hijackthis logfil til kontrol

Oplever du nogle problemer ?
Der er ikke noget at gi' af ifølge loggen...

der har været problemer!
har dog kørt AV og div scannere, så sku bare ha nogen til at tjekke loggen..

her er så loggen fra den anden computer:

Logfile of HijackThis v1.99.1
Scan saved at 12:13:04, on 17-11-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\tcpcheck.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\system32\udpcheck.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\DOCUME~1\mas\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.dk/mail
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar13.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar13.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [tcp checker] tcpcheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKLM\..\RunServices: [tcp checker] tcpcheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [oomi] C:\PROGRA~1\COMMON~1\oomi\oomim.exe
O4 - HKCU\..\Run: [tcp checker] tcpcheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\RunServices: [tcp checker] tcpcheck.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Brought to you by the Bandwidth Bandits - C:\WINNT\SYSTEM32\tcpcheck.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
O23 - Service: Trend OfficeScan Scheduler - Unknown owner - \\Gorm\public\PCCSRV\Admin\Utility\ServerScheduleUpdate\SvSchUpd.exe (file missing)

der er et par ting at slette i den sidste log. men jeg ved ikke nok om det.
så toldmodighed så dukker der nok en op der kan hjælpe  c",)

Øjeblik, så ser jeg på det.

Efter at have set på den sidste log har jeg nogle spørgsmål til dig:
Har du et synkroniseringsprogram til en Nokia telefon?
Kender du noget til et program fra "Bandwidth Bandits"?

begge computere anvendes på et kontor i netværk og af mange brugere - og der er sikkert nogle af dem, der har en Nokia telefon.
Der er nogle klokker, der ringer ved "Bandwidth Bandits" - er det ikke noget spyware der arbejder på lignende måder som gnutella-netværk?

Læs alle punkterne inden du gør noget.

(1)
Hent http://www.spywarefri.dk/downloads1/ewido-setup.exe (Ewido).
Installer programmer og opdater det, men vent med at scanne.

(2)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [tcp checker] tcpcheck.exe
O4 - HKLM\..\RunServices: [tcp checker] tcpcheck.exe
O4 - HKCU\..\Run: [oomi] C:\PROGRA~1\COMMON~1\oomi\oomim.exe
O4 - HKCU\..\Run: [tcp checker] tcpcheck.exe
O4 - HKCU\..\RunServices: [tcp checker] tcpcheck.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Brought to you by the Bandwidth Bandits - C:\WINNT\SYSTEM32\tcpcheck.exe

(3)
Scan med Ewido, fix de ting som den finder og gem loggen, f.eks. på skrivebordet.

(4)
Åbn "denne computer", i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper", sæt prik i "Vis skjulte filer og mapper". Husk at trykke på knappen "Anvend på alle mapper" i stedet for "ok".

søg efter og slet følgende fil(er):
tcpcheck.exe (der kan være flere filer med denne navn, forskellige steder på harddisken)
... og følgende mappe(r):
c:\PROGRA~1\COMMON~1\oomi\

(5)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(6)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind sammen med loggen fra Ewido.

mange tak so far! får først set på det på mandag..

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            15:09:53, 21-11-2006
+ Report-Checksum:        F77B0844

+ Scan result:

