobe Elements 2019, Organizer Crasher Af mort1 i Billedbehandling
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Telegigant klar med AI-baseret mormor: Holder telefon-svindlere fast i røret med sniksnak og dumme spørgsmål
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Tre vigtige erkendelser, som Computerworld tog med hjem fra Gartners store topmøde i Barcelona
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Topchef Sara Green mener, at der er brug for et radikalt nyt syn på it-ledelse - særligt én ny trend hader hun som pesten
Se alle »
White paper
Teaser billede
Cyberstatus 2024: Her er truslerne – og her forbereder virksomhederne sig
Læs mere »
MDR: Transparent sikkerhed og overvågning i realtid
Sådan får du overblik og beskytter dine cloudapplikationer
Governance, Risk & Compliance: Knyt stærke bånd mellem forretning og sikkerhed
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »