PC prøver at installere "system defender", samt utallige vira.

Har du prøven en alm systemgendannelse. Man kan være heldig der, også med virus og spyware

Start -> Alle programmer -> Tilbehør -> Systemværktøjer -> Systemgendannelse -> Følg guiden, og vælg et tidspunkt fra før problemet opstod.

http://www.grisoft.com/doc/35/us/crp/0

Ellers prøv trialversionen her i fejlsikret tilstand F8 under opstart

Gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123

Velkommen til Eksperten.dk
Generelt -> http://expfaq.dk/

OK. Jeg prøver ovennævnte i morgen aften. Siden sidst har den igen fået en ellers slettet cookie fra "mediaplex.com", en dll der hedder wowfx.dll. Search & Destrpy har fundet "vundo", win32.Qhost.abh og win32Agent.bfj.
Håber at proceduren fra artikel 1123 hjælper mig af med bæstet.
Takker indtil videre.

Jamen dog, det ser indtil videre ud til at "standard proceduren" var det der skulle til for bla. at stoppe gendannelse af wowfx.dll, som kom lige så hurtigt frem som den blev slettet. Takker for link. Et svar fra karise_larry giver 60 point (ok, jeg lovede 200 tidligere, men havde da ikke regnet med at der var en så generel løsning)

- vil/skal se/læse logteksten fra ComboFix + en frisk HiJackThis Log ...

OK, den er da det mindste jeg kan gøre  :-)

------------------------------------------------------------------------------
ComboFix 08-02-18.1 - Klaus 2008-02-18 20:47:15.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.183 [GMT 1:00]
Running from: C:\eksperten_virus\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-01-18 to 2008-02-18  )))))))))))))))))))))))))))))))
.

2008-02-18 18:54 . 2008-02-18 19:04    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-02-18 18:54 . 2008-02-18 18:54    <DIR>    d--------    C:\Documents and Settings\Klaus\Application Data\SUPERAntiSpyware.com
2008-02-18 18:54 . 2008-02-18 18:54    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-18 00:59 . 2008-02-18 20:44    5,120    --ahs----    C:\WINDOWS\system32\Thumbs.db
2008-02-18 00:59 . 2008-02-18 00:59    5,120    --ahs----    C:\WINDOWS\system\Thumbs.db
2008-02-18 00:14 . 2008-02-18 00:14    <DIR>    d--------    C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-18 00:00 . 2008-02-18 20:43    <DIR>    d--------    C:\eksperten_virus
2008-02-18 00:00 . 2008-02-18 00:59    51,200    --ahs----    C:\WINDOWS\Thumbs.db
2008-02-17 22:10 . 2008-02-18 18:10    <DIR>    d--------    C:\Documents and Settings\Klaus\Application Data\AVG7
2008-02-17 22:09 . 2008-02-17 22:09    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 22:09 . 2008-02-18 17:52    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\avg7
2008-02-17 22:09 . 2008-02-17 22:09    110,592    --a------    C:\WINDOWS\system32\avgfwafu.dll
2008-02-17 22:09 . 2008-02-17 22:09    9,216    --a------    C:\WINDOWS\system32\avgwlntf.dll
2008-02-17 17:44 . 2008-02-17 17:46    4,212    ---h-----    C:\WINDOWS\system32\zllictbl.dat
2008-02-17 17:43 . 2008-02-17 17:44    <DIR>    d--------    C:\WINDOWS\system32\ZoneLabs
2008-02-17 17:43 . 2008-02-17 19:52    334    --ah-----    C:\WINDOWS\system32\vsconfig.xml
2008-02-17 17:42 . 2008-02-18 18:08    <DIR>    d--------    C:\WINDOWS\Internet Logs
2008-02-17 17:42 . 2008-02-17 17:42    <DIR>    d--------    C:\Programmer\Zone Labs
2008-02-17 14:24 . 2008-02-17 14:24    <DIR>    d--------    C:\Programmer\SysCleaner
2008-02-17 12:16 . 2008-02-17 13:19    <DIR>    d--------    C:\Programmer\Uniblue
2008-02-17 12:16 . 2008-02-17 13:29    <DIR>    d--------    C:\Documents and Settings\Klaus\Application Data\Uniblue
2008-02-17 11:39 . 2008-02-17 11:39    <DIR>    d--------    C:\Programmer\Trend Micro
2008-02-17 10:37 . 2008-02-18 01:00    <DIR>    d--------    C:\VundoFix Backups
2008-02-16 23:54 . 2008-02-17 11:32    <DIR>    d--------    C:\WINDOWS\SxsCaPendDel
2008-02-16 11:11 . 2008-02-16 11:11    <DIR>    d--------    C:\Program Files
2008-02-16 10:55 . 2008-02-16 10:55    <DIR>    d--------    C:\Programmer\Iarsn
2008-02-16 10:55 . 2006-10-24 16:29    17,928    --a------    C:\WINDOWS\system32\drivers\Tsknf700.sys
2008-02-16 01:08 . 2008-02-17 18:18    1,153    --a------    C:\WINDOWS\wininit.ini
2008-02-16 00:22 . 2008-02-16 00:20    691,545    --a------    C:\WINDOWS\unins000.exe
2008-02-16 00:22 . 2008-02-16 00:22    3,447    --a------    C:\WINDOWS\unins000.dat
2008-02-14 23:49 . 2008-02-14 23:49    <DIR>    d--------    C:\Downloads
2008-02-14 23:24 . 2008-02-14 23:24    <DIR>    d--------    C:\WINDOWS\Content.IE5
2008-02-03 23:09 . 2008-02-18 18:53    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-03 22:59 . 2008-02-03 23:01    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 10:19 . 2008-02-06 20:03    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Support Tray Camp Ball

