Hijackthis log

Følg vejledningen her: http://www.eksperten.dk/artikler/1123
Dog skal du hente hijackthis herfra: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Bagefter send loggen fra SuperAntiSpyware, Combofix og hijackthis herind.

Hvis du lige ser bort fra de par Trojan Horse du har inde i den PC, var det så ikke en ide, at du stoppede nogen af alle de programmer som starter op, samtidig med din maskine starter. Det ville da frigive en del resourcer i din maskine, så der var en chance for at den kunne arbejde.

(Er det denne 'bror' igen -> http://www.eksperten.dk/spm/825773 ?)

Hej Levich,
tak for din post. Jeg er lige blevet færdig med at scanne det hele. Nedenfor er mine logs :)

Til Ebea: jeg er ikke teknisk klog, på hvordan man kan stoppe de programmer selv.
Til Karise Larry: nu bor jeg ikke hjemme og derfor kan jeg ikke se hvad min bror laver på den stationære pc! Sidste gang var det hans laptop der var noget i vejen. Jeg har dog sagt, at han ikke måtte bruge den stationære pc. Men da de er flere der bruger den, kan jeg ikke vide om det er ham. Jeg bor i tyskland, så derfor kan jeg ikke referer til mig. Hvad hjælper det iøvrigt at du skriver denne tråd? Er det for at beskylde mig for et eller andet?

Ok Levisch, jeg håber ikke at der bliver for meget at se til. Her er hijackthisloggen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:53, on 19-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Plaxo\2.13.1.6\PlaxoHelper.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\FinePixViewer\QuickDCF.exe
C:\Programmer\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timvui.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD06] c:\Programmer\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WINREMOTE] C:\Programmer\InterVideo\Common\Bin\WinRemote.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmer\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Programmer\Plaxo\2.13.1.6\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programmer\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Programmer\Gnuf\Casino\casinogame.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Programmer\Gnuf\Poker\MPPoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B77ABA8-FF84-4F5A-B91B-FD50A6E4FA80}: NameServer = 62.61.130.1,62.61.131.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0DA42BB-597F-4BF7-9652-B4C14731AD92}: NameServer = 62.61.130.1,62.61.131.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Her er combifixlog:
ComboFix 08-07-18.5 - HP_Ejer 2008-07-19 14:28:28.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.797 [GMT 2:00]
Running from: C:\Documents and Settings\HP_Ejer\Skrivebord\Virus scanner\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\myglobalsearch
C:\Programmer\myglobalsearch\bar\History\search
C:\WINDOWS\msnimport.exe
C:\WINDOWS\system32\asbanrhm.dll
C:\WINDOWS\system32\byXQHwXq.dll
C:\WINDOWS\system32\cdcjlaqa.ini
C:\WINDOWS\system32\khfGWnKE.dll
C:\WINDOWS\system32\kqfnkmdg.ini
C:\WINDOWS\system32\ljJYQHyY.dll
C:\WINDOWS\system32\mbhrwdrg.ini
C:\WINDOWS\system32\poomtcut.ini
C:\WINDOWS\system32\qXwHQXyb.ini
C:\WINDOWS\system32\qXwHQXyb.ini2
C:\WINDOWS\system32\rajrwsqi.ini
C:\WINDOWS\system32\utchxbqm.dll
C:\WINDOWS\system32\vxrqvjxg.ini
C:\WINDOWS\system32\wdhphs.dll
C:\WINDOWS\system32\YyHQYJjl.ini
C:\WINDOWS\system32\YyHQYJjl.ini2
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2008-06-19 to 2008-07-19  )))))))))))))))))))))))))))))))
.

