Fjerne Trojan Horse

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

------------------

Hej

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:13, on 01-07-2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Simon\svchost.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Simon\Skrivebord\Hijack\HiJackThis.exe
C:\Programmer\limewire\limewire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programmer\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Simon\svchost.exe
O4 - HKLM\..\Run: [ShareSearcher] C:\DOCUME~1\Simon\LOKALE~1\Temp\695B.tmp
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Simon\cftmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BM73fab1f2] Rundll32.exe "C:\WINDOWS\System32\tcwawgdw.dll",s
O4 - HKLM\..\Run: [70c9826e] rundll32.exe "C:\WINDOWS\System32\oehjmcgr.dll",b
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Simon\cftmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = Ny mappe\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PD - {1B063B3A-1D2C-4D03-999D-E113459912FF} - C:\Programmer\Pop up Blocker\pd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for ¸æ†: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Simon\LOKALE~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Opgavestyring (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - http://www.fhm.dk/grafik/wallpapers/wpcheerleader.jpg

--
End of file - 7493 bytes

*** Det er du selv ude om !!! ***

Du har ikke opdateret dit Windows XP til ServicePack2 (SP2).
"Ubeskyttede pc’er holder i 20 minutter":
http://www.comon.dk/index.php/news/show/id=18812
http://www.pcworld.dk/blog/insider/1359?fpindex&fppos=5&a=block&i=113

Det er ikke så godt, for så er du ikke sikret mod mange af de vira, der suser rundt på nettet og kigger efter uopdaterede maskiner. Som du er et godt eksempel på !!!

Er der nogen grund til denne detalje ?

Du kan hente ServicePack2 (SP2) her som 'løs' fil (~280Mb):
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/
Download/copy til et passende sted på din PC
Afbryd fra det 'farlige' internet (stikket fysisk UD).
Instaler SP2 pakken.
Når det er så gået godt og efter en genstart eller to - først DA tilslut internettet igen og gå i start ->programmer ->Windowsupdate og lade din maskine scanne for nyeste opdateringer. Installer dem du får anbefalet.
Der skal nok være mere end 99 'pakker' ...

Desude bør/skal din AVG7.X også opdateres til AVG8.X

-------

Der er _meget_ andet snavs - med først ovenstående !!!

Velkommen til Eksperten.dk
Generelt -> http://expfaq.dk/

Så skulle det være klaret undtagen det med windowsupdate det kunne jeg ikke få til at køre rigtig. Hvad gør jeg nu

... Frisk HiJackThis Log ... procedure følger derefter...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:17, on 01-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Simon\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Simon\Skrivebord\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programmer\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Simon\svchost.exe
O4 - HKLM\..\Run: [ShareSearcher] C:\DOCUME~1\Simon\LOKALE~1\Temp\695B.tmp
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Simon\cftmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [70c9826e] rundll32.exe "C:\WINDOWS\System32\oehjmcgr.dll",b
O4 - HKLM\..\Run: [BM73fab1f2] Rundll32.exe "C:\WINDOWS\System32\tcwawgdw.dll",s
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Simon\cftmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = Ny mappe\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PD - {1B063B3A-1D2C-4D03-999D-E113459912FF} - C:\Programmer\Pop up Blocker\pd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for ¸æ†: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214938434312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: hpdj - HP - C:\DOCUME~1\Simon\LOKALE~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Opgavestyring (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O24 - Desktop Component 0: (no name) - http://www.fhm.dk/grafik/wallpapers/wpcheerleader.jpg

--
End of file - 7556 bytes

Afinstaller

* Logitech Desktop Messenger
* MyGlobalSearch
* Symantec/Norton (Hvis der er noget ?)

