Bagdør i min computer - Hjælp til HiJackThis log mm. ønskes

Jeg ved at jeg har haft en bagdør på min computer som jeg nu burde have fjernet med AVG, dog tror jeg personen der installerede bagdøren stadig prøver at få adgang.

.................................................................

her er en log fra min firewall: http://www.netrixmedia.com/sd.gif

.................................................................

Her er loggen fra AVG:

.................................................................

Results of Complete Test, date and time 10-02-2004 21:00:01 :

Testing C:\ serial 04C0-EB2E
C:\GT.EXE repaired
C:\Documents and Settings\All Users\Application Data\Microsoft\NETWORK\Downloader\QMGR0.DAT Cannot open; not checked!
C:\Documents and Settings\All Users\Application Data\Microsoft\NETWORK\Downloader\QMGR1.DAT Cannot open; not checked!
C:\Documents and Settings\LocalService\NTUSER.DAT Cannot open; not checked!
C:\Documents and Settings\LocalService\ntuser.dat.LOG Cannot open; not checked!
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
C:\Documents and Settings\NetworkService\NTUSER.DAT Cannot open; not checked!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Cannot open; not checked!
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
C:\Documents and Settings\Ossian Engmark\NTUSER.DAT Cannot open; not checked!
C:\Documents and Settings\Ossian Engmark\NTUSER.DAT.LOG Cannot open; not checked!
C:\Documents and Settings\Ossian Engmark\Lokale indstillinger\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
C:\Documents and Settings\Ossian Engmark\Lokale indstillinger\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
C:\WINDOWS\SYSTEM32\GT.EXE repaired
C:\WINDOWS\SYSTEM32\MUH.DAT repaired
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Cannot open; not checked!

Test finished, duration 01:13:09.2 s
43588 objects tested, 3 found infected
.................................................................

Og her er min hijackthis log:

.................................................................

Logfile of HijackThis v1.97.7
Scan saved at 23:45:05, on 12-02-2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Grisoft\AVG6\avgcc32.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Overnet\Overnet.exe
C:\Programmer\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\system32\sistray.EXE
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programmer\Logitech\ImageStudio\LogiTray.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WScript.exe
C:\Programmer\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\LVComS.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\WINDOWS\TEMP\Rar$EX00.130\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.searchwww.com/vbs.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: (no name) - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Programmer\AV VCS 3.0\Vcs3RT.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [outpost_uninst] C:\DOCUME~1\OSSIAN~1\LOKALE~1\Temp\_uninstop.exe /u
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG_CC] C:\Programmer\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Fa-Talker] C:\Programmer\Fa-Talker\Fa-Talker
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Overnet] C:\Programmer\Overnet\Overnet.exe -t
O4 - HKLM\..\Run: [ScreenPrint32] C:\Programmer\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmer\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Programmer\RemotelyAnywhere\ragui.exe"
O4 - HKLM\..\Run: [Microsoft Windows WKS Service] mstask0.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [vcs3demo] C:\PROGRA~1\AVVCS3~1.0\Vcs3Cmd.exe
O4 - HKLM\..\RunServices: [Microsoft Windows WKS Service] mstask0.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmer\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Search.vbs
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mpeg: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/support/chipdetect/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/support/chipdetect/SiSAutodetectNT.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://212.242.162.53/tsweb/msrdp.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41480B64-9BC6-4F10-B794-0CC4656B9E9A}: NameServer = 212.242.40.3,212.242.40.51

.................................................................

Jeg har virkelig brug for hjælp til to ting - Det vigtigste er først og fremmest at jeg vil være sikker på at computeren er ren, og derefter kunne det være rart at finde frem til personen der har installeret bagdøren, selvom jeg kan forestille mig at det sikkert er så godt som umuligt..

På forhånd tak :) - Ossian