    HKLM\SOFTWARE\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/istactivex.dll\\.Owner -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/istactivex.dll\\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1177831782-542587446-604404025-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
    C:\Documents and Settings\amk\Cookies\amk@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\cmo\Cookies\cmo@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\cmo\Cookies\cmo@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\cmo\Cookies\cmo@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\cmo\Cookies\cmo@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\cmo\Cookies\cmo@cbs.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\cmo\Cookies\cmo@data4.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\cmo\Cookies\cmo@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\cmo\Cookies\cmo@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\cmo\Cookies\cmo@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\cmo\Cookies\cmo@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\csm\Cookies\csm@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\csm\Local Settings\Temporary Internet Files\Content.IE5\6JWPYDOR\null[1].exe -> Trojan.Zapchast : Cleaned with backup
    C:\Documents and Settings\csm\Local Settings\Temporary Internet Files\Content.IE5\KNGJUDCV\istdownload[1].exe -> TrojanDownloader.IstBar.ir : Cleaned with backup
    C:\Documents and Settings\jek\Cookies\jek@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\jek\Local Settings\Temporary Internet Files\Content.IE5\KZBB6C1T\null[1].exe -> Trojan.Zapchast : Cleaned with backup
    C:\Documents and Settings\kmo\Cookies\kmo@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\kmo\Cookies\kmo@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\kmo\Cookies\kmo@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\kmo\Cookies\kmo@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\kmo\Cookies\kmo@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\kmo\Cookies\kmo@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\ldi\Cookies\ldi@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\mas\Cookies\mas@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\mas\Cookies\mas@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\mas\Cookies\mas@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\mas\Cookies\mas@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\mas\Cookies\mas@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\mas\Cookies\mas@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\mas\Cookies\mas@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\mas\Cookies\mas@weborama[2].txt -> Spyware.Cookie.Weborama : Cleaned with backup
    C:\Documents and Settings\mas\Cookies\mas@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\mas\Local Settings\Temp\180SAInstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
    C:\Documents and Settings\mas\Local Settings\Temp\180SAInstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
    C:\Documents and Settings\mha\Cookies\mha@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\mha\Cookies\mha@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\mha\Cookies\mha@tfag[2].txt -> Spyware.Cookie.Tfag : Cleaned with backup
    C:\Documents and Settings\mha\Cookies\mha@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
    C:\Documents and Settings\mha\Local Settings\Temporary Internet Files\Content.IE5\0TYVEFO5\internazionale_ver11[1].CAB/internazionale_ver11.ocx -> Spyware.AdPowerZone : Cleaned with backup
    C:\Documents and Settings\mha\Local Settings\Temporary Internet Files\Content.IE5\EPCFY941\null[1].exe -> Trojan.Zapchast : Cleaned with backup
    C:\Documents and Settings\mha\Local Settings\Temporary Internet Files\Content.IE5\WZUJ6TMT\istdownload[1].exe -> TrojanDownloader.IstBar.ir : Cleaned with backup
    C:\Documents and Settings\oea\Cookies\oea@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\pem\Cookies\pem@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\pem\Cookies\pem@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\smv.IASTE-A\Cookies\smv@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\smv.IASTE-A\Cookies\smv@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\trn\Local Settings\Temporary Internet Files\Content.IE5\SX8R07GR\null[1].exe -> Trojan.Zapchast : Cleaned with backup
    C:\Documents and Settings\zya\Cookies\zya@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\zya\Local Settings\Temporary Internet Files\Content.IE5\LV7CACLF\null[1].exe -> Trojan.Zapchast : Cleaned with backup
    C:\Documents and Settings\zya\Local Settings\Temporary Internet Files\Content.IE5\LV7CACLF\url[1].exe -> Worm.Kelvir.a : Cleaned with backup
    C:\WINNT\SYSTEM32\instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINNT\SYSTEM32\MRT.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
    C:\WINNT\SYSTEM32\tcpcheck.exe -> Backdoor.VBbot.a : Cleaned with backup
    C:\WINNT\SYSTEM32\udpcheck.exe -> Backdoor.VBbot.a : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 15:20:52, on 21-11-2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\mas\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.dk/mail
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar13.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar13.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: TCPIP Managing Service (TCPIPManagingService) - Unknown owner - tcpcheck.exe (file missing)
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
O23 - Service: Trend OfficeScan Scheduler - Unknown owner - \\Gorm\public\PCCSRV\Admin\Utility\ServerScheduleUpdate\SvSchUpd.exe (file missing)

Regner med at windows kører som den skal?

jup det kører fint igen! takker for hjælpen

Det her "nulstiller" windows mht. systemgendannelse:

(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Genstart normalt og aktiver systemgendannelse igen.

OK.
mange tak!