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten (Hvis den er der)
* hpdj - HP
* Opgavestyring (Schedule)
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

----------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Documents and Settings\Simon\svchost.exe
C:\DOCUME~1\Simon\LOKALE~1\Temp\695B.tmp
C:\WINDOWS\system32\drivers\spools.exe
C:\Documents and Settings\LocalService\cftmon.exe
C:\DOCUME~1\Simon\LOKALE~1\Temp\hpdj.exe

Folders to delete:
C:\Programmer\MyGlobalSearch\
C:\Programmer\Symantec\
D:\Programmer\Logitech\Desktop Messenger\

~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programmer\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\Simon\svchost.exe
O4 - HKLM\..\Run: [ShareSearcher] C:\DOCUME~1\Simon\LOKALE~1\Temp\695B.tmp
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Simon\cftmon.exe
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = Ny mappe\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: hpdj - HP - C:\DOCUME~1\Simon\LOKALE~1\Temp\hpdj.exe
O23 - Service: Opgavestyring (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O24 - Desktop Component 0: (no name) - http://www.fhm.dk/grafik/wallpapers/wpcheerleader.jpg

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

----------------------

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.

Hej Karise Larry
Jeg er tody62 far. Han har åbnet avenger og kopieret Files to delete og folders to delete ind og trykket execute. PC starter selv op, men spørger nu efter hvilet program han skal brufe til at åbne notapad vinduet med. Det samme gælder explorer m.m.
Nu kan han ikke komme på nettet mere. Har haqn slettet noget han ikke skulle?

Er der andre der kan hjælpe???

... ikke hvis han kun har gennemført ovenstående ...

StandBy ...

Bør blive rettet med denne ->
http://www.kellys-korner-xp.com/regs_edits/exefix.reg

???

Han kan jo ikke hente noget fra nettet.....

Du må jo overføre den lille REG fil til hans PC via passende medie (USB stick, Diskette *S*, ..)

(Først tilbage imorgen aften... ZZZ Z Z Z zzz z z z )

OK - vi vender tilbage i morgen......

Hej her er den nye log. Virusen hedder PSW.AGENT.SYV

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:04, on 03-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
c:\windows\system32\rundll32.exe
c:\programmer\spyware doctor\pctstray.exe
c:\progra~1\avg\avg8\avgtray.exe
c:\windows\system32\ctfmon.exe
d:\programmer\intervideo\common\bin\wincinemamgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
c:\documents and settings\simon\skrivebord\hijack\hijackthis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [70c9826e] rundll32.exe "C:\WINDOWS\system32\hwbpuuim.dll",b
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PD - {1B063B3A-1D2C-4D03-999D-E113459912FF} - C:\Programmer\Pop up Blocker\pd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for ¸æ†: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214938434312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Simon\LOKALE~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Opgavestyring (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe

--
End of file - 6553 bytes

Har kørt diverse programmer og har fået AVG 8.0

Denne linie bør fixes:

O4 - HKLM\..\Run: [70c9826e] rundll32.exe "C:\WINDOWS\system32\hwbpuuim.dll",b

(Hvor mon den kom fra ???)
Samme med

O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Simon\LOKALE~1\Temp\hpdj.exe (file missing)
O23 - Service: Opgavestyring (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)

som også bør/skal 'fixes' ...

Hej

Jeg har kørt den nye 8.0 AVG scan af computeren. Jeg kan ikke slå automatisk opdatering af windos til så mangler stadig opdateringerne til Servicepakke2.

Ny log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:46, on 03-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
c:\programmer\spyware doctor\pctstray.exe
c:\windows\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
d:\programmer\intervideo\common\bin\wincinemamgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
c:\documents and settings\simon\skrivebord\hijack\hijackthis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eksperten.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {28474021-8214-4F85-BEBA-263741BE142B} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {68950839-2675-49E2-B6A5-442E0B0D1BA4} - C:\WINDOWS\System32\nnnkJDsQ.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {A362A093-66BF-4D39-8776-0A6A3C438E54} - C:\WINDOWS\system32\fccbCsTN.dll (file missing)
O2 - BHO: (no name) - {E48B7A86-C680-4AEC-9D51-CC401F4988DD} - (no file)
O2 - BHO: {bee2ccf8-505d-5a6b-ef54-5e98a63f170f} - {f071f36a-89e5-45fe-b6a5-d5058fcc2eeb} - C:\WINDOWS\system32\lzcqjg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PD - {1B063B3A-1D2C-4D03-999D-E113459912FF} - C:\Programmer\Pop up Blocker\pd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for ¸æ†: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214938434312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnkJDsQ - C:\WINDOWS\SYSTEM32\nnnkJDsQ.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Opgavestyring (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe

--
End of file - 6886 bytes

Der kommer stadig nye Uønskede elementer !!!

