hjælp til hijacks this log?

PUHA - ja - Jeg ser på den...

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Windows\system32\ljJAQKEX.dll
C:\Windows\system32\ttphmqqe.dll
C:\Windows\system32\dbefvxvs.dll

Folders to delete:

~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ljJAQKEX.dll,#1
O4 - HKLM\..\Run: [BM176b5dee] Rundll32.exe "C:\Windows\system32\ttphmqqe.dll",s
O4 - HKLM\..\Run: [14586e72] rundll32.exe "C:\Windows\system32\dbefvxvs.dll",b

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

--------

PS: NameServer = 10.106.8.10 - er det noget du kender til ?

--------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Jeg har tilføjet nogle lokale domain navne i min host fil, er det, det jeg kan se som O17 ??

Takker den føltes også hurtigere nu.

_____________________


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\system32\ljJAQKEX.dll" deleted successfully.
File "C:\Windows\system32\ttphmqqe.dll" deleted successfully.
File "C:\Windows\system32\dbefvxvs.dll" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
_______________________________________

og

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:50, on 07-06-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\s3trayp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\Windows\system32\ljJAQKEX.dll (file missing)
O2 - BHO: {f8908386-4a58-7798-8bb4-26fa8a7013bc} - {cb3107a8-af62-4bb8-8977-85a46838098f} - C:\Windows\system32\ouevlftw.dll
O2 - BHO: (no name) - {F3026850-1FF0-4DCE-9376-31F15B49E2A6} - C:\Windows\system32\qommNeFy.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?AuthParam=1210544383_1bd489760bf1fcef325ff1f353e52e81&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7874 bytes

Takker for link til ccleaner samt guiden. Virkligt lækkert program

der popper stadig forskelige vinduer op, lige nu reklame for www.gladiatus.dk

pænt ireterende..

Der er også dukket nogle andre Uønskede elementer op !!! Er desværre set/oplevet før *S*

-- Brug Avenger programmet igen:

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Windows\system32\ljJAQKEX.dll
C:\Windows\system32\ouevlftw.dll
C:\Windows\system32\qommNeFy.dll