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 23:09    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-17 23:05    ---------    d-----w    C:\Programmer\BPFTP Server
2008-02-17 17:27    202,752    ----a-w    C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-17 17:27    16,896    ----a-w    C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-17 12:25    ---------    d-----w    C:\Programmer\Xvid
2008-02-17 12:25    ---------    d-----w    C:\Programmer\Spybot - Search & Destroy
2008-02-17 12:25    ---------    d-----w    C:\Programmer\SmartFTP Client 2.0
2008-02-17 12:25    ---------    d-----w    C:\Programmer\Real
2008-02-17 12:25    ---------    d-----w    C:\Programmer\QuickPar
2008-02-17 12:25    ---------    d-----w    C:\Programmer\MagicISO
2008-02-17 12:25    ---------    d-----w    C:\Programmer\Combined Community Codec Pack
2008-02-17 11:05    ---------    d-----w    C:\Programmer\The JukeBoxer
2008-02-17 10:41    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 14:51    ---------    d-----w    C:\Programmer\Eidos Interactive
2008-02-14 12:39    ---------    d-----w    C:\Programmer\Fælles filer\ACD Systems
2008-02-06 17:39    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-03 22:09    ---------    d-----w    C:\Programmer\Lavasoft
2008-02-03 22:00    ---------    d-----w    C:\Documents and Settings\Klaus\Application Data\Lavasoft
2008-01-08 17:30    ---------    d-----w    C:\Programmer\Alien Skin
2007-12-30 16:58    ---------    d-----w    C:\Programmer\Total Video Converter
2007-12-30 16:48    ---------    d-----w    C:\Programmer\Nero
2007-12-29 19:33    ---------    d-----w    C:\Programmer\Pegasys Inc
2007-12-29 19:33    ---------    d-----w    C:\Programmer\Mindscape
2007-12-29 18:39    ---------    d-----w    C:\Programmer\directx
2007-12-26 00:14    ---------    d-----w    C:\Programmer\Kopi af SmartFTP Client 2.0
2007-12-26 00:14    ---------    d-----w    C:\Programmer\Karakter Interactive
2007-12-26 00:14    ---------    d-----w    C:\Programmer\CyberLink
2007-12-26 00:13    107,888    ----a-w    C:\WINDOWS\system32\CmdLineExt.dll
2007-12-26 00:13    ---------    d--h--r    C:\Documents and Settings\Klaus\Application Data\SecuROM
2007-12-25 23:52    413,696    ----a-w    C:\WINDOWS\system32\wrap_oal.dll
2007-12-25 23:52    110,592    ----a-w    C:\WINDOWS\system32\OpenAL32.dll
2007-12-25 23:52    ---------    d-----w    C:\Programmer\OpenAL
2007-12-25 23:32    ---------    d-----w    C:\Programmer\SnapKids
2007-12-18 09:51    179,584    ----a-w    C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-14 10:32    12,632    ----a-w    C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:13    824,832    ----a-w    C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\oleaut32.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3DD1F005-DB60-4F1D-8D1D-BEE5F2FCF1E3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56BFD12F-E59F-4AE5-89EC-57F4AB3BD09E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a014618c-ce10-4aa8-859e-7c541de342a3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-17 22:09 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AlrtRunOnce"= {1d9b7b06-85ec-4179-bd1b-a23c9a7d68ad} - C:\WINDOWS\Installer\{1d9b7b06-85ec-4179-bd1b-a23c9a7d68ad}\AlrtRunOnce.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-17 22:09 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Compaq drivere^Programmer^Start^findfast.exe]

