Justed.exe

Jeg kigger på den

Perfekt.

Der var en enkelt trojaner i loggen:

Download en ny version af Hijackthis:
http://danborg.org/spy1/HJT/hijackthis.exe

Download og gem denne scanner på skrivebordet. Du skal ikke aktivere det endnu.
http://www.spywareinfo.dk/download/mwav.exe

Hent Ewido herfra (14 dages version af plus-versionen
http://www.ewido.net/en/download/
Installer og kør Ewido - opdater programmet.

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [JVM0.12] E:\WINDOWS\system32\jpixqvdf.exe

Sletning af filer og mapper:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet herunder (nogle af dem er muligvis allerede blevet slettet af Hijackthis).
-------------------
Mapper:
<ingen>
-------------------
Filer:
E:\WINDOWS\system32\jpixqvdf.exe
---------------------------------------
Kør en fuld scanning med Ewido. Programmet laver en lille log, som du skal kopiere herind i dit næste svar.

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Klik på scan clean. Det kan godt tage lang tid (nogle timer), men den er også meget effektiv.
Genstart til normal tilstand, lav en ny HJT-log med den nye version af HJT, som du sender herind til check.

Der er ikke noget i enden af linket til Ewido, og Ewido.net fungerer heller ikke pt..?

Jeg har lige installeret den nye hijack, og så ser loggen således (altså anderledes, jeg kan ikke finde O4 - HKLM\..\Run: [JVM0.12] E:\WINDOWS\system32\jpixqvdf.exe nogen steder) ud:

Logfile of HijackThis v1.99.1
Scan saved at 4:06:43 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\htpatch.exe
E:\WINDOWS\system32\RunDll32.exe
E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
E:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Google\Google Talk\googletalk.exe
E:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
E:\Program Files\Logitech\iTouch\kbdtray.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Tissemand\Desktop\Div snavs til vira etc\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Anders Schrøder
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: AccessibilityToolbar - {9E0C6AAD-A8E3-4E49-9DBD-786099B599A4} - E:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] E:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DataLayer] E:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] E:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: InderNEttet.lnk = ?
O4 - Startup: MailWasher.lnk = E:\Program Files\MailWasher\MailWasher.exe
O4 - Startup: Shortcut to todo.lnk = E:\Documents and Settings\Tissemand\Application Data\Microsoft\Internet Explorer\Quick Launch\todo.doc
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-søgning - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://E:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lignende sider - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Toggle AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - E:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: &AccessibilityToolbar toolbar - {F1D75287-2EF6-4E41-A305-A27A7921ECAA} - E:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

Æhhh...

Prøv her i stedet så:
http://www.spywarefri.dk/downloads1/ewido-setup.exe

(og takker for point :-))

Hov, krydspost :-)
Det var mystisk. Prøv lige at køre den gamle HJT igen, og se om O4'eren er der så.

Er det så O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe, jeg skal slette? Jeg har ikke slettet noget efter den nye hijackthis-log..

Her kommer den gamle:

Logfile of HijackThis v1.97.7
Scan saved at 4:14:19 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\htpatch.exe
E:\WINDOWS\system32\RunDll32.exe
E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
E:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Google\Google Talk\googletalk.exe
E:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
E:\Program Files\Logitech\iTouch\kbdtray.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Anders Schrøder
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: AccessibilityToolbar - {9E0C6AAD-A8E3-4E49-9DBD-786099B599A4} - E:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] E:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DataLayer] E:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] E:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: InderNEttet.lnk = ?
O4 - Startup: MailWasher.lnk = E:\Program Files\MailWasher\MailWasher.exe
O4 - Startup: Shortcut to todo.lnk = E:\Documents and Settings\Tissemand\Application Data\Microsoft\Internet Explorer\Quick Launch\todo.doc
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-søgning - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://E:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lignende sider - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Toggle AccessibilityToolbar toolbar (HKLM)
O9 - Extra 'Tools' menuitem: &AccessibilityToolbar toolbar (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

Der er slet ikke nogen jpixqvdf.exe, men den dér jushed.exe er jo grunden til det hele...jeg venter spændt :o)

Det er meget mystisk med den trojaner. Du er sikker på, at du ikke nåede at fixe den med den gamle HJT, og at det er derfor den ikke er der mere.

I hvert fald vil jeg råde dig til at lave en scanning med Mwav og Ewido, for at være sikker på, at der ikke ligger noget skjult på maskinen

Angående justed.exe/jusched.exe: Før i tiden var det én af dem som vi altid fixede, men vi holdt op fordi det ikke var decideret snavs. Du kan fint fixe den, hvis du vil :-) Det er blot for at holde øje med om der kommer nye opdateringer til Java...

