Er der nogen der kan hjælpe. hijack this log

kan ikke lige se hvad det skulle være, men kør disse link.

Hent og installér CCleaner http://www.ccleaner.com/  og en manual her. http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den, det er en værktøjs linie som du sikkert  ikke har brug for.
Lad programmer foretage en oprydning i rens og registrer, og lad den slette det den finder.


Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen, du kan sende den ind til gennemsyn.


Når Malware er færdig, så kør lige en tur mere med CCleaner, så vi kan få det sidste slettet.
Lad programmer foretage en oprydning i rens og registrer, og lad den slette det den finder.


Hent  HiJackThis og lad den foretage en skanning, og send loggen ind til gennemsyn.
Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

<bgx2000>: Velkommen til E. ...

Jo - der er en del synligt snavs; bla. ->
[cdoosoft]
sdra64.exe
[souhif]  ?
mssrv32.exe

Kør nemlig hele proceduren fra #1 !!!

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Og jeg har prøvet at downloade c-cleaner. Jeg kan ikke installere nogen af dem. Ved Ccleaner skriver den at disken er fuld eller skrive beskyttet. og ved den anden skriver den at filen er corrupted. Jeg har prøvet flere gange også fra forskellige sites. :(

... så tager vi denne først ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

NB: Du må ikke døbe den Combofix.exe, men eksempelvis BANAN.exe

-- Kør så combofix.exe (BANAN.exe), som du hentede tidligere, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Tak for indlæget:

når jeg prøver at installere kommer følgende:

Alert !! it is not safe to continue

The content of combofix package has been compromised.
Please download a fresh copy from :
http:www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: you may be infected with a file patching virus "virut"

Det er ikke let at få noget installeret herpå. suk

Har du gjort dette:

NB: Du må ikke døbe den Combofix.exe, men eksempelvis BANAN.exe

Altså ikke noget med at omdøbe EFTER du har gemt den...

Ok. tak for tålmodigheden. Så fik jeg succes tror jeg nok.
logggen ser sådan ud

ComboFix 10-02-05.04 - Administrator 06-02-2010  10:50:00.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3070.2601 [GMT 1:00]
Kører fra: c:\documents and settings\Administrator\Skrivebord\banan.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\windows\logfile32.txt
c:\windows\system32\bcmwl5.inf
c:\windows\system32\Desktop_.ini
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\mssrv32.exe
c:\windows\system32\sdra64.exe
E:\autorun.inf

Inficeret kopi af c:\windows\system32\DRIVERS\atapi.sys blev fundet og desinficeret
Genskabt kopi fra - Kitty ate it :p
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Service_msupdate


(((((((((((((((((((((((((((((  Filer skabt fra 2010-01-06 til 2010-02-06  )))))))))))))))))))))))))))))))))))
.