2008-07-19 14:26 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-19 14:21 . 2008-07-19 14:21    <DIR>    d--------    C:\Programmer\Trend Micro
2008-07-18 22:13 . 2008-07-18 22:13    <DIR>    d--------    C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-07-17 21:26 . 2008-07-18 09:11    <DIR>    d--------    C:\Documents and Settings\Johnny\Application Data\BullGuard
2008-07-17 16:40 . 2008-07-17 16:40    <DIR>    d--------    C:\Programmer\AVG
2008-07-17 16:40 . 2008-07-17 16:59    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\avg8
2008-07-17 16:28 . 2008-07-17 16:41    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\BitTorrent
2008-07-17 13:43 . 2008-07-18 22:31    <DIR>    d--------    C:\Programmer\Full Tilt Poker
2008-07-16 19:16 . 2008-07-16 19:16    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL
2008-07-11 12:48 . 2008-07-11 12:49    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\Pro Cycling Manager 2008
2008-07-09 13:18 . 2008-07-09 13:18    3,468,904    --a------    C:\WINDOWS\system32\drivers\appdrv01.sys
2008-07-09 13:18 . 2008-07-09 13:18    304,528    --a------    C:\WINDOWS\system32\appdrvrem01.exe
2008-07-09 11:22 . 2008-07-15 10:50    <DIR>    d--------    C:\Documents and Settings\Johnny\Application Data\Pro Cycling Manager 2008
2008-07-08 22:23 . 2008-07-18 09:06    <DIR>    d--------    C:\Programmer\PokerStars
2008-07-08 12:41 . 2008-07-08 12:43    <DIR>    d--------    C:\Programmer\KONAMI
2008-07-08 03:03 . 2008-07-08 03:03    <DIR>    d--------    C:\Programmer\Creative Labs
2008-07-08 03:03 . 1999-07-06 14:13    40,960    --a------    C:\WINDOWS\system32\eax.dll
2008-07-08 03:02 . 2008-07-08 03:02    <DIR>    d--------    C:\Programmer\EidosNet
2008-07-04 23:12 . 2008-07-04 23:43    <DIR>    d--------    C:\Programmer\Pro Evolution Soccer 2008
2008-06-30 00:45 . 2008-06-30 00:45    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\T6
2008-06-30 00:27 . 2008-06-30 00:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Microgaming

