Hjælp min Hjælp min computer opføre sig meget meget mystisk,

http://www.eksperten.dk/artikler/1123

Prøv at tage denne fra begyndelsen til enden og kopier alle dine logs herind  Så vil em venlig sjæl nok kikke på dine logs

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:05, on 23-05-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Malene\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://da.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyYOfec.dll,#1
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll,c
O4 - HKCU\..\Run: [f02085f7] rundll32.exe "C:\Users\Malene\AppData\Local\Temp\jvtfhtis.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Malene\AppData\Local\Temp\urqNHBrp.dll,#1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BMf313b66b] Rundll32.exe "C:\Users\Malene\AppData\Local\Temp\vecsvalg.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6614 bytes

ComboFix 08-05-21.3 - Malene 2008-05-23 18:22:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic  6.0.6000.0.1252.1.1030.18.1071 [GMT 2:00]
Running from: C:\Users\Malene\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\ACER.exe
C:\Windows\System32\Desktop_.ini
C:\Windows\system32\x64
C:\Windows\system32\x64\csnp2uvc.dll
C:\Windows\system32\x64\rsnpvc64.dll
C:\Windows\system32\x64\sncduvc.sys
C:\Windows\system32\x64\snp2uvc.sys
C:\Windows\system32\x64\vsnpvc64.dll

.
(((((((((((((((((((((((((  Files Created from 2008-04-23 to 2008-05-23  )))))))))))))))))))))))))))))))
.