Folders to delete:
~~~~~~~~~~~~~~~~~~

--- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {81EA3F36-357A-435A-8741-52C27CCC9F21} - C:\Windows\system32\ljJAQKEX.dll (file missing)
O2 - BHO: {f8908386-4a58-7798-8bb4-26fa8a7013bc} - {cb3107a8-af62-4bb8-8977-85a46838098f} - C:\Windows\system32\ouevlftw.dll
O2 - BHO: (no name) - {F3026850-1FF0-4DCE-9376-31F15B49E2A6} - C:\Windows\system32\qommNeFy.dll

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

Takker, her er log filerne

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\Windows\system32\ljJAQKEX.dll" not found!
Deletion of file "C:\Windows\system32\ljJAQKEX.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Windows\system32\ttphmqqe.dll" not found!
Deletion of file "C:\Windows\system32\ttphmqqe.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Windows\system32\dbefvxvs.dll" not found!
Deletion of file "C:\Windows\system32\dbefvxvs.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.
---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:46, on 08-06-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BM176b5dee] Rundll32.exe "C:\Windows\system32\rbavumij.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6841 bytes

Og der dukkede andet 'snavs' op - IGEN...

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
PS: Brug dog stadig denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Tak, Kørte Malwarebytes' Anti-Malware og den fandt en masse, og jeg er sluppet for de irterene pupups Takker for link til guide. jeg vil studere nærmere

Venligst læg et svar og der er point, på vej

Vil/skal dog se en frisk HiJackThis Log...

Jeg takker, har 3 stk log filer


Først combofix

ComboFix 08-06-11.3 - Reno 2008-06-13 11:25:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic  6.0.6001.1.1252.1.1030.18.1166 [GMT 2:00]
Running from: C:\Users\Reno\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Fonts\CALIBRIB.TTF
C:\Windows\system32\svxvfebd.ini
C:\Windows\System32\YFOpVENn.ini
C:\Windows\System32\YFOpVENn.ini2

.
(((((((((((((((((((((((((  Files Created from 2008-05-13 to 2008-06-13  )))))))))))))))))))))))))))))))
.

2008-06-13 11:25 . 2008-06-13 11:25    6,736    --a------    C:\Windows\System32\drivers\PROCEXP90.SYS
2008-06-13 10:27 . 2008-06-13 10:27    <DIR>    d--------    C:\Users\Reno\AppData\Roaming\SUPERAntiSpyware.com
2008-06-13 10:27 . 2008-06-13 10:27    <DIR>    d--------    C:\Users\All Users\SUPERAntiSpyware.com
2008-06-13 10:27 . 2008-06-13 10:27    <DIR>    d--------    C:\ProgramData\SUPERAntiSpyware.com
2008-06-13 10:27 . 2008-06-13 10:27    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-06-13 01:00 . 2008-06-13 01:00    716,272    --a------    C:\Windows\System32\drivers\sptd.sys
2008-06-12 01:53 . 2008-06-12 01:53    <DIR>    d--------    C:\Users\All Users\Autodata Limited
2008-06-12 01:53 . 2008-06-12 01:53    <DIR>    d--------    C:\ProgramData\Autodata Limited
2008-06-12 01:46 . 2008-06-12 01:46    <DIR>    d--------    C:\Program Files\Common Files\Autodata Limited Shared
2008-06-12 01:46 . 2008-06-12 01:46    <DIR>    d--------    C:\ADCDTEMP
2008-06-12 01:46 . 2008-06-12 02:22    <DIR>    d--------    C:\ADCDA2
2008-06-11 22:33 . 2008-06-11 22:33    <DIR>    d--------    C:\Users\Reno\AppData\Roaming\DAEMON Tools
2008-06-11 14:05 . 2008-02-22 13:30    334,792    --a------    C:\Windows\System32\_AxShlEx.dll
2008-06-11 14:03 . 2008-06-11 14:03    <DIR>    d--------    C:\Program Files\Alcohol Soft
2008-06-08 13:55 . 2008-06-08 13:55    <DIR>    d--------    C:\Users\Reno\AppData\Roaming\Malwarebytes
2008-06-08 13:55 . 2008-06-08 13:55    <DIR>    d--------    C:\Users\All Users\Malwarebytes
2008-06-08 13:55 . 2008-06-08 13:55    <DIR>    d--------    C:\ProgramData\Malwarebytes