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
PS: Brug stadig denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Eksempelvis ->
C:\WINDOWS\system32\lzcqjg.dll
C:\WINDOWS\System32\nnnkJDsQ.dll
???

Det var jo det jeg startede med at gøre. Kan det hjælpe at gøre det igen?

(Jeg ka' ikke finde reslutater fra nævnte ComboFix / SuperAntiSpyware / CCleaner i tråden ???)

Superantispyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2008 at 10:15 PM

Application Version : 4.15.1000

Core Rules Database Version : 3496
Trace Rules Database Version: 1487

Scan type      : Complete Scan
Total Scan Time : 00:42:26

Memory items scanned      : 366
Memory threats detected  : 3
Registry items scanned    : 5258
Registry threats detected : 111
File items scanned        : 22492
File threats detected    : 25

Trojan.Vundo-Variant/Small-GEN
    C:\WINDOWS\SYSTEM32\NNNKJDSQ.DLL
    C:\WINDOWS\SYSTEM32\NNNKJDSQ.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68950839-2675-49E2-B6A5-442E0B0D1BA4}
    HKCR\CLSID\{68950839-2675-49E2-B6A5-442E0B0D1BA4}
    HKCR\CLSID\{68950839-2675-49E2-B6A5-442E0B0D1BA4}\InprocServer32
    HKCR\CLSID\{68950839-2675-49E2-B6A5-442E0B0D1BA4}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79A5A0F0-B079-4549-9456-5A7AF7100AB8}
    HKCR\CLSID\{79A5A0F0-B079-4549-9456-5A7AF7100AB8}
    HKCR\CLSID\{79A5A0F0-B079-4549-9456-5A7AF7100AB8}\InprocServer32
    HKCR\CLSID\{79A5A0F0-B079-4549-9456-5A7AF7100AB8}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{68950839-2675-49E2-B6A5-442E0B0D1BA4}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\nnnkJDsQ

Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\JKKLCSKH.DLL
    C:\WINDOWS\SYSTEM32\JKKLCSKH.DLL

Trojan.Downloader-NewJuan/VM
    C:\WINDOWS\SYSTEM32\KEDATB.DLL
    C:\WINDOWS\SYSTEM32\KEDATB.DLL

Adware.IWantSearchBar
    HKU\S-1-5-21-790525478-926492609-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

Adware.Tracking Cookie
    C:\Documents and Settings\Simon\Cookies\simon@software-traffic[2].txt
    C:\Documents and Settings\Simon\Cookies\simon@adtech[1].txt
    C:\Documents and Settings\Simon\Cookies\simon@servedby.onlinemediadiva[2].txt
    C:\Documents and Settings\Simon\Cookies\simon@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Simon\Cookies\simon@ad.yieldmanager[1].txt
    C:\Documents and Settings\Simon\Cookies\simon@doubleclick[1].txt
    C:\Documents and Settings\Simon\Cookies\simon@track.adform[2].txt
    C:\Documents and Settings\Simon\Cookies\simon@zedo[1].txt
    C:\Documents and Settings\Simon\Cookies\simon@scanner.vav-scanner[2].txt
    C:\Documents and Settings\Simon\Cookies\simon@new-pcp[1].txt
    C:\Documents and Settings\Simon\Cookies\simon@statcounter[1].txt
    C:\Documents and Settings\Simon\Cookies\simon@pacificpoker[2].txt
    C:\Documents and Settings\Simon\Cookies\simon@partypoker[1].txt
    C:\Documents and Settings\Simon\Lokale indstillinger\Temp\Cookies\simon@e2.emediate[2].txt
    C:\Documents and Settings\Simon\Lokale indstillinger\Temp\Cookies\simon@doubleclick[1].txt
    C:\Documents and Settings\Simon\Lokale indstillinger\Temp\Cookies\simon@2o7[1].txt
    C:\Documents and Settings\Simon\Lokale indstillinger\Temp\Cookies\simon@ads.planetactive[1].txt
    C:\Documents and Settings\Simon\Lokale indstillinger\Temp\Cookies\simon@atdmt[2].txt
    C:\Documents and Settings\Simon\Lokale indstillinger\Temp\Cookies\simon@advertising[1].txt
    C:\Documents and Settings\Simon\Lokale indstillinger\Temp\Cookies\simon@track.adform[1].txt