2008-05-23 17:52 . 2008-05-23 17:52    <DIR>    d--------    C:\Users\All Users\SUPERAntiSpyware.com
2008-05-23 17:52 . 2008-05-23 17:52    <DIR>    d--------    C:\ProgramData\SUPERAntiSpyware.com
2008-05-23 17:51 . 2008-05-23 17:51    <DIR>    d--------    C:\Users\Malene\AppData\Roaming\SUPERAntiSpyware.com
2008-05-23 17:51 . 2008-05-23 17:51    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-05-23 17:50 . 2008-05-23 17:50    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2008-05-23 17:47 . 2008-05-23 17:47    <DIR>    d--------    C:\Program Files\CCleaner
2008-05-23 16:03 . 2008-05-23 16:51    <DIR>    d--h-----    C:\$AVG8.VAULT$
2008-05-23 16:01 . 2008-05-23 16:01    10,520    --a------    C:\Windows\System32\avgrsstx.dll
2008-05-23 16:00 . 2008-05-23 16:02    <DIR>    d--------    C:\Windows\System32\drivers\Avg
2008-05-23 16:00 . 2008-05-23 16:00    <DIR>    d--------    C:\Users\All Users\avg8
2008-05-23 16:00 . 2008-05-23 16:00    <DIR>    d--------    C:\ProgramData\avg8
2008-05-23 16:00 . 2008-05-23 16:00    <DIR>    d--------    C:\Program Files\AVG
2008-05-23 16:00 . 2008-05-23 16:00    96,520    --a------    C:\Windows\System32\drivers\avgldx86.sys
2008-05-23 15:28 . 2008-05-23 15:28    <DIR>    d--------    C:\Program Files\Trend Micro
2008-05-23 14:53 . 2008-05-23 14:53    <DIR>    d--------    C:\Users\All Users\CheckPoint
2008-05-23 14:53 . 2008-05-23 14:53    <DIR>    d--------    C:\ProgramData\CheckPoint
2008-05-23 14:53 . 2008-05-23 14:53    <DIR>    d--------    C:\Program Files\Zone Labs
2008-05-23 14:53 . 2008-03-03 15:05    1,086,952    --a------    C:\Windows\System32\zpeng24.dll
2008-05-23 14:53 . 2008-03-03 15:06    279,440    --a------    C:\Windows\System32\drivers\~GLH0014.TMP
2008-05-23 14:52 . 2008-05-23 14:53    <DIR>    d--------    C:\Windows\System32\ZoneLabs
2008-05-23 14:52 . 2008-05-23 18:13    352,615    --ah-----    C:\Windows\System32\drivers\vsconfig.xml
2008-05-23 14:52 . 2008-03-03 15:06    279,440    ---------    C:\Windows\System32\drivers\vsdatant.sys
2008-05-23 14:51 . 2008-05-23 18:23    <DIR>    d--------    C:\Windows\Internet Logs
2008-05-22 15:50 . 2008-05-22 15:50    <DIR>    d--------    C:\Program Files\Microsoft Visual Studio 8
2008-05-22 15:44 . 2008-05-22 18:49    <DIR>    d--------    C:\Program Files\DAEMON Tools Lite
2008-05-22 15:29 . 2008-05-22 15:29    717,296    --a------    C:\Windows\System32\drivers\sptd.sys
2008-05-22 15:28 . 2008-05-22 15:28    <DIR>    d--------    C:\Users\Malene\AppData\Roaming\DAEMON Tools
2008-05-22 15:23 . 2008-05-22 15:23    <DIR>    d--------    C:\Program Files\WinAce
2008-05-21 20:41 . 2008-05-22 18:56    <DIR>    d--------    C:\Users\All Users\WLInstaller
2008-05-21 20:41 . 2008-05-22 18:56    <DIR>    d--------    C:\ProgramData\WLInstaller
2008-05-21 20:41 . 2008-05-21 20:52    <DIR>    d--------    C:\Program Files\Windows Live
2008-05-21 20:41 . 2008-05-21 20:51    <DIR>    d--hsc---    C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-21 20:35 . 2008-05-21 20:35    <DIR>    d--------    C:\Users\Malene\AppData\Roaming\Talkback
2008-05-20 23:23 . 2008-05-20 23:23    194,560    --a------    C:\Windows\System32\WebClnt.dll
2008-05-20 23:23 . 2008-05-20 23:23    110,080    --a------    C:\Windows\System32\drivers\mrxdav.sys
2008-05-20 23:21 . 2008-05-20 23:21    1,060,920    --a------    C:\Windows\System32\drivers\ntfs.sys
2008-05-20 23:21 . 2008-05-20 23:21    41,984    --a------    C:\Windows\System32\drivers\monitor.sys
2008-05-20 23:11 . 2008-05-20 23:11    <DIR>    d--------    C:\Users\Malene\Program Files
2008-05-20 23:10 . 2008-05-20 23:10    <DIR>    d--------    C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-20 23:10 . 2008-05-20 23:10    3,504,696    --a------    C:\Windows\System32\ntkrnlpa.exe
2008-05-20 23:10 . 2008-05-20 23:10    3,470,392    --a------    C:\Windows\System32\ntoskrnl.exe
2008-05-20 23:10 . 2008-05-20 23:10    211,000    --a------    C:\Windows\System32\drivers\volsnap.sys
2008-05-20 23:10 . 2008-05-20 23:10    154,624    --a------    C:\Windows\System32\drivers\nwifi.sys
2008-05-20 23:10 . 2008-05-20 23:10    110,136    --a------    C:\Windows\System32\drivers\ataport.sys
2008-05-20 23:10 . 2008-05-20 23:10    45,112    --a------    C:\Windows\System32\drivers\pciidex.sys
2008-05-20 23:10 . 2008-05-20 23:10    21,560    --a------    C:\Windows\System32\drivers\atapi.sys