2010-02-05 16:38 . 2010-02-05 16:38    --------    d-----w-    c:\documents and settings\All Users\Application Data\clp
2010-02-05 16:37 . 2010-02-05 16:37    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Common Toolkit Suite
2010-02-05 16:35 . 2010-02-05 16:37    --------    d-----w-    c:\documents and settings\All Users\Application Data\Common Toolkit Suite
2010-02-05 16:35 . 2010-02-05 16:35    --------    d-----w-    c:\programmer\Fighters
2010-02-05 16:35 . 2010-02-06 09:49    --------    d-----w-    c:\programmer\Fælles filer\Common Toolkit Suite
2010-02-05 16:31 . 2010-02-05 20:05    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{C6F7446C-1BD2-4E50-9F6B-44747FECDCDF}
2010-02-05 16:31 . 2010-02-05 16:31    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Fighters
2010-02-05 16:31 . 2010-02-05 16:31    --------    d-----w-    c:\documents and settings\Administrator\Lokale indstillinger\Application Data\PackageAware
2010-02-05 07:47 . 2010-02-05 07:50    --------    d-----w-    c:\programmer\Windows Live Safety Center
2010-02-03 09:08 . 2010-02-03 09:08    --------    d-----w-    c:\programmer\Trend Micro
2010-02-03 08:48 . 2010-02-03 08:48    --------    d-----w-    c:\windows\system32\wbem\Repository
2010-01-29 21:14 . 2010-01-29 21:13    97280    --sh--r-    C:\mvmdh.exe
2010-01-29 20:32 . 2010-01-29 20:32    --------    d-sh--w-    c:\documents and settings\LocalService\IETldCache
2010-01-27 10:54 . 2010-01-27 10:54    10264    ----a-w-    c:\windows\system32\drivers\avfsfilter.sys
2010-01-26 13:20 . 2007-03-23 08:50    106557    ----a-w-    c:\windows\system32\btw_ci.dll
2010-01-26 13:20 . 2007-11-05 15:54    879528    ----a-w-    c:\windows\system32\drivers\btkrnl.sys
2010-01-26 13:20 . 2007-11-05 15:53    539576    ----a-w-    c:\windows\system32\drivers\btaudio.sys
2010-01-26 13:20 . 2007-06-29 10:38    156392    ----a-w-    c:\windows\system32\drivers\btwdndis.sys
2010-01-26 13:20 . 2007-03-31 11:02    55352    ----a-w-    c:\windows\system32\drivers\btwhid.sys
2010-01-26 13:20 . 2007-03-23 08:50    37424    ----a-w-    c:\windows\system32\drivers\btport.sys
2010-01-26 13:19 . 2010-01-26 13:19    --------    d-----w-    c:\programmer\WIDCOMM
2010-01-26 10:06 . 2008-01-26 01:55    229376    ----a-r-    c:\windows\system32\UCI32M27.dll
2010-01-26 10:04 . 2010-01-26 10:04    --------    d-----w-    c:\programmer\CONEXANT
2010-01-26 10:04 . 2008-03-26 05:22    985472    ----a-r-    c:\windows\system32\drivers\HSF_DPV.sys
2010-01-26 10:04 . 2008-03-26 05:22    210560    ----a-r-    c:\windows\system32\drivers\HSFHWAZL.sys
2010-01-26 10:04 . 2008-03-26 05:22    731264    ----a-r-    c:\windows\system32\drivers\HSF_CNXT.sys
2010-01-22 16:09 . 2010-01-22 16:09    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2010-01-17 09:40 . 2010-01-17 09:40    --------    d-----w-    c:\documents and settings\All Users\Application Data\espionServerData
2010-01-15 12:16 . 2010-01-15 15:41    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Winamp
2010-01-15 12:16 . 2010-01-15 12:17    --------    d-----w-    c:\programmer\Winamp
2010-01-14 20:01 . 2009-11-21 15:58    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 10:04 . 2009-11-25 21:18    --------    d-----w-    c:\documents and settings\All Users\Application Data\BullGuard
2010-02-06 09:35 . 2002-09-16 11:00    78192    ----a-w-    c:\windows\system32\perfc006.dat
2010-02-06 09:35 . 2002-09-16 11:00    447834    ----a-w-    c:\windows\system32\perfh006.dat
2010-01-26 16:55 . 2009-11-25 20:07    --------    d-----w-    c:\programmer\Launch Manager
2010-01-26 13:17 . 2009-11-25 19:55    319488    ----a-w-    c:\windows\HideWin.exe
2010-01-23 20:52 . 2009-12-26 22:05    20    ---h--w-    c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2010-01-23 07:49 . 2009-12-20 15:08    --------    d-----w-    c:\programmer\Microsoft Silverlight
2010-01-22 13:14 . 2007-12-06 18:12    --------    d-----w-    c:\programmer\Fælles filer\Adobe
2010-01-15 11:20 . 2009-11-26 08:07    --------    d-----w-    c:\documents and settings\Administrator\Application Data\WinTrade
2009-12-27 16:40 . 2009-12-26 21:58    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Nikon
2009-12-27 16:40 . 2009-12-26 21:57    --------    d-----w-    c:\programmer\Fælles filer\Nikon
2009-12-27 12:58 . 2009-12-27 12:58    --------    d-----w-    c:\programmer\MSXML 4.0
2009-12-26 22:07 . 2009-12-26 22:07    20    ---h--w-    c:\documents and settings\All Users\Application Data\PKP_DLck.DAT
2009-12-26 22:06 . 2009-12-26 22:06    57344    ----a-r-    c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2009-12-26 22:06 . 2009-12-26 21:57    --------    d-----w-    c:\programmer\Nikon