Adware.WhenU
    HKCR\WUSN.1
    HKCR\WUSN.1#WUSN_Id
    HKCR\ACM.ACMFactory
    HKCR\ACM.ACMFactory\CLSID
    HKCR\ACM.ACMFactory\CurVer
    HKCR\ACM.ACMFactory.1
    HKCR\ACM.ACMFactory.1\CLSID
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
    HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
    HKCR\AppId\ACM.DLL
    HKCR\AppId\ACM.DLL#AppID
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version
    HKLM\Software\WhenUSave
    HKLM\Software\WhenUSave#db_script_update
    HKLM\Software\WhenUSave#InstallDir
    HKLM\Software\WhenUSave#pats_url
    HKLM\Software\WhenUSave#pat_chunks_url
    HKLM\Software\WhenUSave#script_url
    HKLM\Software\WhenUSave#update_url
    HKLM\Software\WhenUSave#ver_url
    HKLM\Software\WhenUSave#Version
    HKLM\Software\WhenUSave#timedDBUpdate_rs
    HKLM\Software\WhenUSave#SystemParam_rs
    HKLM\Software\WhenUSave#extra_url
    HKLM\Software\WhenUSave#extraver_url
    HKLM\Software\WhenUSave#ziptomsa_url
    HKLM\Software\WhenUSave#InstallTime
    HKLM\Software\WhenUSave#LastPartner
    HKLM\Software\WhenUSave#zip
    HKLM\Software\WhenUSave#acm_rs
    HKLM\Software\WhenUSave#TotalPartner
    HKLM\Software\WhenUSave#Partner
    HKLM\Software\WhenUSave#PartnerB
    HKLM\Software\WhenUSave#PartnerDesc
    HKLM\Software\WhenUSave#FullDBTime
    HKLM\Software\WhenUSave#TotalPopup
    HKLM\Software\WhenUSave#HeartbeatTime
    HKLM\Software\WhenUSave#HeartbeatCount
    HKLM\Software\WhenUSave#brandskin_url
    HKLM\Software\WhenUSave#brandstrip_rs
    HKLM\Software\WhenUSave#brandstrip_url
    HKLM\Software\WhenUSave#bstat_rs
    HKLM\Software\WhenUSave#himp_url
    HKLM\Software\WhenUSave#iptomsa_url
    HKLM\Software\WhenUSave#maxPopups_rs
    HKLM\Software\WhenUSave#redir3p_url
    HKLM\Software\WhenUSave#uninstalltag_rs
    HKLM\Software\WhenUSave#db_stamp_rs
    HKLM\Software\WhenUSave#db_server_update
    HKLM\Software\WhenUSave#MSA
    HKLM\Software\WhenUSave#extraupdate_rs
    HKLM\Software\WhenUSave#uninst_rs
    HKLM\Software\WhenUSave#db_local_update
    HKLM\Software\WhenUSave#UpdateTime
    HKLM\Software\WhenUSave#uninstall_cmd_rs
    HKLM\Software\WhenUSave#fword_rs
    HKLM\Software\WhenUSave#TotalAbout
    HKLM\Software\WhenUSave#src_url
    HKLM\Software\WhenUSave#dbc_chunks_rs
    HKLM\Software\WhenUSave#UrlChangeCount
    HKLM\Software\WhenUSave\Partners
    HKLM\Software\WhenUSave\Partners\EEPE
    HKLM\Software\WhenUSave\Partners\EEPE#Partner
    HKLM\Software\WhenUSave\Partners\EEPE#InstallTime
    HKLM\Software\WhenUSave\Partners\EEPE#PartnerDesc
    HKLM\Software\WhenUSave\Partners\EEPE#PartnerFile