2008-05-20 23:10 . 2008-05-20 23:10    17,976    --a------    C:\Windows\System32\drivers\intelide.sys
2008-05-20 23:09 . 2008-05-20 23:09    806,400    --a------    C:\Windows\System32\drivers\tcpip.sys
2008-05-20 23:09 . 2008-05-20 23:09    217,144    --a------    C:\Windows\System32\drivers\netio.sys
2008-05-20 23:09 . 2008-05-20 23:09    167,424    --a------    C:\Windows\System32\tcpipcfg.dll
2008-05-20 23:09 . 2008-05-20 23:09    24,064    --a------    C:\Windows\System32\netcfg.exe
2008-05-20 23:09 . 2008-05-20 23:09    22,016    --a------    C:\Windows\System32\netiougc.exe
2008-05-20 23:08 . 2008-05-20 23:08    1,327,104    --a------    C:\Windows\System32\quartz.dll
2008-05-20 23:06 . 2008-05-20 23:06    1,585,664    --a------    C:\Windows\System32\setupapi.dll
2008-05-20 23:03 . 2008-05-20 23:03    2,027,008    --a------    C:\Windows\System32\win32k.sys
2008-05-20 23:02 . 2008-05-20 23:02    296,448    --a------    C:\Windows\System32\gdi32.dll
2008-05-20 23:02 . 2008-05-20 23:02    223,232    --a------    C:\Windows\System32\WMASF.DLL
2008-05-20 23:02 . 2008-05-20 23:02    9,728    --a------    C:\Windows\System32\LAPRXY.DLL
2008-05-20 23:02 . 2008-05-20 23:02    2,048    --a------    C:\Windows\System32\asferror.dll
2008-05-20 23:01 . 2008-05-20 23:01    4,247,552    --a------    C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-20 23:01 . 2008-05-20 23:01    1,686,528    --a------    C:\Windows\System32\gameux.dll
2008-05-20 23:00 . 2008-05-20 23:00    11,776    --a------    C:\Windows\System32\sbunattend.exe
2008-05-20 22:59 . 2008-05-20 22:59    83,968    --a------    C:\Windows\System32\dnsrslvr.dll
2008-05-20 22:59 . 2008-05-20 22:59    24,576    --a------    C:\Windows\System32\dnscacheugc.exe
2008-05-20 22:50 . 2008-05-20 22:50    130,048    --a------    C:\Windows\System32\drivers\srv2.sys
2008-05-20 22:50 . 2008-05-20 22:50    101,888    --a------    C:\Windows\System32\drivers\mrxsmb.sys
2008-05-20 22:50 . 2008-05-20 22:50    84,992    --a------    C:\Windows\System32\drivers\srvnet.sys
2008-05-20 22:50 . 2008-05-20 22:50    58,368    --a------    C:\Windows\System32\drivers\mrxsmb20.sys
2008-05-20 22:49 . 2008-05-20 22:49    148,992    --a------    C:\Windows\System32\drivers\ks.sys
2008-05-20 22:44 . 2008-05-20 22:44    <DIR>    dr-------    C:\Users\Malene\Searches
2008-05-20 22:44 . 2008-05-21 21:12    <DIR>    dr-------    C:\Users\Malene\Contacts
2008-05-20 22:43 . 2008-05-20 22:44    <DIR>    dr-------    C:\Users\Malene\Videos
2008-05-20 22:43 . 2008-05-20 22:44    <DIR>    dr-------    C:\Users\Malene\Saved Games
2008-05-20 22:43 . 2008-05-20 22:44    <DIR>    dr-------    C:\Users\Malene\Pictures
2008-05-20 22:43 . 2008-05-20 22:44    <DIR>    dr-------    C:\Users\Malene\Music
2008-05-20 22:43 . 2008-05-20 22:44    <DIR>    dr-------    C:\Users\Malene\Links
2008-05-20 22:43 . 2008-05-23 18:20    <DIR>    dr-------    C:\Users\Malene\Downloads
2008-05-20 22:43 . 2008-05-23 17:49    <DIR>    dr-------    C:\Users\Malene\Documents
2008-05-20 22:43 . 2008-05-20 22:44    <DIR>    d--h-----    C:\Users\Malene\AppData
2008-05-20 22:43 . 2008-05-23 14:52    <DIR>    d--------    C:\Users\Malene
2008-05-20 22:43 . 2008-05-20 22:43    2,048    --a------    C:\Windows\System32\tzres.dll
2008-05-20 22:40 . 2008-05-20 22:40    <DIR>    d--------    C:\Users\Jordbae\AppData\Roaming\PeerNetworking
2008-05-20 10:37 . 2008-05-20 10:37    788,992    --a------    C:\Windows\System32\rpcrt4.dll
2008-05-20 10:37 . 2008-05-20 10:37    750,080    --a------    C:\Windows\System32\qmgr.dll
2008-05-20 10:37 . 2008-05-20 10:37    8,888    --a------    C:\Windows\System32\RacUR.xml
2008-05-20 10:37 . 2008-05-20 10:37    150    --a------    C:\Windows\System32\RacUREx.xml
2008-05-20 10:35 . 2008-05-20 10:35    694,784    --a------    C:\Windows\System32\localspl.dll
2008-05-20 10:31 . 2008-05-20 10:31    1,335,296    --a------    C:\Windows\System32\msxml6.dll
2008-05-20 10:31 . 2008-05-20 10:31    1,191,936    --a------    C:\Windows\System32\msxml3.dll
2008-05-20 10:31 . 2008-05-20 10:31    2,048    --a------    C:\Windows\System32\msxml6r.dll
2008-05-20 10:31 . 2008-05-20 10:31    2,048    --a------    C:\Windows\System32\msxml3r.dll
2008-05-20 10:29 . 2008-05-20 10:29    2,605,568    --a------    C:\Windows\System32\SLsvc.exe
2008-05-20 10:29 . 2008-05-20 10:29    566,784    --a------    C:\Windows\System32\SLCommDlg.dll