Jeg ved ikke selv hvor mystisk det er...men her er mwav's resultat:

File E:\WINDOWS\system32\d2kndr.exe infected by "Trojan.Win32.Dialer.u" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\msproto3.dll infected
by "Trojan.Win32.StartPage.gn" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\msxslab.dll infected by "Trojan.Win32.StartPage.gn" Virus. Action Taken: File Deleted.
File E:\WINDOWS\system32\qperrh.exe infected by "Trojan-Downloader.Win32.Agent.jc" Virus. Action Taken: File Deleted.

OK, Mwav har været effektiv. Prøv så at køre Ewido også, og læg loggen fra Ewido også. Herefter kan du lige køre et nyt scan med den nye HJT, for at vi kan se, hvordan det ser ud til den tid.

Here goes, der var en masse:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            5:37:24 PM, 10/11/2005
+ Report-Checksum:        7331678A

+ Scan result:

    HKLM\SOFTWARE\Classes\Interface\{0D4A224C-D063-496F-B39A-D43A31CDA6D5} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{0D4A224C-D063-496F-B39A-D43A31CDA6D5}\TypeLib\\ -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{BEC4CD72-0227-41E9-87CB-67B63D0D8044} -> Spyware.CoolWebSearch : Cleaned with backup
    C:\Documents and Settings\schroeder\Cookies\schroeder@ads11.hyperbanner[1].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup
    C:\Documents and Settings\schroeder\Cookies\schroeder@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\schroeder\Cookies\schroeder@commissionpartner[2].txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
    C:\Documents and Settings\schroeder\Cookies\schroeder@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\schroeder\Cookies\schroeder@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
    C:\Documents and Settings\schroeder\Cookies\schroeder@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\schroeder\Local Settings\Temporary Internet Files\Content.IE5\C8YTNMJX\saveupdate[1].exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\schroeder\Local Settings\Temporary Internet Files\Content.IE5\C8YTNMJX\saveupdate[1].exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\Internet Explorer\hkggbuuq.exe -> TrojanDownloader.WinShow.ac : Cleaned with backup
    C:\Program Files\Q330994.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\winampa.exe -> TrojanDownloader.Agent.jc : Cleaned with backup
    C:\WINDOWS\e.exe -> TrojanDownloader.Small.lc : Cleaned with backup
    E:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.11:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.13:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.51:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.57:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.58:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.59:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.79:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.133:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.228:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    :mozilla.241:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
    :mozilla.268:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.269:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.270:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.272:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.279:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.282:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.283:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.284:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.285:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.286:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.291:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.293:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.427:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    :mozilla.455:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.464:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.482:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.484:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.485:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.486:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.487:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.488:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.489:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.490:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.492:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.493:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.495:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.499:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.506:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.508:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.515:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.517:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.520:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.524:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.528:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    :mozilla.530:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.531:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.533:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
    :mozilla.538:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.560:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
    :mozilla.563:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.565:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.605:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.608:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.609:E:\Documents and Settings\Tissemand\Application Data\Mozilla\Firefox\Profiles\03e8hvlm.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    E:\Documents and Settings\Tissemand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\my.class-9976afe-5bfd1661.class -> TrojanDownloader.Small.aaq : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@ad1.clickhype[2].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@axa.addcontrol[1].txt -> Spyware.Cookie.Addcontrol : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@e-2dj6wfk4gkdzkkp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
    E:\Documents and Settings\Tissemand\Cookies\schroeder@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    E:\WINDOWS\Downloaded Program Files\hkggbuuq.exe -> TrojanDownloader.WinShow.ac : Cleaned with backup
    E:\WINDOWS\Downloaded Program Files\Q330994.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    E:\WINDOWS\msmd\msmd32.dll -> TrojanDownloader.WinShow.u : Cleaned with backup
    E:\WINDOWS\msue\msue32.dll -> TrojanDownloader.WinShow.u : Cleaned with backup
    E:\WINDOWS\mszo\mszo32.dll -> TrojanDownloader.WinShow.u : Cleaned with backup
    E:\WINDOWS\system32\drivers\etc\hosts.20040517-024939.backup -> Spyware.XmlMimeFilter : Cleaned with backup


::Report End

Ewido er jo for fed, den kommer jeg nok til at købe når den udløber eller hvordan det nu er :o)

...og her er så den nye Hijack, hvor jeg lige har fjernet jushed.exe for en god ordens skyld:

Logfile of HijackThis v1.97.7
Scan saved at 5:41:12 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\htpatch.exe
E:\WINDOWS\system32\RunDll32.exe
E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
E:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Google\Google Talk\googletalk.exe
E:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
E:\Program Files\Logitech\iTouch\kbdtray.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\ewido\security suite\ewidoguard.exe
E:\Program Files\ewido\security suite\ewidoctrl.exe
E:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Anders Schrøder
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: AccessibilityToolbar - {9E0C6AAD-A8E3-4E49-9DBD-786099B599A4} - E:\Program Files\AccessibilityToolbar Toolbar\AccessibilityToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HTpatch] E:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DataLayer] E:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] E:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: InderNEttet.lnk = ?
O4 - Startup: MailWasher.lnk = E:\Program Files\MailWasher\MailWasher.exe
O4 - Startup: Shortcut to todo.lnk = E:\Documents and Settings\Tissemand\Application Data\Microsoft\Internet Explorer\Quick Launch\todo.doc
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google-søgning - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Oversæt engelsk ord - res://E:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lignende sider - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Tilbage via links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Øjebliksbillede af side i cache - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Toggle AccessibilityToolbar toolbar (HKLM)
O9 - Extra 'Tools' menuitem: &AccessibilityToolbar toolbar (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab

Hmmm. Ja, det var egentlig med den nye HJT, du skulle have lavet den sidste log. Men HJT-logsene har jo været rene de sidste par gange, så jeg tror ikke det vil give noget nyt.

Normalt er det jo et godt tegn når en HJT-log er ren, men jeg synes måske det er lidt mistænkeligt at både Mwav og Ewido finder så meget, når loggen er ren. Derfor synes jeg vi skal tage et par ekstra tests. Men hvis du selv synes det hele ser ud til at være iorden, så kan vi godt stoppe her... I så fald synes jeg dog du lige skal tage et nyt scan både med Mwav og Ewido, for at se om der er kommet mere til.

Hvis du er med på at fortsætte, så prøv følgende:

Hent Blacklight her http://www.f-secure.com/blacklight/try.shtml Scroll ned på siden, og klik "iaccept". På næste side kan du downloade Blacklight til skrivebordet. Dobbeltklik filen, og klik scan. Når den er færdig laver den en log på skrivebordet. Kopier loggen her ind, hvis Blacklight finder noget. Du skal ikke lade Blacklight fjerne noget endnu.
---------------------------
Hent L2mfix.exe fra et af disse steder:

http://www.atribune.org/downloads/l2mfix.exe

Gem filen på dit Skrivebord og dobbeltklik på l2mfix.exe. Klik på Install knappen og følg instruktionerne. Åben herefter den nye mappe der er dannet på dit Skrivebord (l2mfix). Dobbeltklik på l2mfix.bat og vælg option 1 (Run Find log) ved at taste "1" og "Enter". Din computer bliver nu scannet - efter et par minutter åbnes en tekstfil i Notesblok. Kopier indholdet herind.

NB: Du må ikke køre option 2 eller andre af filerne i l2mfix mappen, før du er blevet bedt om det.

Java opdatering hedder ikke justed.exe men jusched.exe

og at fjerne et program som henter sikkerheds opdateringer til Java så applets
ikke hiver snavs ind på computeren er ikke en god ting

arne_v: Det er klart, at programmet ikke skal slettes. Men spørgsmålet er om det er nødvendigt, at den kører ved hver opstart. Og her er det almindeligt at mene, at det ikke er nødvendigt. Så ofte opdateres den heller ikke. Og man kan opdatere Java gennem kontrolpanelet, hvis det bliver nødvendigt
http://www.bleepingcomputer.com/startups/jusched.exe-5259.html

der er altså mange brugere som aldrig får opdateret deres Java hvis ikke
det sker automatisk eller noget minder dem om det

Arne_V: Det kan du have ret i. Der har nok muligvis været lidt for meget rygmarvs-reaktion, når vi før i tiden ofte fixede den. Det har været ud fra opfattelsen at det var unødvendigt at bruge computer-kraft på at have den proces kørende i opstarten. Udover at mange mente, at processer ikke skulle accesse internettet "bagom ryggen" på brugeren.

Mange brugere, der ikke er opmærksomme på at Java skal opdateres, vil nok være bedst tjent med at lade Jusched.exe være i loggen

Grunden til at jeg nævnte et fix af den i dette tilfælde var, at filen tilsyneladende er gået i baglås. Jeg skulle nok ikke have tilføjet at det "blot" holder øje med opdateringer til Java.

Andersschroeder: Hvis du på baggrund af arnes indvending bliver enig med dig selv om, at du gerne vil have jusched tilbage på din computer, synes jeg du skal gøre følgende: Gå ind i kontrolpanel-Tilføj/fjern programmer, og afinstaller Java (hedder sandsynligvis noget med "J2SE Runtime Environment"). Gå så ind på denne side, og nyinstaller det:
http://java.sun.com/