Trojan.ErrorSafe
    HKCR\ESSPChck.ESSPChck
    HKCR\ESSPChck.ESSPChck\CLSID
    HKCR\ESSPChck.ESSPChck\CurVer
    HKCR\ESSPChck.ESSPChck.1
    HKCR\ESSPChck.ESSPChck.1\CLSID
    HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
    HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0
    HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\0
    HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\0\win32
    HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\FLAGS
    HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\HELPDIR
    C:\DOCUMENTS AND SETTINGS\SIMON\LOKALE INDSTILLINGER\TEMP\NI.UERSK_0001_N91M2407\SETUP.EXE

Adware.Vundo Variant/Rel
    HKLM\SOFTWARE\Microsoft\aoprndtws
    HKLM\SOFTWARE\Microsoft\FCOVM
    HKLM\SOFTWARE\Microsoft\RemoveRP
    HKU\S-1-5-21-790525478-926492609-839522115-1003\Software\Microsoft\rdfa

Trojan.Unclassified/SVCHost-Fake
    C:\AVENGER\SVCHOST.EXE

Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:47, on 2008-07-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Spyware Doctor\pctsAuxs.exe
C:\Programmer\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
c:\programmer\spyware doctor\pctstray.exe
c:\progra~1\avg\avg8\avgtray.exe
c:\windows\system32\ctfmon.exe
c:\programmer\superantispyware\superantispyware.exe
d:\programmer\intervideo\common\bin\wincinemamgr.exe
c:\programmer\internet explorer\iexplore.exe
c:\programmer\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\wuauclt.exe
c:\documents and settings\simon\skrivebord\hijack\hijackthis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eksperten.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: {8bb7a379-0fc3-04e8-ed14-a2ce614a2758} - {8572a416-ec2a-41de-8e40-3cf0973a7bb8} - C:\WINDOWS\system32\kedatb.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {A362A093-66BF-4D39-8776-0A6A3C438E54} - C:\WINDOWS\system32\fccbCsTN.dll (file missing)
O2 - BHO: (no name) - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Programmer\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [70c9826e] rundll32.exe "C:\WINDOWS\system32\efnqkjaw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PD - {1B063B3A-1D2C-4D03-999D-E113459912FF} - C:\Programmer\Pop up Blocker\pd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for ¸æ†: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214938434312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe

--
End of file - 6976 bytes

Har også kørt combofix men kunne ikke få en log

"...Har også kørt combofix men kunne ikke få en log...." - hvordan det ???

Vinduet "frøs"

"rørte" du noget undervejs ? Den SKAL køre i fred...

(Det er mest fordi der jo "pludselig" dukkede andre Uønskede elementer op; derfor ComboFix + SAS. SAS har jo også 'fixet' en del Uønskede elementer i RegBasen mm. Derfor har jeg en mistanke som ComboFix vil kunne vise og måske 'fixe' ...))

ComboFix 08-07-03.3 - Simon 2008-07-04 22:04:03.2 - NTFSx86
Running from: c:\documents and settings\simon\skrivebord\combofix\combofix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM73fab1f2.xml
.
---- Previous Run -------
.
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.sdb
C:\WINDOWS\BM73fab1f2.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\DdcLVvut.ini
C:\WINDOWS\system32\DdcLVvut.ini2
C:\WINDOWS\system32\efnqkjaw.dll
C:\WINDOWS\system32\efOWxyxx.ini
C:\WINDOWS\system32\efOWxyxx.ini2
C:\WINDOWS\system32\fjsmtayb.ini
C:\WINDOWS\system32\goloxh.dll
C:\WINDOWS\system32\HkSCLkkj.ini
C:\WINDOWS\system32\HkSCLkkj.ini2
C:\WINDOWS\system32\lzcqjg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\miuupbwh.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\NTsCbccf.ini
C:\WINDOWS\system32\NTsCbccf.ini2
C:\WINDOWS\system32\omeeckuu.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rgcmjheo.ini
C:\WINDOWS\system32\thwschxt.dll
C:\WINDOWS\system32\wajkqnfe.ini
C:\WINDOWS\system32\yeqtgcud.dll

.
(((((((((((((((((((((((((  Files Created from 2008-06-04 to 2008-07-04  )))))))))))))))))))))))))))))))
.