2008-05-20 10:29 . 2008-05-20 10:29    351,232    --a------    C:\Windows\System32\SLUI.exe
2008-05-20 10:29 . 2008-05-20 10:29    268,288    --a------    C:\Windows\System32\mcbuilder.exe
2008-05-20 10:29 . 2008-05-20 10:29    223,232    --a------    C:\Windows\System32\SLC.dll
2008-05-20 10:29 . 2008-05-20 10:29    186,368    --a------    C:\Windows\System32\SLLUA.exe
2008-05-20 10:29 . 2008-05-20 10:29    57,856    --a------    C:\Windows\System32\SLUINotify.dll
2008-05-20 10:29 . 2008-05-20 10:29    39,936    --a------    C:\Windows\System32\slcinst.dll
2008-05-20 10:29 . 2008-05-20 10:29    33,280    --a------    C:\Windows\System32\slwmi.dll
2008-05-20 10:27 . 2008-05-20 10:27    205,824    --a------    C:\Windows\System32\msoeacct.dll
2008-05-20 10:27 . 2008-05-20 10:27    152,576    --a------    C:\Windows\System32\imagehlp.dll
2008-05-20 10:27 . 2008-05-20 10:27    87,040    --a------    C:\Windows\System32\msoert2.dll
2008-05-20 10:27 . 2008-05-20 10:27    39,424    --a------    C:\Windows\System32\ACCTRES.dll
2008-05-20 10:27 . 2008-05-20 10:27    12,800    --a------    C:\Windows\System32\drivers\fs_rec.sys
2008-05-20 10:27 . 2008-05-20 10:27    5,120    --a------    C:\Windows\System32\wmi.dll
2008-05-20 10:26 . 2007-09-07 21:20    196,608    --a------    C:\Windows\System32\SynCtrl.dll
2008-05-20 10:26 . 2007-09-07 21:56    192,816    --a------    C:\Windows\System32\drivers\SynTP.sys
2008-05-20 10:26 . 2007-09-07 21:19    163,840    --a------    C:\Windows\System32\SynCOM.dll
2008-05-20 10:26 . 2007-09-07 21:28    147,456    --a------    C:\Windows\System32\SynTPAPI.dll
2008-05-20 10:26 . 2007-09-07 21:56    110,592    --a------    C:\Windows\System32\SynTPCo4.dll
2008-05-20 10:26 . 2007-12-27 02:35    11,263    --ahs----    C:\Patch.rev
2008-05-20 01:27 . 2008-05-19 21:32    <DIR>    d--------    C:\Program Files\Yahoo!
2008-05-20 01:23 . 2007-11-06 09:30    15,656    --a------    C:\Windows\System32\drivers\int15_64.sys
2008-05-20 01:23 . 2007-11-30 15:51    15,392    --a------    C:\Windows\System32\drivers\int15.sys
2008-05-20 01:22 . 2007-07-17 19:33    368,640    --a------    C:\Windows\System32\CheckD2DSystem.exe
2008-05-20 01:22 . 2006-11-12 11:54    327,680    --a------    C:\Windows\System32\Remove_eRecovery.exe
2008-05-20 01:22 . 2006-11-10 17:27    16,384    --a------    C:\Windows\System32\LauncheRyAgentUser.exe
2008-05-20 01:22 . 2005-12-09 09:12    16,384    --a------    C:\Windows\System32\ClearEvent.exe
2008-05-20 01:22 . 2006-02-24 11:28    552    --a------    C:\Windows\System32\setup.iss
2008-05-20 01:20 . 2008-05-20 01:20    <DIR>    d--------    C:\Program Files\Launch Manager
2008-05-20 01:20 . 2008-05-20 01:20    83    --a------    C:\Windows\LManager.UNI
2008-05-20 01:18 . 2008-05-20 01:18    92    --a------    C:\Windows\GridV.UNI
2008-05-20 01:17 . 2008-05-20 01:17    <DIR>    d--------    C:\Program Files\CyberLink
2008-05-20 01:17 . 2007-03-14 21:02    29,744    ---------    C:\Windows\System32\msxml3a.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 13:05    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2008-05-23 12:49    ---------    d-----w    C:\ProgramData\Symantec
2008-05-22 16:30    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-05-22 13:51    ---------    d-----w    C:\ProgramData\Microsoft Help
2008-05-22 01:07    ---------    d-----w    C:\Program Files\Windows Calendar
2008-05-21 19:58    ---------    d-----w    C:\Program Files\Windows Sidebar
2008-05-21 19:58    ---------    d-----w    C:\Program Files\Windows Mail
2008-05-20 21:13    ---------    d-----w    C:\Program Files\Microsoft SQL Server
2008-05-20 21:01    537,600    ----a-w    C:\Windows\AppPatch\AcLayers.dll
2008-05-20 21:01    449,536    ----a-w    C:\Windows\AppPatch\AcSpecfc.dll
2008-05-20 21:01    2,560    ----a-w    C:\Windows\AppPatch\AcRes.dll
2008-05-20 21:01    2,144,256    ----a-w    C:\Windows\AppPatch\AcGenral.dll
2008-05-20 21:01    173,056    ----a-w    C:\Windows\AppPatch\AcXtrnal.dll
2008-05-20 20:47    826,368    ----a-w    C:\Windows\System32\wininet.dll
2008-05-20 20:47    56,320    ----a-w    C:\Windows\System32\iesetup.dll
2008-05-20 20:47    52,736    ----a-w    C:\Windows\AppPatch\iebrshim.dll
2008-05-20 20:47    26,624    ----a-w    C:\Windows\System32\ieUnatt.exe
2008-05-20 08:40    84,480    ----a-w    C:\Windows\System32\INETRES.dll