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 12:39    ---------    d-----w    C:\Programmer\Plaxo
2008-07-18 20:42    ---------    d-----w    C:\Programmer\bwin
2008-07-18 20:38    ---------    d-----w    C:\Programmer\IncrediMail
2008-07-18 20:37    ---------    d-----w    C:\Programmer\Cyanide
2008-07-18 13:13    ---------    d-----w    C:\Documents and Settings\Johnny\Application Data\DNA
2008-07-18 06:57    ---------    d-----w    C:\Programmer\Steam
2008-07-17 14:49    ---------    d-----w    C:\Documents and Settings\Johnny\Application Data\BitTorrent
2008-07-17 11:43    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-07-17 09:32    ---------    d-----w    C:\Documents and Settings\Johnny\Application Data\Microgaming
2008-07-16 10:04    ---------    d-----w    C:\Programmer\EA GAMES
2008-07-15 11:43    ---------    d-----w    C:\Documents and Settings\Johnny\Application Data\LimeWire
2008-07-09 15:19    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-08 20:28    ---------    d-----w    C:\Programmer\B2BPOKER
2008-07-08 01:02    ---------    d-----w    C:\Programmer\Eidos Interactive
2008-07-04 21:43    ---------    d-----w    C:\Programmer\directx
2008-07-04 19:15    ---------    d-----w    C:\Programmer\TrackMania Nations ESWC
2008-06-23 11:42    ---------    d-----w    C:\Documents and Settings\HP_Ejer\Application Data\AdobeUM
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44    138,368    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00    272,256    ------w    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 20:53    ---------    d-----w    C:\Documents and Settings\Johnny\Application Data\vlc
2008-06-12 20:47    717,296    ----a-w    C:\WINDOWS\system32\drivers\sptd.sys
2008-06-12 20:47    ---------    d-----w    C:\Documents and Settings\Johnny\Application Data\DAEMON Tools
2008-06-03 19:12    ---------    d-----w    C:\Programmer\PartyGaming
2008-05-28 08:56    ---------    d-----w    C:\Programmer\Easy Hi-Q Recorder
2008-05-22 12:55    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\e-Safekey
2006-10-08 18:24    380    ----a-w    C:\Documents and Settings\Johnny\Application Data\wklnhst.dat
2006-05-14 07:19    144    ----a-w    C:\Documents and Settings\HP_Ejer\Application Data\wklnhst.dat
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Programmer\Yahoo!\Messenger\ypager.exe" [2005-12-08 13:55 3096576]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-14 01:24 1694208]
"PlaxoUpdate"="C:\Programmer\Plaxo\2.13.1.6\PlaxoHelper.exe" [2008-04-14 17:36 227914]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 15:34 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"s9201"="C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" [2008-07-16 19:18 1251840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 19:14 36975]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 16:32 5537792]
"HPHUPD06"="c:\Programmer\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 21:34 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 21:26 655360]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
"WINREMOTE"="C:\Programmer\InterVideo\Common\Bin\WinRemote.exe" [2005-05-10 11:05 233472]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
"REGSHAVE"="C:\Programmer\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"avgnt"="C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 23:41 266497]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Genvej til egenskabsside for High Definition Audio"="HDAudPropShortcut.exe" [2004-03-18 00:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"nwiz"="nwiz.exe" [2005-02-24 16:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-07 03:57 90112 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-07 03:53 2805248 C:\WINDOWS\ALCWZRD.EXE]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 01:12:24 113664]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Exif Launcher.lnk - C:\Programmer\FinePixViewer\QuickDCF.exe [2002-01-09 22:53:14 200704]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 03:28:24 258048]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Programmer\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Steam\\SteamApps\\kha tuan\\counter-strike\\hl.exe"=
"C:\\StubInstaller.exe"=
"C:\\Programmer\\LimeWire\\LimeWire.exe"=
"C:\\Programmer\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Cyanide\\Pro Cycling Manager - Saison 2006\\PCM.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\DNA\\btdna.exe"=
"C:\\Programmer\\BitTorrent\\bittorrent.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmer\\Java\\jre1.5.0_05\\bin\\javaw.exe"=
"C:\\Programmer\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmer\\Cyanide\\Pro Cycling Manager - Season 2008\\PCM.exe"=
"C:\\Programmer\\Cyanide\\Pro Cycling Manager - Season 2008\\Autorun\\Exe\\Autorun.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-26 18:57]
R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-07-09 13:18]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-18 23:41]
R1 ewido security suite driver;ewido security suite driver;C:\Programmer\ewido\security suite\guard.sys [2004-11-22 16:15]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 04:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 03:40]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-10-27 22:40]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-10-24 17:35]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc []
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 13:58]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 15:15:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmer\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-07-14 16:00:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{178be83f-1ca1-46cc-8ae1-4aeaf71d1fe1} - C:\WINDOWS\system32\jtdlpe.dll
HKCU-Run-freesms.net - C:\Programmer\freesms.net\freesms.exe
HKLM-Run-Home Theater SchSvr - C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
HKLM-Run-24d8d83a - C:\WINDOWS\system32\grdwrhbm.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 14:39:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-19 14:48:38 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-19 12:48:35

Pre-Run: 128,712,593,408 byte ledig
Post-Run: 128,826,290,176 byte ledig

206    --- E O F ---    2008-07-09 15:19:46


Her er SuperAntiSpywareLog:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/19/2008 at 04:15 PM

Application Version : 4.0.1154

Core Rules Database Version : 3508
Trace Rules Database Version: 1499

Scan type      : Complete Scan
Total Scan Time : 01:08:41

Memory items scanned      : 169
Memory threats detected  : 0
Registry items scanned    : 6799
Registry threats detected : 4
File items scanned        : 29772
File threats detected    : 53