[HKLM\~\startupfolder\C:^Compaq drivere^Programmer^Start^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^autorun.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^ZoneAlarm Pro.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\ZoneAlarm Pro.lnk
backup=C:\WINDOWS\pss\ZoneAlarm Pro.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a809f196]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2008-01-11 10:57 2684280 C:\Programmer\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-02-17 22:09 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\awxDTools]
--a------ 2005-03-17 13:45 126976 C:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\camp ball beep less]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2002-12-31 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Programmer\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
--a------ 2004-08-25 10:26 1465856 C:\Programmer\DU Meter\DUMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-08-23 12:24 196608 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
--a------ 2001-08-23 12:24 311296 C:\WINDOWS\System32\hphmon03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Programmer\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDrive]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2002-12-31 13:00 1694208 C:\Programmer\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiSecond]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Printer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-04-04 08:43 77824 C:\Programmer\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spoolsv]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
C:\Programmer\SPYWAREfighter\spftray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-03-10 15:43 185896 C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Programmer\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-08-16 09:02 9495832 C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 2007-08-16 09:03 1269000 C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISTray"="C:\Programmer\Spyware Doctor\pctsTray.exe"
"spywarefighterguard"=C:\Programmer\SPYWAREfighter\spftray.exe

R0 rttmntr;R-TT Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\rttmntr.sys [2005-08-09 10:47]
R0 snaprtt;R-TT Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snaprtt.sys [2004-12-22 14:39]
R1 TSKNF700.SYS;TSKNF700.SYS;C:\WINDOWS\system32\Drivers\TSKNF700.SYS [2006-10-24 16:29]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programmer\CyberLink\PowerDVD\000.fcl [2006-05-04 10:21]
R2 rttfsfilt;R-TT FS Filter;C:\WINDOWS\system32\DRIVERS\rttfsfilt.sys [2004-12-22 14:39]
S2 ousbehci;NEC PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ousbehci.sys [2002-10-24 08:27]
S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2001-08-23 12:24]
S3 ousb2hub;OrangeWare USB 2.0 Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-10-24 08:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-17 16:28:26 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 20:50:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-18 20:51:02
ComboFix-quarantined-files.txt  2008-02-18 19:50:50
ComboFix2.txt  2008-02-18 17:13:15
.
2008-02-13 21:05:37    --- E O F --- 

-----------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:00, on 19-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3DD1F005-DB60-4F1D-8D1D-BEE5F2FCF1E3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56BFD12F-E59F-4AE5-89EC-57F4AB3BD09E} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {3a243ed1-45c7-e958-8aa4-01ecc816410a} - {a014618c-ce10-4aa8-859e-7c541de342a3} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparhobro.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: AlrtRunOnce - {1d9b7b06-85ec-4179-bd1b-a23c9a7d68ad} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5920 bytes

BINGO - Efterfølgende oprydning ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {3DD1F005-DB60-4F1D-8D1D-BEE5F2FCF1E3} - (no file)
O2 - BHO: (no name) - {56BFD12F-E59F-4AE5-89EC-57F4AB3BD09E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {3a243ed1-45c7-e958-8aa4-01ecc816410a} - {a014618c-ce10-4aa8-859e-7c541de342a3} - (no file)
O21 - SSODL: AlrtRunOnce - {1d9b7b06-85ec-4179-bd1b-a23c9a7d68ad} - (no file)

Genstart normalt...

------------------------------------------------------------------------

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

-----------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Det er godt at høre! Takker mange gange for hjælpen!

Takker for P.