2008-05-20 08:36    88,576    ----a-w    C:\Windows\System32\avifil32.dll
2008-05-20 08:35    8,192    ----a-w    C:\Windows\System32\riched32.dll
2008-05-20 08:31    53,760    ----a-w    C:\Windows\system32\drivers\hdaudbus.sys
2008-05-19 23:17    ---------    d-----w    C:\Program Files\Common Files\InstallShield
2008-05-19 23:13    ---------    d-----w    C:\Program Files\Common Files\Adobe
2008-05-19 23:04    ---------    d-----w    C:\Program Files\Broadcom
2008-05-19 22:57    ---------    d-sh--w    C:\ProgramData\Skrivebord
2008-05-19 22:57    ---------    d-sh--w    C:\ProgramData\Skabeloner
2008-05-19 22:57    ---------    d-sh--w    C:\ProgramData\Menuen Start
2008-05-19 22:57    ---------    d-sh--w    C:\ProgramData\Favoritter
2008-05-19 22:57    ---------    d-sh--w    C:\ProgramData\Dokumenter
2008-05-19 22:57    ---------    d-sh--w    C:\Program Files\Fælles filer
2008-05-19 22:49    174    --sha-w    C:\Program Files\desktop.ini
2008-05-19 19:04    ---------    d-----w    C:\Program Files\Microsoft Games
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-20 23:00 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 02:29 4472832 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 21:56 1021224]
"Acer Tour"="" []
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 12:35 94208]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 22:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 22:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 22:43 137752]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 21:35 102400]
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 09:35 72736]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 12:06 62760]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-10-17 20:59 858632]
"eRecoveryService"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-23 16:00 1177368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{644DD87E-2A9B-464F-801D-BCA7C790D92A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{63B0B231-043D-44E6-B226-A5F18354970B}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{A8BE105D-758D-44F9-A79E-C02A12B25B04}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{668CB4FF-38DE-438E-9AA9-004A1A05AE05}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{0B0F3044-F792-4547-B08B-568E4F697CF6}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{AD8D60DD-ECDE-45A8-BC8F-8670D09EE14E}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{EA5003B0-1EBF-458A-AB1D-1C3DF67998EB}C:\\users\\jordbae\\program files\\dna\\btdna.exe"= UDP:C:\users\jordbae\program files\dna\btdna.exe:btdna.exe
"UDP Query User{2CCB8BA6-F7DE-41C2-8764-964E16A49EFB}C:\\users\\jordbae\\program files\\dna\\btdna.exe"= TCP:C:\users\jordbae\program files\dna\btdna.exe:btdna.exe
"TCP Query User{F354E266-DBF3-403B-9C8D-9E5491941323}C:\\users\\malene\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\malene\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{69EE1F4E-2F62-4FD3-A94A-EEB1E5B21CFE}C:\\users\\malene\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\malene\program files\bittorrent\bittorrent.exe:bittorrent.exe
"{F2E27DE8-A030-4BE4-B1B1-3BF2CC7F1578}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{354255E3-0641-4DAC-96F2-B87E48691E8A}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-05-23 16:00]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-23 16:00]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Starttjeneste;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 11:01]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 02:44]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-09 00:03]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 22:25]
S3 BCM43XV;Driver til Broadcom Extensible 802.11-netværkskort;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-26 14:41]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43847687-2803-11dd-93de-000000000000}]
\shell\AutoRun\command - F:\SETUP.EXE
\shell\configure\command - F:\SETUP.EXE
\shell\install\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e96e4687-25f4-11dd-bef2-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
\shell\directx\command - E:\DirectX9\dxsetup.exe
\shell\setup\command - E:\setup.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 18:25:05
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe\""
.
Completion time: 2008-05-23 18:25:51
ComboFix-quarantined-files.txt  2008-05-23 16:25:48