Adware.Tracking Cookie
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@adfarm1.adition[1].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@adtech[1].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@doubleclick[1].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@track.adform[2].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@statse.webtrendslive[2].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@mediaplex[1].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@atdmt[1].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@advertising[2].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@1063530118[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@partners.adultadworld[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@xiti[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@e2.emediate[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@ad.yieldmanager[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@stats1.reliablestats[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@ads.humornsex[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@ilead.itrack[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@stats[3].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@cassava[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@gostats[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@stats[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@indexstats[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@adultadworld[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@eas.apm.emediate[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@stats.drivecleaner[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@www.winantivirus[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@tracker.esecure-transaction[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@anad.tacoda[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@apmebf[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@adbrite[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@www.youramateurporn[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@ad.bolddk[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@as-eu.falkag[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@ad.zanox[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@ads.gamershell[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@ads.arto[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@serving-sys[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@finans-elite[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@www.humornsex[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@servedby.onlinemediadiva[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@secure.partyaccount[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@offeroptimizer[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@www.drivecleaner[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@dk.drivecleaner[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@track.adform[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@partypoker[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@bold.adservinginternational[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@mtr.splash.sexsearch[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@revsci[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@drivecleaner[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@vstats[2].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@clicktorrent[1].txt
    C:\Documents and Settings\Johnny\Cookies\johnny@dk.winantivirus[1].txt

Adware.180solutions/Search Assistant
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll#{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll [
]


På forhånd tak for hjælpen!

Jeg ser på det, øjeblik

mange tak :)

Læs alle punkterne inden du gør noget.
Gem evt. denne vejledning som en tekstfil på skrivebordet vha. Notepad.

(1)
Hent Vundofix http://vundofix.atribune.org/ og følg vejledningen i afsnittet ”Normal usage for removal”.

(2)
Hent AFT-cleaner her: http://www.geekstogo.com/forum/index.php?autocom=downloads&showfile=21
Start programmet og vælg "select all" og derefter "empty all".
Hvis du har Firefox skal du først vælge det i menuen og derefter "select all" og "empty all".

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op) og Fix følgende linjer med HijackThis:
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" /autorun

(4)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende fil(er):
C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe

(5)
Genstart computeren normalt. Lav en ny log med HijackThis og send den herind.

Hej Levich, jeg har fulgt din vejledning.

Den nye Hijackthislog:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:57, on 19-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Plaxo\2.13.1.6\PlaxoHelper.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\MSN Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timvui.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD06] c:\Programmer\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WINREMOTE] C:\Programmer\InterVideo\Common\Bin\WinRemote.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmer\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Programmer\Plaxo\2.13.1.6\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programmer\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Gnuf Casino - {8FE9B27A-BDCD-4d27-A430-4DC0B58D01B0} - C:\Programmer\Gnuf\Casino\casinogame.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Gnuf Poker - {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - C:\Programmer\Gnuf\Poker\MPPoker.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.danskebank.dk/html/activex/DB/Menu.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B77ABA8-FF84-4F5A-B91B-FD50A6E4FA80}: NameServer = 62.61.130.1,62.61.131.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0DA42BB-597F-4BF7-9652-B4C14731AD92}: NameServer = 62.61.130.1,62.61.131.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13458 bytes

... og hvordan kører windows nu?

mange tak, det kører meget bedre end før. Men hvad kan man gøre hvis der kommer trojan horse op igen? jeg har avir antivir virusprogamm, det burde kunne beskytte computuren fint nok eller?

Vil du være venlig at oprette et svar :)

Det bedst er, at have en firewall og et antivirus program installeret og vel at mærke opdateret. Husk også at opdatere programmer såsom Adobe Acrobat Reader og Java.

Desuden skal du holde windows opdateret, og i den forbindelse kan jeg, at du ikke har installeret Service Pack 3 til Windows XP, hvilket jeg kraftigt kan anbefale dig at installere.

oki tak for hjælpen :)