2008-07-04 20:56 . 2008-07-04 21:15    <DIR>    d--h-----    C:\WINDOWS\$hf_mig$
2008-07-03 21:10 . 2008-07-03 21:10    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-07-03 21:10 . 2008-07-03 21:10    <DIR>    d--------    C:\Documents and Settings\Simon\Application Data\SUPERAntiSpyware.com
2008-07-03 21:10 . 2008-07-03 21:10    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-03 17:10 . 2008-07-04 13:46    <DIR>    d--h-----    C:\$AVG8.VAULT$
2008-07-03 15:07 . 2008-07-04 09:07    <DIR>    d--------    C:\WINDOWS\system32\drivers\Avg
2008-07-03 15:07 . 2008-07-03 17:21    <DIR>    d--------    C:\Documents and Settings\Simon\Application Data\AVGTOOLBAR
2008-07-03 15:07 . 2008-07-04 09:06    96,520    --a------    C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-03 15:07 . 2008-07-04 09:06    76,040    --a------    C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-03 15:07 . 2008-07-04 09:06    10,520    --a------    C:\WINDOWS\system32\avgrsstx.dll
2008-07-03 15:06 . 2008-07-03 15:06    <DIR>    d--------    C:\Programmer\AVG
2008-07-03 15:06 . 2008-07-03 15:06    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\avg8
2008-07-02 21:29 . 2008-07-02 21:29    135,168    --a------    C:\zip.exe
2008-07-02 21:29 . 2008-07-02 21:29    19,286    --a------    C:\cleanup.exe
2008-07-02 21:29 . 2008-07-02 21:29    574    --a------    C:\cleanup.bat
2008-07-01 20:54 . 2007-07-30 19:19    43,352    --a------    C:\WINDOWS\system32\wups2.dll
2008-07-01 20:54 . 2007-07-30 19:18    34,136    --a------    C:\WINDOWS\system32\wucltui.dll.mui
2008-07-01 20:54 . 2007-07-30 19:19    25,944    --a------    C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-01 20:54 . 2007-07-30 19:19    25,944    --a------    C:\WINDOWS\system32\wuapi.dll.mui
2008-07-01 20:54 . 2007-07-30 19:18    20,824    --a------    C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-01 20:30 . 2008-07-01 20:30    <DIR>    d--------    C:\Documents and Settings\LocalService\Menuen Start
2008-07-01 20:12 . 2008-07-01 20:12    1,008,128    --a--c---    C:\WINDOWS\system32\dllcache\kernel32.dll
2008-07-01 20:12 . 2008-07-01 20:12    607,232    --a--c---    C:\WINDOWS\system32\dllcache\wininet.dll
2008-07-01 20:12 . 2008-07-01 20:12    18,944    --a--c---    C:\WINDOWS\system32\dllcache\powrprof.dll
2008-07-01 20:10 . 2008-07-01 20:10    <DIR>    d--------    C:\WINDOWS\provisioning
2008-07-01 20:10 . 2008-07-01 20:10    <DIR>    d--------    C:\WINDOWS\peernet
2008-07-01 20:10 . 2004-08-26 17:53    148,480    ---------    C:\WINDOWS\system32\wscui.cpl
2008-07-01 20:10 . 2004-08-26 17:53    129,536    ---------    C:\WINDOWS\system32\xmlprov.dll
2008-07-01 20:10 . 2004-08-26 17:53    108,032    ---------    C:\WINDOWS\system32\wshbth.dll
2008-07-01 20:10 . 2004-08-26 17:53    81,408    ---------    C:\WINDOWS\system32\wscsvc.dll
2008-07-01 20:10 . 2004-08-26 17:53    50,176    ---------    C:\WINDOWS\system32\xmlprovi.dll
2008-07-01 20:10 . 2004-08-26 17:53    32,866    ---------    C:\WINDOWS\slrundll.exe
2008-07-01 20:10 . 2004-08-26 17:53    17,408    ---------    C:\WINDOWS\system32\winshfhc.dll
2008-07-01 20:10 . 2004-08-26 17:53    13,824    ---------    C:\WINDOWS\system32\wscntfy.exe
2008-07-01 20:07 . 2008-07-01 20:07    <DIR>    d--------    C:\WINDOWS\ServicePackFiles
2008-07-01 20:02 . 2005-02-25 05:34    22,752    --a------    C:\WINDOWS\system32\spupdsvc.exe