Pre-Run: 45,101,006,848 byte ledig
Post-Run: 45,127,737,344 byte ledig

286    --- E O F ---    2008-05-23 01:02:11

Kom til at scanne forkert engang så tog den første gang og længere nede står anden gang.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/23/2008 at 06:08 PM

Application Version : 4.0.1154

Core Rules Database Version : 3467
Trace Rules Database Version: 1458

Scan type      : Quick Scan
Total Scan Time : 00:10:49

Memory items scanned      : 218
Memory threats detected  : 0
Registry items scanned    : 390
Registry threats detected : 2
File items scanned        : 12384
File threats detected    : 7

Adware.Vundo Variant/Rel
    HKU\S-1-5-21-2589621155-1361141859-1145836740-1004\Software\Microsoft\Windows\CurrentVersion\Run#cmds [ rundll32.exe C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll,c ]
    HKU\S-1-5-21-2589621155-1361141859-1145836740-1004\Software\Microsoft\rdfa

Adware.Tracking Cookie
    C:\Users\Jordbae\AppData\Roaming\Microsoft\Windows\Cookies\Low\jordbae@doubleclick[1].txt
    C:\Users\Jordbae\AppData\Roaming\Microsoft\Windows\Cookies\Low\jordbae@adbrite[1].txt
    C:\Users\Jordbae\AppData\Roaming\Microsoft\Windows\Cookies\Low\jordbae@server.cpmstar[2].txt
    C:\Users\Jordbae\AppData\Roaming\Microsoft\Windows\Cookies\Low\jordbae@adrevolver[2].txt
    C:\Users\Jordbae\AppData\Roaming\Microsoft\Windows\Cookies\Low\jordbae@zedo[2].txt
    C:\Users\Jordbae\AppData\Roaming\Microsoft\Windows\Cookies\Low\jordbae@media.adrevolver[1].txt
    C:\Users\Jordbae\AppData\Roaming\Microsoft\Windows\Cookies\Low\jordbae@ad.yieldmanager[2].txt



----------------------------------
anden gang:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/23/2008 at 06:50 PM

Application Version : 4.0.1154

Core Rules Database Version : 3467
Trace Rules Database Version: 1458

Scan type      : Complete Scan
Total Scan Time : 00:15:21

Memory items scanned      : 200
Memory threats detected  : 0
Registry items scanned    : 6170
Registry threats detected : 0
File items scanned        : 15486
File threats detected    : 5

Adware.Tracking Cookie
    C:\Users\Malene\AppData\Roaming\Microsoft\Windows\Cookies\Low\malene@doubleclick[1].txt
    C:\Users\Malene\AppData\Roaming\Microsoft\Windows\Cookies\Low\malene@atdmt[2].txt
    C:\Users\Malene\AppData\Roaming\Microsoft\Windows\Cookies\Low\malene@adtech[1].txt
    C:\Users\Malene\AppData\Roaming\Microsoft\Windows\Cookies\Low\malene@track.adform[2].txt
    C:\Users\Malene\AppData\Roaming\Microsoft\Windows\Cookies\Low\malene@msnportal.112.2o7[1].txt

Jeg ser på den...

... og allerede efter 2 dage ødelægger du en pæn Vista ved at lege med
"C:\\Program Files\\BitTorrent\\bittorrent.exe og reslutater derfra !!!

Så er du jo (=====Censur====) selv ude om det !!!

Afinstaller

* BitTorrent
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Du får en lang 'smøre' når du har gennemført/kommenteret ovenstående ...

ØHHHH :S det er afinstalleret.
Det stod som punkt 1 i jeres manual.
Skulle jo bruge det for at en pakke fra min ven i australien.
Men nåede aldrig så langt :S

Og den står ikke på listen som sagt stod der jeg skulle slette sådan et program inden jeg kørte jeres programmer. Og det gjorde jeg.

Desuden har jeg ikke leget med det skide program endnu.
Jeg nåede det aldrig. Så jeg er glad for du satte det censur på.