2008-06-08 13:55 . 2008-06-08 13:55    <DIR>    d--------    C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 13:55 . 2008-06-05 16:04    34,296    --a------    C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-08 13:55 . 2008-06-05 16:04    15,864    --a------    C:\Windows\System32\drivers\mbam.sys
2008-06-07 22:12 . 2008-06-07 22:12    <DIR>    d--------    C:\Program Files\CCleaner
2008-06-07 21:39 . 2008-06-07 21:39    <DIR>    d--------    C:\Program Files\Trend Micro
2008-06-07 12:57 . 2008-06-07 12:58    <DIR>    d--------    C:\Users\All Users\Lavasoft
2008-06-07 12:57 . 2008-06-07 12:58    <DIR>    d--------    C:\ProgramData\Lavasoft
2008-06-07 12:57 . 2008-06-07 12:57    <DIR>    d--------    C:\Program Files\Lavasoft
2008-06-07 12:56 . 2008-06-13 10:26    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 04:49 . 2008-06-08 23:54    54,156    --ah-----    C:\Windows\QTFont.qfn
2008-06-07 04:49 . 2008-06-07 04:49    1,409    --a------    C:\Windows\QTFont.for
2008-06-07 04:47 . 2008-06-07 04:47    <DIR>    d--------    C:\Users\All Users\Apple Computer
2008-06-07 04:47 . 2008-06-07 04:47    <DIR>    d--------    C:\ProgramData\Apple Computer
2008-06-07 04:47 . 2008-06-07 04:48    <DIR>    d--------    C:\Program Files\QuickTime
2008-06-07 04:04 . 2008-06-07 20:53    1,027    --a------    C:\Windows\ARPR.INI
2008-06-07 04:01 . 2008-06-07 21:30    <DIR>    d--------    C:\Program Files\ElcomSoft
2008-06-07 03:55 . 2008-06-07 03:55    <DIR>    d--------    C:\Program Files\Intelore
2008-06-07 03:42 . 2008-06-07 21:29    <DIR>    d--------    C:\Program Files\Atomic RAR Password Recovery
2008-06-03 01:33 . 2007-08-13 14:51    446,464    --a------    C:\Windows\System32\wmvdmoe.dll
2008-06-03 01:26 . 2008-06-03 01:26    <DIR>    d--------    C:\Users\All Users\PY_Software
2008-06-03 01:26 . 2008-06-03 01:26    <DIR>    d--------    C:\ProgramData\PY_Software
2008-06-03 01:26 . 2008-06-07 21:30    <DIR>    d--------    C:\Program Files\Active WebCam
2008-06-02 00:14 . 2008-06-07 21:28    <DIR>    d--------    C:\Program Files\Handbrake
2008-05-28 23:39 . 2008-05-29 00:06    <DIR>    d--------    C:\Program Files\Norton AntiVirus
2008-05-28 23:38 . 2008-06-04 00:31    10,671    --a------    C:\Windows\System32\drivers\SYMEVENT.CAT
2008-05-28 23:38 . 2008-06-04 00:31    805    --a------    C:\Windows\System32\drivers\SYMEVENT.INF
2008-05-28 22:32 . 2008-05-28 22:32    354    ---hs----    C:\Windows\System32\osbutuvh.ini
2008-05-28 22:30 . 2008-05-28 22:30    1,623,633    --ahs----    C:\Windows\System32\mgqpcdxn.tmp
2008-05-28 19:19 . 2008-05-28 22:47    3,119    --a------    C:\Windows\System32\SHORTCUT.INI
2008-05-28 19:19 . 2008-06-08 22:57    119    --a------    C:\Windows\System32\REMOTEDEVICE.INI
2008-05-28 19:15 . 2008-06-13 11:31    4,372    --a------    C:\Windows\System32\LOCALSERVICE.INI
2008-05-28 19:15 . 2008-06-08 22:48    98    --a------    C:\Windows\System32\LOCALDEVICE.INI
2008-05-28 19:13 . 2008-05-28 19:13    0    --a------    C:\Windows\System32\BSPRINT.INI
2008-05-28 19:03 . 2008-06-12 04:29    <DIR>    d--------    C:\Users\Reno\AppData\Roaming\Azureus
2008-05-28 19:03 . 2008-05-28 19:03    <DIR>    d--------    C:\Users\All Users\Azureus
2008-05-28 19:03 . 2008-05-28 19:03    <DIR>    d--------    C:\ProgramData\Azureus
2008-05-28 18:29 . 2008-05-28 18:38    <DIR>    d--------    C:\Users\All Users\Bluetooth
2008-05-28 18:29 . 2008-05-28 18:38    <DIR>    d--------    C:\ProgramData\Bluetooth
2008-05-28 18:22 . 2008-05-28 18:22    <DIR>    d--------    C:\Program Files\IVT Corporation
2008-05-28 18:00 . 2008-05-28 19:13    32    --a------    C:\Windows\0
2008-05-28 18:00 . 2008-05-28 18:00    0    --a------    C:\Windows\System32\0
2008-05-28 08:42 . 2008-03-08 04:08    4,240,384    --a------    C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 08:42 . 2008-03-08 06:21    1,695,744    --a------    C:\Windows\System32\gameux.dll
2008-05-16 22:31 . 2007-04-09 13:23    28,040    --a------    C:\Windows\System32\mdimon.dll