2008-07-01 20:02 . 2004-07-17 11:40    19,528    --a------    C:\WINDOWS\002507_.tmp
2008-07-01 19:59 . 2008-07-01 20:11    <DIR>    d--------    C:\WINDOWS\EHome
2008-07-01 19:18 . 2008-07-01 19:18    <DIR>    d--------    C:\WINDOWS\system32\LowIntegrity
2008-07-01 19:18 . 2008-07-01 20:26    325,633    --a------    C:\WINDOWS\system32\L0000001.FCS
2008-07-01 19:18 . 2008-07-01 20:26    128    --a------    C:\WINDOWS\system32\S0000001.FCS
2008-07-01 19:18 . 2008-07-01 19:18    128    --a------    C:\WINDOWS\system32\S0000000.FCS
2008-07-01 15:37 . 2008-07-01 15:37    <DIR>    d--------    C:\WINDOWS\system32\logs2
2008-07-01 15:34 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-01 15:29 . 2008-07-01 15:29    142,544    --a------    C:\WINDOWS\system32\AcroIEHelper.dll
2008-07-01 15:24 . 2008-07-01 16:07    <DIR>    d--------    C:\WINDOWS\system32\dtw5d
2008-07-01 15:24 . 2008-07-01 15:24    <DIR>    d--------    C:\WINDOWS\system32\cks
2008-07-01 15:24 . 2008-07-01 15:24    136    --a------    C:\WINDOWS\system32\srvblck.tmp
2008-06-30 22:01 . 2008-07-04 22:03    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-30 22:00 . 2008-06-10 21:22    81,288    --a------    C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-30 22:00 . 2008-06-02 15:19    66,952    --a------    C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-30 22:00 . 2008-06-02 15:19    42,376    --a------    C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-30 22:00 . 2008-06-02 15:19    29,576    --a------    C:\WINDOWS\system32\drivers\kcom.sys
2008-06-30 21:59 . 2008-07-03 17:36    <DIR>    d--------    C:\Programmer\Spyware Doctor
2008-06-30 21:59 . 2008-06-30 21:59    <DIR>    d--------    C:\Documents and Settings\Simon\Application Data\PC Tools
2008-06-30 19:59 . 2008-07-02 21:24    <DIR>    d--------    C:\Documents and Settings\Simon\Application Data\LimeWire
2008-06-30 19:39 . 2008-07-01 20:12    1,008,128    --a------    C:\WINDOWS\system32\nwklr.ini
2008-06-30 19:39 . 2004-08-26 17:53    999,936    --a------    C:\WINDOWS\system32\korlg.ini
2008-06-30 19:39 . 2008-07-01 20:12    607,232    --a------    C:\WINDOWS\system32\nwwlnt.ini
2008-06-30 19:39 . 2004-07-07 18:58    590,848    --a------    C:\WINDOWS\system32\worlg.ini
2008-06-30 19:39 . 2008-07-01 20:12    18,944    --a------    C:\WINDOWS\system32\nwpp.ini
2008-06-30 19:39 . 2002-09-21 11:25    14,848    --a------    C:\WINDOWS\system32\pporlg.ini
2008-06-30 19:39 . 2008-07-01 20:12    14,848    --a------    C:\WINDOWS\system32\ldshyr.old
2008-06-30 18:45 . 2008-06-30 18:45    <DIR>    d--------    C:\Programmer\Pop up Blocker
2008-06-30 15:30 . 2008-06-30 19:32    354    ---hs----    C:\WINDOWS\system32\ultvchyq.ini
2008-06-29 10:40 . 2008-06-29 10:40    <DIR>    d--------    C:\WINDOWS\system32\modtrux05
2008-06-29 10:40 . 2008-06-29 10:40    <DIR>    d--------    C:\Temp\syschk3
2008-06-29 10:40 . 2008-06-29 10:53    <DIR>    d--hs----    C:\Documents and Settings\Simon\!
2008-06-06 22:34 . 2008-06-06 22:34    <DIR>    d--------    C:\Programmer\Sony
2008-06-06 22:27 . 2008-06-06 22:27    <DIR>    d--------    C:\Programmer\Sony Setup
2008-06-06 22:27 . 2008-06-06 22:27    <DIR>    d--------    C:\Documents and Settings\Simon\Application Data\Sony Setup
2008-06-06 22:12 . 2008-06-28 12:58    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-06-06 22:12 . 2008-06-06 22:12    1,409    --a------    C:\WINDOWS\QTFont.for