Det er sku da ikke en måde at hjælpe andre på ved at svine dem til når du ikke engang ved hvad der er sket!

Men når det er sagt hvad kan jeg så gøre for at fjerne det?
For jeg fjerne altid alting med tilføj/fjern programmer Eller "programmer og

funktioner" som det hedder på min computer.

Jeg bruger normalt ikke de der fil delnings programmer men han skrev at jeg skulle hente det og sige når jeg var klar. Men det blev jeg jo som sagt aldrig.

Undskyld hvis jeg lyder lidt sur. Det er ikke ment surt men bliver lidt støt når man får den der i hovedet ;)

Jeg er da glad for at du vil hjælpe men det er ikke den fedeste at få i hovedet når man har brugt en hel dag på at finde ud af det problem.

ddd

gør nu som karise_larry siger. Så har du chancen for at få løst problemerne. Ingen grund til at blive stødt. Du har chancen for hjælp nu

- StandBy -

Så undrer det mig hvor du har fået nedenstående 'snavs' ?
Hvad har du været inde på ? Eller mere eller mindre med vilje instaleret ?

------------
Procedure - foreløbig ->

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Windows\system32\xxyYOfec.dll
C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll
C:\Users\Malene\AppData\Local\Temp\jvtfhtis.dll
C:\Users\Malene\AppData\Local\Temp\urqNHBrp.dll

Folders to delete:
C:\Users\Jordbae\AppData\Roaming\PeerNetworking
C:\Program Files\Yahoo!
C:\Program Files\DNA\
C:\Program Files\BitTorrent\
C:\users\malene\program files\bittorrent\
~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyYOfec.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll,c
O4 - HKCU\..\Run: [f02085f7] rundll32.exe "C:\Users\Malene\AppData\Local\Temp\jvtfhtis.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Malene\AppData\Local\Temp\urqNHBrp.dll,#1
O4 - HKCU\..\Run: [BMf313b66b] Rundll32.exe "C:\Users\Malene\AppData\Local\Temp\vecsvalg.dll",s

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Ta' en oprydningstur med CCleaner som du allered har
http://www.spywarefri.dk/manualer/ccleaner-manual.htm

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

------------

NB: Bruger du
Symantec/Norton
eller
AVG
som sikkerhedsprogram ?

Der er 'rester' efter begge på din PC !!!

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\Windows\system32\xxyYOfec.dll" not found!
Deletion of file "C:\Windows\system32\xxyYOfec.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll" not found!
Deletion of file "C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Users\Malene\AppData\Local\Temp\jvtfhtis.dll" not found!
Deletion of file "C:\Users\Malene\AppData\Local\Temp\jvtfhtis.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Users\Malene\AppData\Local\Temp\urqNHBrp.dll" not found!
Deletion of file "C:\Users\Malene\AppData\Local\Temp\urqNHBrp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\Users\Jordbae\AppData\Roaming\PeerNetworking" deleted successfully.
Folder "C:\Program Files\Yahoo!" deleted successfully.
Folder "C:\Program Files\DNA" deleted successfully.

Error:  folder "C:\Program Files\BitTorrent" not found!
Deletion of folder "C:\Program Files\BitTorrent" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\users\malene\program files\bittorrent" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.













--------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:05, on 23-05-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Malene\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://da.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyYOfec.dll,#1
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll,c
O4 - HKCU\..\Run: [f02085f7] rundll32.exe "C:\Users\Malene\AppData\Local\Temp\jvtfhtis.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Malene\AppData\Local\Temp\urqNHBrp.dll,#1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BMf313b66b] Rundll32.exe "C:\Users\Malene\AppData\Local\Temp\vecsvalg.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6614 bytes




--------------------------



Jeg bruger AVG.
Jeg slettede Norton da det tydligvis ikke holdte noget ude.

Min makker i Austrailen har lavet en DVD om hans tur.
Han ville have at jeg skulle hente den på en måde med det der Bittoren og så skulle jeg bruge noget diamanttools bagefter. Så de 2 programmer downloadede jeg.
Men hvergang jeg downloadede det stoppede den halvvejs.
Jeg fik det endelig ned. Men min computer var begyndt på problemerne, med at åbne de sider.
Mit Acer halløj opdaterede hele tiden den første dag og genstartede igen og igen.
Så valgte jeg at prøve at installere AVG også. Men igen ville den ikke hente.
Det lykkes 20 gang eller sådan noget og læste i stiften at AVG sammen med ZoneAlarm var et godt mix.

håber du stadig kan hjælpe.
Og igen undskyld hvis jeg virkede sur. Det var ikke ment sådan.
Men nu ved du hvad jeg har gjort og i den rækkefølge.



