Highjack this log

Hej
Jeg oplever mange problemer med min computer og kunne godt tænke mig at få set en highjack this logfil, samt en rootchk logfil igennem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:16, on 31-05-2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\System\MSASP32.exe
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskmangr.exe
c:\windows\temp\dil1b.tmp
C:\WINDOWS\explorer.exe
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ldupdt.jpg
C:\Documents and Settings\Jesper\Skrivebord\PRIME95.EXE
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: {32c7a541-e383-f109-6604-1dd3e3f036e2} - {2e630f3e-3dd1-4066-901f-383e145a7c23} - C:\WINDOWS\System32\ighueynv.dll
O2 - BHO: (no name) - {5CAB814A-873B-4FDC-AEBC-D415457FE357} - C:\WINDOWS\System32\rqRIBTNE.dll
O2 - BHO: (no name) - {9336DE98-9155-4B2E-B75C-7A4193721852} - C:\WINDOWS\System32\nNEwTKCU.dll
O2 - BHO: Adobe PDF Reader Link Helper - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - C:\WINDOWS\System32\AcroIEHelper.dll
O2 - BHO: (no name) - {E314A70C-951B-442A-8EC4-C451260ACE13} - C:\WINDOWS\System32\pmnkHATm.dll
O2 - BHO: (no name) - {E4FD7352-296F-47C7-AF88-2B450D1FB2E3} - C:\WINDOWS\System32\opnopNeF.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Jesper\cftmon.exe
O4 - HKLM\..\Run: [sysPersonalFirewall] taskmangr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F31000D2907D4E66914B5C1E9E689DB6FC45715EC67A0924A04FA6C383221333933E4827B144 
O4 - HKLM\..\Run: [BMcfaef940] Rundll32.exe "C:\WINDOWS\System32\rmljqxcs.dll",s
O4 - HKLM\..\Run: [cc9dcadc] rundll32.exe "C:\WINDOWS\System32\dyjhsdhp.dll",b
O4 - HKLM\..\RunServices: [sysPersonalFirewall] taskmangr.exe
O4 - HKLM\..\RunServices: [Windows Update] ssms.exe
O4 - HKLM\..\RunOnce: [sysPersonalFirewall] taskmangr.exe
O4 - HKCU\..\Run: [sysPersonalFirewall] taskmangr.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Jesper\cftmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Programmer\Steam\Steam.exe" -silent
O4 - HKCU\..\RunOnce: [sysPersonalFirewall] taskmangr.exe
O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\System32\isnotify.exe
O4 - HKCU\..\Policies\Explorer\Run: [{CC9DCA73-07D0-1030-0713-05072405002d}] "C:\Programmer\Fælles filer\{CC9DCA73-07D0-1030-0713-05072405002d}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Svconr] C:\Programmer\Svconr\Svconr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Ebis] "C:\WINDOWS\ASKS~1\wuaclt.exe" -vt yazb (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Java (VM) v6.0] C:\WINDOWS\System32\jdk-1_5_0_12-windows-i386-pp\jdk.bat (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Java (VM) v6.9.3] C:\WINDOWS\System32\jdk-1_5_0_19-windows-i393-pp\jav.bat (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Eroca] C:\Programmer\Eroca\Eroca.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Java (VM) v6.9]  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Java (VM) v6.9]  (User 'Default user')
O4 - S-1-5-18 Startup: .protected (User 'SYSTEM')
O4 - S-1-5-18 Startup: Deewoo.lnk = C:\WINDOWS\system32\rcntkkdm.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: DW_Start.lnk = C:\WINDOWS\system32\jjwnw64p.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: .protected (User 'Default user')
O4 - .DEFAULT Startup: Deewoo.lnk = C:\WINDOWS\system32\rcntkkdm.exe (User 'Default user')
O4 - .DEFAULT Startup: DW_Start.lnk = C:\WINDOWS\system32\jjwnw64p.exe (User 'Default user')
O4 - Startup: .protected
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\rcntkkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jjwnw64p.exe
O4 - Global Startup: .protected
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = C:\Programmer\108Mbps Wireless LAN Adapter\WLANPRO.exe
O4 - Global Startup: Reg.lnk = C:\Programmer\108Mbps Wireless LAN Adapter\Reg.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab
O20 - Winlogon Notify: ersthz - ersthz.dll (file missing)
O20 - Winlogon Notify: rqRIBTNE - C:\WINDOWS\SYSTEM32\rqRIBTNE.dll
O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Advance Service Process - Unknown owner - C:\Programmer\Fælles filer\System\MSASP32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\System32\mscomserv.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe (file missing)
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Opgavestyring (Schedule) - The Author of QIP - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: XlashServ (XlashSrv) - Unknown owner - C:\WINDOWS\xlash.exe

--
End of file - 7536 bytes



og rootchk filen



********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
31-05-2008 15:00:00,70

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

Driver oreans32 (visible) is present. A rootkit scan is recommended.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 15:00:03
Windows 5.1.2600 Service Pack 1
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
? [564]

detected NTDLL code modification:
ZwOpenFile
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:1752a28a
"s1"=dword:65849574
"s2"=dword:f6b9936b
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:60,d3,bf,85,58,8e,bc,c6,0b,31,e5,5f,e1,05,ff,12,84,cf,64,92,d3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f1,6c,77,e6,ee,c5,51,5b,c1,9b,85,98,2f,b6,82,b1,57,..
"khjeh"=hex:32,0e,3f,fd,e1,4f,fd,fe,65,49,db,19,87,f7,cb,c1,73,13,33,e3,b3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6c,cb,cc,08,61,c0,ee,5e,63,3b,4b,f0,8f,c8,23,dc,d3,fc,58,ab,3c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:78,87,f4,40,92,af,a6,ed,df,6b,8b,5d,df,b0,86,6d,9a,02,53,45,f4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:30,28,05,0d,44,3a,97,3a,71,4f,38,0d,bb,8e,15,46,e2,70,ea,57,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:d6,97,47,04,30,3f,67,94,10,3b,e0,87,19,f5,75,ef,1e,b6,fe,b9,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:60,d3,bf,85,58,8e,bc,c6,0b,31,e5,5f,e1,05,ff,12,84,cf,64,92,d3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f1,6c,77,e6,ee,c5,51,5b,c1,9b,85,98,2f,b6,82,b1,57,..
"khjeh"=hex:32,0e,3f,fd,e1,4f,fd,fe,65,49,db,19,87,f7,cb,c1,73,13,33,e3,b3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:6c,cb,cc,08,61,c0,ee,5e,63,3b,4b,f0,8f,c8,23,dc,d3,fc,58,ab,3c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:78,87,f4,40,92,af,a6,ed,df,6b,8b,5d,df,b0,86,6d,9a,02,53,45,f4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:30,28,05,0d,44,3a,97,3a,71,4f,38,0d,bb,8e,15,46,e2,70,ea,57,f9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:d6,97,47,04,30,3f,67,94,10,3b,e0,87,19,f5,75,ef,1e,b6,fe,b9,ae,..

detected NTDLL code modification:
ZwOpenFile
scanning hidden registry entries ...

detected NTDLL code modification:
ZwOpenFile
scanning hidden files ...

hidden processes: 1
hidden services: 0
hidden files: 0


Tak.