2008-05-16 22:29 . 2008-05-16 22:30    <DIR>    d--------    C:\Windows\SHELLNEW
2008-05-16 22:29 . 2008-05-16 22:29    <DIR>    d--------    C:\Program Files\Microsoft.NET
2008-05-16 11:58 . 2008-05-16 11:58    12,632    --a------    C:\Windows\System32\lsdelete.exe
2008-05-13 00:42 . 2008-05-13 00:42    53,360    --a------    C:\Users\Reno\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-13 00:04 . 2008-05-16 22:31    376    --a------    C:\Windows\ODBC.INI

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 10:36    ---------    d-----w    C:\Program Files\Common Files\Adobe
2008-06-03 22:31    123,952    ----a-w    C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-03 22:31    ---------    d-----w    C:\Program Files\Symantec
2008-05-28 22:06    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2008-05-28 21:58    ---------    d-----w    C:\ProgramData\Symantec
2008-05-28 17:17    34,312    ----a-w    C:\Windows\system32\drivers\blueletaudio.sys
2008-05-16 19:07    ---------    d-----w    C:\Program Files\Windows Live
2008-05-14 01:00    ---------    d-----w    C:\Program Files\Windows Mail
2008-05-12 20:10    ---------    d-----w    C:\Users\Reno\AppData\Roaming\AdobeUM
2008-05-12 20:10    ---------    d-----w    C:\ProgramData\Adobe Systems
2008-05-12 20:10    ---------    d-----w    C:\Program Files\Common Files\Adobe Systems Shared
2008-05-11 22:19    ---------    d-----w    C:\Program Files\Java
2008-05-11 22:18    ---------    d-----w    C:\Program Files\Common Files\Java
2008-05-11 11:42    ---------    d-----w    C:\Program Files\VistaCodecPack
2008-05-11 11:40    ---------    d-----w    C:\ProgramData\VistaCodecs
2008-05-11 11:34    18,682,015    ----a-w    C:\Users\Reno\VistaCodecs_v465.exe
2008-05-11 11:06    ---------    dcsh--w    C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-11 11:04    ---------    d-----w    C:\ProgramData\WLInstaller
2008-05-09 22:02    174    --sha-w    C:\Program Files\desktop.ini
2008-05-09 21:56    ---------    d-----w    C:\Program Files\Windows Sidebar
2008-05-09 21:56    ---------    d-----w    C:\Program Files\Windows Photo Gallery
2008-05-09 21:56    ---------    d-----w    C:\Program Files\Windows Defender
2008-05-09 21:56    ---------    d-----w    C:\Program Files\Windows Collaboration
2008-05-09 21:56    ---------    d-----w    C:\Program Files\Windows Calendar
2008-05-09 20:28    ---------    d-----w    C:\Program Files\CONEXANT
2008-05-09 20:25    ---------    d-----w    C:\Program Files\Look@LAN
2008-05-09 19:35    ---------    d-----w    C:\Users\Reno\AppData\Roaming\Symantec
2008-05-09 18:10    720,896    ----a-w    C:\Windows\iun6002.exe
2008-05-09 17:57    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-05-09 17:57    ---------    d-----w    C:\Program Files\VIA
2008-05-09 17:56    ---------    d-----w    C:\Program Files\Common Files\InstallShield
2008-05-09 17:52    ---------    d-----w    C:\Program Files\S3
2008-05-09 17:46    ---------    d-sh--w    C:\ProgramData\Skrivebord
2008-05-09 17:46    ---------    d-sh--w    C:\ProgramData\Skabeloner
2008-05-09 17:46    ---------    d-sh--w    C:\ProgramData\Menuen Start
2008-05-09 17:46    ---------    d-sh--w    C:\ProgramData\Favoritter
2008-05-09 17:46    ---------    d-sh--w    C:\ProgramData\Dokumenter
2008-05-09 17:46    ---------    d-sh--w    C:\Program Files\Fælles filer
2008-05-07 13:16    842,752    ----a-w    C:\Windows\system32\drivers\VTGKModeDX32.sys
2008-04-29 09:20    15,648    ----a-w    C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 09:19    15,648    ----a-w    C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 09:19    12,960    ----a-w    C:\Windows\system32\drivers\Awrtpd.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-29 00:03    116088    --a------    C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe" [2008-05-07 15:16 176128 C:\Windows\System32\s3trayp.exe]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-01-02 11:28 471040]