Og til samsonjens --> Jeg havde jo gjort det han sagde. ;0)

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyYOfec.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll,c
O4 - HKCU\..\Run: [f02085f7] rundll32.exe "C:\Users\Malene\AppData\Local\Temp\jvtfhtis.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Malene\AppData\Local\Temp\urqNHBrp.dll,#1
O4 - HKCU\..\Run: [BMf313b66b] Rundll32.exe "C:\Users\Malene\AppData\Local\Temp\vecsvalg.dll",s


Kan jeg ikke se i Hijackthis.
Kun i dens log men den er ikke på listen :S

"... ikke på listen ..." ???

Fix i HiJackThis

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyYOfec.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll,c
O4 - HKCU\..\Run: [f02085f7] rundll32.exe "C:\Users\Malene\AppData\Local\Temp\jvtfhtis.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Malene\AppData\Local\Temp\urqNHBrp.dll,#1
O4 - HKCU\..\Run: [BMf313b66b] Rundll32.exe "C:\Users\Malene\AppData\Local\Temp\vecsvalg.dll",s

og slet derefter manuelt disse filer:

C:\Windows\system32\xxyYOfec.dll
C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll
C:\Users\Malene\AppData\Local\Temp\jvtfhtis.dll
C:\Users\Malene\AppData\Local\Temp\urqNHBrp.dll
C:\Users\Malene\AppData\Local\Temp\vecsvalg.dll

Først dette ->
... kontrolpanel - indstillinger - mappeindstillinger - [Vis]
(x) Vis skjulte filer og mapper
( ) Skjul beskyttede oprativsystemfiler

Ja de 5 O4- ting stå ikke i mit Hijackthis, men de står på mtn log?

http://Billedeupload.dk/showpic-2285.jpg

Et billede der viser mine O4'er

... hvis de ikke er med på en frisk HiJackThis er så de - tilsyneladende - blevet ædt ...

Men på Loggen [15:30:05, on 23-05-2008] er de da representeret ?

(Eller taler vi forbi hinanden *S* ?)

Jeps det gør de nemlig. Men ikke i selve programmet.


Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:05, on 23-05-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Malene\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://da.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\xxyYOfec.dll,#1
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Malene\AppData\Local\Temp\ljJCvwUm.dll,c
O4 - HKCU\..\Run: [f02085f7] rundll32.exe "C:\Users\Malene\AppData\Local\Temp\jvtfhtis.dll",b
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Malene\AppData\Local\Temp\urqNHBrp.dll,#1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BMf313b66b] Rundll32.exe "C:\Users\Malene\AppData\Local\Temp\vecsvalg.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6614 bytes

Øhhhh - Hmmm...
Foreløbig har du her i tråden vist ~4 HiJackThis Logfiler med præcist samme indhold OG SAMME DATO/KLOKKESLET

Citat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:05, on 23-05-2008

Jeg bad om en FRISK NY HiJackThis Log ..

Jamen det er den Log der kommer frem når jeg scanner...
Jeg forstår det heller ikke helt. Hvad kan der være galt?

Jeg prøver lige at slette det og installere det igen.

Sådan.

Det hjalp at slette det og installere det igen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:36, on 24-05-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Users\Malene\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BBAC596-B966-481A-BFE6-950B48578C95}: NameServer = 80.251.192.244 80.251.192.245
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BBAC596-B966-481A-BFE6-950B48578C95}: NameServer = 80.251.192.244 80.251.192.245
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6392 bytes

BINGO!!!

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

Ta' en oprydningstur med CCleaner som du allered har
http://www.spywarefri.dk/manualer/ccleaner-manual.htm

Nej hvor var det dejligt.

1000 1000 1000 tak...

Din hjælp var virkelig mere eng guld værd.

Sidste trin bliver lige at markere : karise_larrys navn nede i venstre hjørne og trykke accepter. Så vil spørgsmålet stå som besvaret og andre kan have glæde af det. Nu står det som besvaret uden accepteret svar

* Nemlig !

Ping...
(Det var et [svar]...)

Så nu har vi 3 svar fra karise larry, men ikke noget accepteret svar. Mon ikke det hjælper ?

karise larry vil du se på denne her?


http://www.eksperten.dk/spm/833513

Sorry. glemte det helt...