2009-12-26 22:01 . 2009-11-25 19:55    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2009-12-26 21:59 . 2009-12-26 21:59    49152    ----a-r-    c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-12-26 21:59 . 2009-12-26 21:59    335872    ----a-r-    c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-12-26 21:58 . 2009-12-26 21:58    20    ---h--w-    c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-12-26 21:58 . 2009-12-26 21:58    --------    d-----w-    c:\documents and settings\All Users\Application Data\Dictionaries
2009-12-26 21:58 . 2009-12-26 21:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Ultima_T15
2009-12-26 21:58 . 2009-12-26 21:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\EnterNHelp
2009-12-26 21:58 . 2009-12-26 21:50    20    ---h--w-    c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-12-26 21:57 . 2009-12-26 21:57    --------    d-----w-    c:\programmer\Fælles filer\muvee Technologies
2009-12-26 21:57 . 2009-12-26 21:57    --------    d-----w-    c:\documents and settings\All Users\Application Data\Nikon
2009-12-26 21:50 . 2009-12-26 21:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Console
2009-12-26 21:50 . 2003-03-18 18:05    106496    ----a-w-    c:\windows\system32\ATL71.DLL
2009-12-26 21:50 . 2009-11-25 19:55    --------    d-----w-    c:\programmer\Fælles filer\InstallShield
2009-12-26 21:19 . 2009-12-26 21:19    --------    d-----w-    c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-26 21:14 . 2009-12-26 21:14    --------    d-----w-    c:\programmer\Fælles filer\Macrovision Shared
2009-12-26 21:12 . 2009-12-26 21:12    9464    ------w-    c:\windows\system32\drivers\cdralw2k.sys
2009-12-26 21:12 . 2009-12-26 21:12    9336    ------w-    c:\windows\system32\drivers\cdr4_xp.sys
2009-12-26 21:12 . 2009-12-26 21:12    129784    ------w-    c:\windows\system32\pxafs.dll
2009-12-26 21:12 . 2009-12-26 21:12    116472    ------w-    c:\windows\system32\pxcpyi64.exe
2009-12-26 21:12 . 2009-12-26 21:12    43528    ------w-    c:\windows\system32\drivers\PxHelp20.sys
2009-12-26 21:12 . 2009-12-26 21:12    118520    ------w-    c:\windows\system32\pxinsi64.exe
2009-12-21 19:08 . 2004-08-26 15:53    916480    ----a-w-    c:\windows\system32\wininet.dll
2009-12-16 09:01 . 2009-12-16 09:01    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-12-16 09:01 . 2009-12-16 09:01    --------    d-----w-    c:\programmer\Java
2009-12-16 09:01 . 2009-12-16 09:01    152576    ----a-w-    c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-16 09:00 . 2009-12-16 09:00    79488    ----a-w-    c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-14 17:42 . 2009-12-14 17:42    --------    d-----w-    c:\programmer\Windows Media Connect 2
2009-12-12 17:10 . 2009-11-25 21:18    --------    d-----w-    c:\documents and settings\Administrator\Application Data\BullGuard
2009-11-26 08:25 . 2009-11-26 08:25    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2009-11-25 21:06 . 2009-11-25 19:35    86327    ----a-w-    c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-25 20:30 . 2009-11-25 20:30    122    ----a-w-    c:\windows\xUninstall.bat
2009-11-25 19:32 . 2009-11-25 19:32    21644    ----a-w-    c:\windows\system32\emptyregdb.dat
2009-11-21 15:58 . 2004-08-26 15:53    471552    ----a-w-    c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-25 39408]
"BullGuard"="c:\programmer\BullGuard Ltd\BullGuard\BullGuard.exe" [2009-11-25 304464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-12-16 149280]
"BullGuard"="c:\programmer\BullGuard Ltd\BullGuard\bullguard.exe" [2009-11-25 304464]
"Adobe Photo Downloader"="c:\programmer\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"Nikon Transfer Monitor"="c:\programmer\Fælles filer\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"WinampAgent"="c:\programmer\Winamp\winampa.exe" [2009-12-21 39424]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-09 17021440]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - c:\programmer\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57    948672    ----a-r-    c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57    35760    ----a-w-    c:\programmer\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 16:05    15360    ------w-    c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-30 05:59    13553664    ----a-w-    c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-30 05:59    86016    ----a-w-    c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-09-30 05:59    1630208    ----a-w-    c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-10-09 13:54    17021440    ----a-w-    c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11    25623336    ----a-r-    c:\programmer\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-11-25 21:17    39408    ----a-w-    c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"PSI_SVC_2"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"BGRaSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