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 13:23    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-06-06 20:18    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-15 11:42 4112384]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:06 1232152]

C:\Documents and Settings\Simon\Menuen Start\Programmer\Start\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 09:03:43 59080]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 09:03:43 59080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VQC2"= vqdecode.dll
"VIDC.VQC1"= vqdecode.dll
"vidc.DIVF"= DivX412.dll
"vidc.vp31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages    REG_MULTI_SZ      msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmer\\AVG\\AVG8\\avgemc.exe"=

R0 Stlth317;Stlth317;C:\WINDOWS\system32\DRIVERS\stlth317.sys [2002-08-07 16:00]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:06]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 09:06]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:06]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 09:06]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-26 17:53]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera;C:\WINDOWS\system32\DRIVERS\dvc325.sys [2000-04-17 23:53]
S3 Dual Mode;Dual Mode Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2002-10-09 22:24]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys [2002-07-09 11:50]
S3 USTOR;U-Storage Controller;C:\WINDOWS\system32\DRIVERS\UStork.sys [2004-01-14 10:22]

.
- - - - ORPHANS REMOVED - - - -

BHO-{8572a416-ec2a-41de-8e40-3cf0973a7bb8} - C:\WINDOWS\system32\kedatb.dll
BHO-{A362A093-66BF-4D39-8776-0A6A3C438E54} - C:\WINDOWS\system32\fccbCsTN.dll
HKLM-Run-70c9826e - C:\WINDOWS\system32\efnqkjaw.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 22:10:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-04 22:15:03 - machine was rebooted [Simon]
ComboFix-quarantined-files.txt  2008-07-04 20:14:54

Pre-Run: 3,082,690,560 byte ledig
Post-Run: 3,094,347,776 byte ledig

202    --- E O F ---    2008-07-04 18:57:10

Undskyld forsinkelsen...

Jooo SAS + ComboFix har ædt en del elementer!

Hvordan kører PC'en så nu ?

Vil iøvrigt gerne se/læse en frisk HiJackThis Log nu da ovenstående procedurer er gennemført...

Den kører rigtig godt. Har fået de 93 opdaterings "pakker" lagt ind.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:04:53, on 07-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
c:\programmer\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\Simon\Skrivebord\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eksperten.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmer\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PD - {1B063B3A-1D2C-4D03-999D-E113459912FF} - C:\Programmer\Pop up Blocker\pd.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for ¸æ†: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214938434312
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/download/2006/cabs/ErrorSafeFreeInstall_dk.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe

--
End of file - 6091 bytes

Lidt mere generel oprydning ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmer\AVG\AVG8\avgtoolbar.dll

------------------------------------------------------------------------

Manuelt slet følgende mapper (hvis de stadig er der?)
C:\Programmer\Symantec\
C:\Programmer\Norton AntiVirus\
C:\Programmer\Fælles filer\Symantec Shared\
C:\Documents and Settings\All Users\Application Data\Symantec\
C:\Documents and Settings\[Bruger]\Application Data\Symantec\

------------------------------------------------------------------------

Husk M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da (Download pakken til et passende sted på din PC og DERFRA install pakken - uden at have andre elementer igang. Vil nok ta' sin tid ...)

Du bør ta' alle elementer i WindowsUpdate:
eks
IE7
WMP11
...

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

Og en omgang med CCleaner som tidliger nævnt...

Tak for hjælpen.

Takker for Point...