hjælp til at ave en hijack log

Hent nyeste version af hijackthis(1.99.1) herfra : http://www.arlet.dk/hjt.htm

ok arlet her er den:

<----------------------------------------------------------------------------->

Logfile of HijackThis v1.99.1
Scan saved at 20:37:57, on 08-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\System32\svchost.exe
c:\wamp\apache\Apache.exe
c:\wamp\mysql\bin\mysqld-nt.exe
c:\wamp\apache\Apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\WhenUSearch\Search.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\webserver\Apache2\bin\ApacheMonitor.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\Programmer\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\wamp\wampserver.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmer\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearchIndexer.exe
C:\Documents and Settings\pens.THUV\Skrivebord\hijack this\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = uvisa:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Programmer\Google\Google Desktop Search\GoogleDesktopIE.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [WebRebates0] "c:\programmer\kjk\webrebates0.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [MimBoot] C:\Programmer\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [WhenUSearch] "C:\Programmer\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Startup: WampServer.lnk = C:\wamp\wampserver.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\webserver\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Programmer\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/229?a6891164f78b495a9d37831f2280d51e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Programmer\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/230?a6891164f78b495a9d37831f2280d51e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100695660997
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp05.photoprintit.de/microsite/10023/defaults/activex/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thuv.dk
O17 - HKLM\Software\..\Telephony: DomainName = thuv.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = thuv.dk
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Programmer\Fælles filer\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe" --ntservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

<----------------------------------------------------------------------------->


håber du vil kigge på den!

mvh
Mads

Gør det med det samme..

Du skal hente Lspfix http://www.cexx.org/LSPFix.exe og trykke gem og lægge den på dit skrivebord. Du har noget snavs der når vi fjerner det måske ødelægger din netforbindelse. Hvis du mister internetforbindelsen når du fixer de ting jeg kommer med skal du kører det lspfix, starte det, klik til fuld skærm, markere I know what I am doing og klikke på finish, genstart og lav en ny logfil, som du smider herind.

-------------------------

Gå i kontrolpanel -> tilføj/fjern programmer.
Slet:
BearShare

-------------------------

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

----------------------

Ewido skal du downloade her: http://www.ewido.net/en/download/ ( Vi skal bruge den senere)
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet.

-----------------------

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.



O4 - HKLM\..\Run: [WebRebates0] "c:\programmer\kjk\webrebates0.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Programmer\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Programmer\BearShare\BearShare.exe" /pause

O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c2.cab


--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)
Find og slet disse manuelt :

c:\programmer\kjk\webrebates0.exe
C:\Programmer\WhenUSearch<-hele mappen
C:\Programmer\BearShare<-hele mappen

-----------------------------

Stadig i fejlsikret:
Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

-------------------------------

Stadig i fejlsikret:
Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Så genstarter du computeren normalt og laver en ny hijackthis log, som du lægger herind sammen med reporten fra Ewido

Rettelse....

Disse skal ikke fixes i hijackthis:
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll

bearshare var slettet samt webrebates0.exe men whenUsearch for jeg ikke mulighed for at slette manuelt. Men nu gør jeg som du foreskriver.

vender frygteligt tilbage (og tusind tak for hjælpen!!)

mvh
mads

Her kommer min scan fra ewido,

<------------------------------------------------------------------------------>

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            22:27:46, 08-07-2005
+ Report-Checksum:        5290FBB8

+ Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{389A5A59-1306-4389-A779-2EB9D0BC1FFB} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{763BD795-24AE-44d7-82D8-F9A1EE799729} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{771A1334-6B08-4a6b-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{711648F0-5FF5-4C81-805E-A1AEDBAB4951} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{20752C25-2D97-4E6F-9EE2-94B74D202875} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\WhenU.EmbedSE -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\WhenU.EmbedSE\CLSID -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\WhenU.EmbedSE\CurVer -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\WinTaskAdX.Installer -> Spyware.BlazeFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\WinTaskAdX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer\CurVer -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\WhenUSearch -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\WhenUSearch\Partners -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\WhenUSearch\Partners\weathercast -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Windows ServeAd -> Spyware.BlazeFind : Cleaned with backup
    HKU\S-1-5-21-1482476501-1229272821-1801674531-3399\Software\Microsoft\Internet Explorer\MenuExt\Web Rebates -> Spyware.WebRebates : Cleaned with backup
    HKU\S-1-5-21-1482476501-1229272821-1801674531-3399\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
    HKU\S-1-5-21-1482476501-1229272821-1801674531-3399\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
    HKU\S-1-5-21-1482476501-1229272821-1801674531-3399\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
    HKU\S-1-5-21-1482476501-1229272821-1801674531-3399\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1482476501-1229272821-1801674531-3399\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup
    C:\Documents and Settings\Mads\Cookies\mads@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Mads\Cookies\mads@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    :mozilla.137:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.139:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.140:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.141:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.151:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.153:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.168:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.181:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    :mozilla.183:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.185:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.197:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.222:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\5rju5jcw.Standard bruger\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.95:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    :mozilla.104:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.106:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    :mozilla.113:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.114:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.115:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.125:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.126:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.127:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.128:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.134:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    :mozilla.137:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
    :mozilla.160:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
    :mozilla.182:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.200:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.201:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.202:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.245:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.246:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
    :mozilla.263:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.264:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    :mozilla.266:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
    :mozilla.355:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    :mozilla.363:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    :mozilla.368:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.369:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.370:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.374:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.392:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.393:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.394:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.395:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.396:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.397:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.398:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.399:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.400:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.401:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.402:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.403:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.404:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.405:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.406:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.407:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.421:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.454:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    :mozilla.487:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
    :mozilla.488:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
    :mozilla.489:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
    :mozilla.499:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.500:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    :mozilla.507:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    :mozilla.509:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
    :mozilla.525:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.531:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
    :mozilla.542:C:\Documents and Settings\pens.THUV\Application Data\Mozilla\Firefox\Profiles\ruff1s24.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\pens.THUV\Cookies\pens@66.220.17[1].txt -> Spyware.Cookie.66.220.17.154 : Cleaned with backup
    C:\Documents and Settings\pens.THUV\Cookies\pens@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\pens.THUV\Cookies\pens@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\pens.THUV\Cookies\pens@www.goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
    C:\Documents and Settings\pens.THUV\Lokale indstillinger\Temp\VVSNInst.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\Windows TaskAd\WinProject.dll -> Spyware.WinAD : Cleaned with backup
    C:\Programmer\WhenUSearch\search.dll -> Adware.SaveNow : Cleaned with backup
    C:\Programmer\WhenUSearch\Uninst.exe -> Adware.SaveNow : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP215\A0041889.exe -> Adware.SaveNow : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP220\A0043833.dll -> Spyware.Relevance : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP220\A0043846.exe/Search.exe -> Adware.SaveNow : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP220\A0043846.exe/Uninst.exe -> Adware.SaveNow : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP221\A0043940.exe -> Adware.SaveNow : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP221\A0043948.EXE -> Not-A-Virus.Tool.Reboot : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP221\A0044036.exe -> Adware.SaveNow : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP225\A0044710.exe -> Spyware.WebRebates : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP225\A0044712.exe -> Spyware.WebRebates : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP225\A0045275.exe -> Adware.SaveNow : Cleaned with backup
    C:\System Volume Information\_restore{8821A25D-CD2A-41DC-A373-B7136CFF2265}\RP227\A0045437.exe -> Adware.SaveNow : Cleaned with backup
    C:\temp\WinCtlAdInstPack.exe -> Spyware.WinAD : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\WinServAdX.dll -> Spyware.WinAD : Cleaned with backup


::Report End

<--------------------------------------------------------------------------->


mvh
Mads

mvav fra Kaspersky finder 1 virus:

File C:\WINDOWS\system32\raddrv.dll tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.22. No Action Taken.

men den kan åbenbart ikke fjerne den!

hvad gør jeg ved den?

mvh
Mads

Bruger du Remote Admin på maskinen, altså fjernstyring?
R_Server ligger i dine kørende programmer.
Er svaret ja, skal du lade filen være, ellers skal du afinstallere Radmin i Tilføj/Fjern programmer.

ja jeg har vist anvendt den i forbindelse med min egen ftp server men nu har jeg banket den af.

tak for tippet fromsej!

mvh
Mads

foxmulder58->Vi skal lige se en ny hijackthis log også

Fromsej-> Er du enig med mig om at de 010 lader vi være, i følge http://castlecops.com/lsp-159.html er den legal

Jeg er enig.*S*
Den er også i kørende programmer:
C:\Programmer\Microsoft Firewall Client 2004\FwcAgent.exe
Men det er ikke en vi ser ret tit, jeg kan ikke mindes den.

jamen den kommer her så:

<---------------------------------------------------------------------------------->
Logfile of HijackThis v1.99.1
Scan saved at 13:00:02, on 09-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
C:\Programmer\CA\eTrust Antivirus\InoRT.exe
C:\Programmer\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
C:\Programmer\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmer\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\Programmer\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmer\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearchIndexer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\GlobalSCAPE\CuteFTP 7 Home\cuteftp.exe
C:\Programmer\GlobalSCAPE\CuteFTP 7 Home\ftpte.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\Programmer\MSN Toolbar Suite\SL\02.01.0000.2214\en-us\msn_sl.exe
C:\Documents and Settings\pens.THUV\Skrivebord\hijack this\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = uvisa:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmer\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\BRMFLPRO\BrDefPrt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [MimBoot] C:\Programmer\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Startup: WampServer.lnk = C:\wamp\wampserver.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Firewall Client Management.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\webserver\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MSN Search - res://C:\Programmer\MSN Toolbar Suite\TB\02.01.0000.2214\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Programmer\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/229?a6891164f78b495a9d37831f2280d51e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Programmer\MSN Toolbar Suite\TAB\02.02.0000.1007\en-us\msntabres.dll/230?a6891164f78b495a9d37831f2280d51e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O10 - Unknown file in Winsock LSP: c:\programmer\microsoft firewall client 2004\fwcwsp.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100695660997
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp05.photoprintit.de/microsite/10023/defaults/activex/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thuv.dk
O17 - HKLM\Software\..\Telephony: DomainName = thuv.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = thuv.dk
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Antivirus\InoTask.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Programmer\Fælles filer\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe" --ntservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe


<---------------------------------------------------------------------------------->



mvh
Mads 


PS! fedt i gider hjælpe!!! 10000 tak!

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

tak for hjælpen arlet, nu er min PC også lidt hurtigere!

mvh
Mads

når jeg højreklikker på Denne Computer kan jeg dog ikke se en punkt der hedder deaktivér systemgendannelse?

er der andre metoder til at deaktivere denne?

mvh
Mads

Højreklik på Denne Computer på skrivebordet, VÆLG EGENSKABER og fanebladet Systemgendannelse og sæt flueben i Deaktiver systemgendannelse. Klik ok og genstart