R2 AV Engine Scanning Service;AV Engine Scanning Service;c:\programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVScanningService.exe [05-02-2010 17:31 694848]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [25-11-2009 22:17 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [26-08-2004 16:53 14336]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [26-08-2004 16:53 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [26-08-2004 16:53 14336]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [23-03-2009 13:07 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [23-03-2009 13:07 257304]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys [27-01-2010 11:54 10264]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [25-11-2009 21:03 54784]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\drivers\enecirhid.sys [25-11-2009 21:03 11264]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\drivers\enecirhidma.sys [25-11-2009 21:03 5632]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [09-09-2008 11:58 99216]
S2 Common Toolkit Service;Common Toolkit Service;c:\programmer\Fælles filer\Common Toolkit Suite\FighterSuiteService.exe --> c:\programmer\Fælles filer\Common Toolkit Suite\FighterSuiteService.exe [?]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [10-01-2006 17:32 135664]
S4 BGRaSvc;BGRaSvc;c:\programmer\BullGuard Ltd\BullGuard\support\BGRaSvc.exe [01-06-2009 12:50 79184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard    REG_MULTI_SZ      BgMainSvc BsFileScan BsMailProxy BsFire
.
Indhold af mappen 'Planlagte Opgaver'

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2006-01-10 16:32]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2006-01-10 16:32]

2010-02-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2010-02-06 c:\windows\Tasks\User_Feed_Synchronization-{7A380574-3D3A-4EC5-80DE-D065B8F91165}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
IE: Send til &Bluetooth-enhed... - c:\programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send til Bluetooth - c:\programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.sparekassen-vendsyssel.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-souhif - c:\windows\system32\teky.exe
HKLM-Run-SoundMan - SOUNDMAN.EXE
HKLM-Run-AzMixerSel - c:\programmer\Realtek\Audio\Drivers\AzMixerSel.exe
HKLM-Run-LManager - c:\progra~1\LAUNCH~1\LManager.exe
HKLM-Run-SWPROguard - c:\programmer\Fighters\SPYWAREfighter\SWPROTray.exe
MSConfigStartUp-Alcmtr - ALCMTR.EXE
MSConfigStartUp-AzMixerSel - c:\programmer\Realtek\Audio\Drivers\AzMixerSel.exe
MSConfigStartUp-LManager - c:\progra~1\LAUNCH~1\LManager.exe
MSConfigStartUp-MSMSGS - c:\programmer\Messenger\msmsgs.exe
AddRemove-CNXT_MODEM_HDA_HSF - c:\programmer\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe
AddRemove-LManager - c:\windows\UnInst32.exe
AddRemove-{26604C7E-A313-4D12-867F-7C6E7820BE4C} - c:\programmer\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 11:03
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-602162358-1220945662-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,60,0c,71,2f,f9,1b,40,ab,b1,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,60,0c,71,2f,f9,1b,40,ab,b1,4b,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(2072)
c:\programmer\BullGuard Ltd\BullGuard\antispam\PluginHook.dll
c:\programmer\BullGuard Ltd\BullGuard\res\dk\PluginHookRes.dll
c:\windows\system32\btmmhook.dll
c:\programmer\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmer\BullGuard Ltd\BullGuard\BackupShellHook.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\docume~1\ADMINI~1\LOKALE~1\Temp\RtkBtMnt.exe
c:\programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Gennemført tid: 2010-02-06  11:06:06 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-02-06 10:06

