snavs på PC???

Joooo - Der er også 10-15 meget mistænkelige elementer igang!!!

Ved du eks. hvad dette er
C:\Documents and Settings\fam Christensen\fam Christensen.exe ?

Derfor gennemfør denne procedure ->

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

-----

Senere SKAL SP3 på dyret + efterfølgende opdateringer fra WindowsUpdate. Der mangler vist en del ...

Hej

tak for din respons. her kommer log filerne:

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

22-07-2009 19:01:32
mbam-log-2009-07-22 (19-01-32).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 129332
Tid tilbagelagt: 58 minute(s), 10 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 30
Inficerede Registeringsdatabase Værdier: 12
Inficerede Registeringsdatabase Filer: 6
Inficerede Mapper: 0
Inficerede Filer: 58

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b5cfd66-1f55-4fc2-b5af-36b66e7cfe6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{964bf54a-a147-4b3f-9540-6c40cc6b9d8c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wuntlpzzvpjlcv (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ati64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009293c (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f60e1c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\servises (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
c:\documents and settings\fam christensen\fam Christensen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071922.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071928.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071929.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071935.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071936.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071937.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071938.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071939.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071940.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071942.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071949.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071958.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071959.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071963.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071964.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071965.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071970.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071977.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071993.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071994.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071995.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071996.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071997.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071998.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0071999.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP456\A0072000.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072001.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072002.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072003.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072005.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072006.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072007.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072008.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072009.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072010.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072011.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072012.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{1e4feb62-0ddb-4bee-bf02-6851939aca2f}\RP457\A0072018.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wuntlpzzvpjlcv.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\acpi32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\amd64si.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\ati64si.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\netsik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\nicsk32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\i386si.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\securentm.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\ws2_32sik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\fips32cup.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\ksi32sk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\port135sik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\TEMP\BN57.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\fam Christensen\Dokumenter\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\usb_stick_108_V2025_eng.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\fam Christensen\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\fam Christensen\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:09, on 22-07-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\sm56hlpr.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmer\Internet Explorer\iexplore.exe
E:\Programs\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [fam Christensen] C:\Documents and Settings\fam Christensen\fam Christensen.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://danid.dk/csp/authenticode/digitalsignatur-csp.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6390 bytes

Hmmm... Det er godt stykke af vejen...

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKCU\..\Run: [fam Christensen] C:\Documents and Settings\fam Christensen\fam Christensen.exe /i

Genstart normalt...

Slet filen (hvis den er der ?)
C:\Documents and Settings\fam Christensen\fam Christensen.exe

------------------------------------------------------------------------

En frisk log fra HiJackThis ...

(Hvad endte denne tråd med ?)

ups. denne tråd kan vi vist godt få lukket. Smider du et svar karise

Ping...
(Det var så et [svar]...)