"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-05-28 19:16 258134]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3477917579-3733262497-2432044116-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{583F00A1-E42A-48B0-AB6E-BC59BEC110CF}C:\\program files\\look@lan\\lookatlan.exe"= UDP:C:\program files\look@lan\lookatlan.exe:Look@LAN
"UDP Query User{0767B967-DB1C-46C0-A14D-ADACDE238D75}C:\\program files\\look@lan\\lookatlan.exe"= TCP:C:\program files\look@lan\lookatlan.exe:Look@LAN
"{5DC21674-6F9F-4C13-895C-A6AB9F74D71A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E00138A7-1B33-4325-87FF-92492B4B17B4}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{F56B65A4-CC59-411D-8A9D-3C2D8558542E}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"TCP Query User{7B1F6358-AB85-462B-8367-6882F00E6569}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{6B7B3D42-DDEE-4B22-82B7-8198A6E2CC9D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{E1F9EE8C-9A59-4FE5-880C-596649A6677C}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{08DCAFA4-BF6D-4A26-B51A-E57414DE88CF}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080611.002\IDSvix86.sys [2008-03-20 22:37]
R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-05-28 19:16]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2008-05-07 15:16]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 14:50]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc

.
Contents of the 'Scheduled Tasks' folder
"2008-05-28 21:52:21 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - Reno.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 11:31:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\BsLangInDepRes.dll
-> ?:\Windows\system32\bthprops.cpl
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Windows\System32\conime.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
.
**************************************************************************
.
Completion time: 2008-06-13 11:35:13 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-13 09:34:53

Pre-Run: 16,789,442,560 byte ledig
Post-Run: 15,889,100,800 byte ledig

224    --- E O F ---    2008-06-08 06:15:09

............................................................................

Og, SUPERAntiSpyware Scan Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/13/2008 at 11:11 AM

Application Version : 4.0.1154

Core Rules Database Version : 3481
Trace Rules Database Version: 1472

Scan type      : Complete Scan
Total Scan Time : 00:38:15

Memory items scanned      : 213
Memory threats detected  : 0
Registry items scanned    : 5660
Registry threats detected : 0
File items scanned        : 18122
File threats detected    : 3

Adware.Tracking Cookie
    C:\Users\Reno\AppData\Roaming\Microsoft\Windows\Cookies\reno@adtech[1].txt

Trojan.Vundo-Variant/Small
    C:\WINDOWS\SYSTEM32\OUEVLFTW.DLL
    C:\WINDOWS\SYSTEM32\VRSHSDBE.DLL

..........................................................................

og sidst hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:38, on 13-06-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\s3trayp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O17 - HKLM\System\CS3\Services\Tcpip\..\{3A0F47A3-9412-4B61-B664-6B11CC59F22D}: NameServer = 10.106.8.10
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7374 bytes
...........................................................................

Med venlig hilsen Reno

Afinstaller
* Azereus - Fildelingsprogram
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Slet følgende mapper HELT:
C:\Users\Reno\AppData\Roaming\Azureus
C:\Users\All Users\Azureus
C:\ProgramData\Azureus

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

--------------

Tudsind tak, Azureus er væk nu

Dejligt med en ren computer

Takker for P.