Pre-Kørsel: 123.439.980.544 byte ledig
Post-Kørsel: 127.086.268.416 byte ledig

- - End Of File - - 9084EC9E21B1E9A53D656DFF53E549B4

Prøv så MalwareBytes proceduren...

OK. så fik jeg gjort det. Ny hijack log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:11, on 06-02-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Programmer\Fælles filer\Nikon\Monitor\NkMonitor.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\BullGuard Ltd\BullGuard\BullGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RtkBtMnt.exe
C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Fælles filer\Common Toolkit Suite\AVEngine\AVScanningService.exe
C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Programmer\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Programmer\Fælles filer\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Ltd\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send til Bluetooth - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparekassen-vendsyssel.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259182267750
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AV Engine Scanning Service - Unknown owner - C:/Programmer/Fælles filer/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Common Toolkit Service - Unknown owner - C:\Programmer\Fælles filer\Common Toolkit Suite\FighterSuiteService.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe

--
End of file - 8249 bytes

... og loggen fra MalwareBytes ?

sorry :)
Malwarebytes' Anti-Malware 1.44
Database version: 3697
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06-02-2010 12:07:22
mbam-log-2010-02-06 (12-07-22).txt

Skan type: Fuldstændig skanning (C:\|E:\|)
Objekter skannet: 174673
Tid tilbagelagt: 36 minute(s), 3 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 6
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\System Volume Information\_restore{2AE92C39-B299-477C-8B67-A3B876832CEB}(2)\RP2\A0001025.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{2AE92C39-B299-477C-8B67-A3B876832CEB}(2)\RP2\A0001027.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Der blev jo nappet lidt her og der...

Hvordan kører putteren så nu ?

nu har jeg kørt lidt med den og det lader til at den er lidt mere vågen og anvendelig nu. ikke alle de popups og bras.

jeg er gald og siger 1000 tak for hjælpen.

Der er point til de for den fine indsats.  :)

gald = glad

point til dig hvis du lige smider et svar :)

Lige lidt anbefalet oprydning ->

Bruger du alt dette Google 'halløj' ?
---
Med CCleaner - værktøjer - opstart kan du disable/fjern følgende:
* [Adobe Photo Downloader]
* [WinampAgent]
* [Adobe Reader Speed Launcher]
* [Adobe ARM]
* [swg] (GoogleToolbarNotifier\GoogleToolbarNotifier)
---
Afinstall
*  (Bonjour Service)
---

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)

O23 - Service: Common Toolkit Service - Unknown owner - C:\Programmer\Fælles filer\Common Toolkit Suite\FighterSuiteService.exe (file missing)
---
http://kundeservice.tdc.dk/testcenter/
---
Ta' en oprydning med CCleaner...
---

Afinstall ComboFix ->

[Start][Kør] - I boxen skriver du:

Combofix /u ENTER

---

Efter sådan en omgang skal du lige fjerne de inficerede filer i system restore.

1. Højreklik på > Denne Computer > Egenskaber > Systemgendannelses.
2. Sæt flueben i > Deaktiver Systemgendannelse> Anvend > OK.
3. Dobbeltklik på > Denne computer > højreklik på (C:) drevet > Egenskaber.
5. Klik på > Diskoprydning > Flere indstillinger.
6. I feltet Systemgendannelse, klik på "Ryd op".
7. Luk alle vinduer og genstart computeren.
8. Efter genstart > Aktiver Systemgendannelse på samme måde du deaktiverede det - Punkt 2 bare omvendt...

Safe Surfing...

--------------