HijackThis-log - Er der en, som vil hjælpe?

Du ka' hjælpe dig selv ved at først pænt følge op på dine tidl. spm. -> http://www.eksperten.dk/list.phtml?sort=&order=DESC&status_1=on&status_2=on&spm_creator=grafik-anders&spm_part=&spm_answer=&find=&engine=exp (20)

http://expfaq.dk/behandling_af_svar#behandling_af_svar

... og joooo - der ER snavs i dit system...

Gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
PS: Brug stadig denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Måske skulle jeg lige uddybe lidt,,,

Jeg har været så ufattelig dum at aktivere en exe-fil, som jeg ikke kendte. ØV, ØV, ØV!

Nu kommer der hele tiden nogle vildt irriterende reklamer, som popper op i et nyt vindue i IE. De er underligt nok på dansk??????

Jeg har forsøgt at fjerne virusen ved at bruge nogle Super-Anti-spyware og Avast, men det har kun resulteret i at jeg nu får nogle fejlmeddelelser omkring filerne Hvargoon.dll og Cttdguol.dll.

Please help me!!

[02/07-2008 21:39:28] + [02/07-2008 21:40:36] ...

(Jeg 'kender' dem godt men ovenstående først *S* !!!)

Ja, - jeg har i mange år brugt eksperten rigtigt meget og jeg må derfor erkende, at der har ophobet sig nogle spørgsmål, som aldrig er blevet ordentligt afsluttet. Det beklager jeg meget, men det har mange gange bundet i 3 ting.
1) Jeg har kun fået kommentarer, men ingen svar.
2) Jeg har nogle gange slet ikke fået kommentarer eller svar.
3) Nogle af mine projekter har ligget stille meget længe (jeg håber ikke for evigt).

Jeg har på din opfordring prøvet at gennemgå listen og følge op på spørgsmålene. Jeg afventer besvarelser på mange af dem.

Jeg er i gang med at køre SuperAntiSpy nu (igen – efter en update af virus-difs), men mangler jo så at køre den i sikkerhedstilstand og meget, meget mere.

Tak fordi du vil hjælpe

Hej igen
Først reporten fra SuperAntiSpy. Jeg kom til at fucke lidt op i det, da jeg kørte denførste gang. Derfor kørte jeg den igen. Måske derfor er rapporten er lidt kort?:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/03/2008 at 00:04 AM

Application Version : 4.15.1000

Core Rules Database Version : 3495
Trace Rules Database Version: 1486

Scan type      : Complete Scan
Total Scan Time : 00:47:25

Memory items scanned      : 173
Memory threats detected  : 0
Registry items scanned    : 4943
Registry threats detected : 9
File items scanned        : 19817
File threats detected    : 10

Trojan.Unknown Origin
    HKLM\SOFTWARE\Microsoft\MSSMGR
    HKLM\SOFTWARE\Microsoft\MSSMGR#Data
    HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST

Adware.Tracking Cookie
    C:\Documents and Settings\Adgang\Cookies\adgang@doubleclick[2].txt
    C:\Documents and Settings\Adgang\Cookies\adgang@statcounter[1].txt
    C:\Documents and Settings\Adgang\Cookies\adgang@pacificpoker[1].txt
    C:\Documents and Settings\Adgang\Cookies\adgang@servedby.onlinemediadiva[2].txt
    C:\Documents and Settings\Adgang\Cookies\adgang@doubleclick[1].txt
    C:\Documents and Settings\Adgang\Cookies\adgang@track.adform[2].txt
    C:\Documents and Settings\Adgang\Cookies\adgang@track.adform[3].txt
    C:\Documents and Settings\Adgang\Cookies\adgang@tradedoubler[2].txt


Her er den seneste log fra HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:30:43, on 03-07-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Dell\Bluetooth Software\BTTray.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.BIN
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Adgang\Skrivebord\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: {35b856fe-52c7-bc48-2274-4f473c4d9aeb} - {bea9d4c3-74f4-4722-84cb-7c25ef658b53} - C:\WINDOWS\system32\yrwsay.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [4cdf9232] rundll32.exe "C:\WINDOWS\system32\cttdguol.dll",b
O4 - HKLM\..\Run: [BM4feca1ae] Rundll32.exe "C:\WINDOWS\system32\hvargoon.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmer\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1214683815690
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214682182246
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214682663589
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1214695901526&h=5f9b1df7dc52f068094c18a0b6962aa2/&filename=jinstall-6u6-windows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winlnu32 - C:\WINDOWS\SYSTEM32\winlnu32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Programmer\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 8535 bytes

Til sidst den super lange rapport fra ComboFix:
ComboFix 08-07-01.5 - Adgang 2008-07-03  8:35:27.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1030.18.471 [GMT 2:00]
Running from: C:\Documents and Settings\Adgang\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\eaqninia.dll
C:\WINDOWS\system32\fiRXHkkj.ini
C:\WINDOWS\system32\fiRXHkkj.ini2
C:\WINDOWS\system32\lougdttc.ini
C:\WINDOWS\system32\rvuudbvt.ini
C:\WINDOWS\system32\yrwsay.dll

.
(((((((((((((((((((((((((  Files Created from 2008-06-03 to 2008-07-03  )))))))))))))))))))))))))))))))
.

2008-07-02 22:17 . 2008-07-02 22:17    <DIR>    d--------    C:\Programmer\CCleaner
2008-07-02 21:21 . 2008-07-02 21:21    <DIR>    d--------    C:\Programmer\Trend Micro
2008-07-02 20:28 . 2008-07-02 20:28    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 20:27 . 2008-07-02 22:28    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-07-02 20:27 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-02 20:27 . 2008-07-02 20:27    <DIR>    d--------    C:\Documents and Settings\Adgang\Application Data\SUPERAntiSpyware.com
2008-07-02 18:02 .     <DIR>        C:\Programmer\Fælles filer\Symantec Shared
2008-07-02 11:00 . 2008-07-02 18:41    110,457    --a------    C:\WINDOWS\BM4feca1ae.xml
2008-07-01 22:50 . 2008-07-01 22:50    32,256    --a------    C:\WINDOWS\system32\winlnu32.dll
2008-07-01 18:56 . 2008-07-01 19:40    <DIR>    d--------    C:\Documents and Settings\Adgang\Contacts
2008-07-01 17:28 . 2008-07-01 17:38    <DIR>    d--------    C:\Programmer\Windows Live
2008-07-01 17:28 .     <DIR>        C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-07-01 17:27 . 2008-07-01 17:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-30 00:02 . 2008-06-30 00:02    <DIR>    d--------    C:\Programmer\Maxis
2008-06-29 23:27 . 2008-06-29 23:27    <DIR>    d--------    C:\games
2008-06-29 23:26 . 2008-06-30 00:02    739    --a------    C:\WINDOWS\eReg.dat
2008-06-29 23:24 . 2008-06-29 23:27    <DIR>    d--------    C:\Programmer\1503 AD
2008-06-29 23:22 . 2008-06-29 23:22    <DIR>    d--------    C:\Documents and Settings\Adgang\Application Data\Leadertech
2008-06-29 20:14 . 2008-06-29 20:14    <DIR>    d--------    C:\Documents and Settings\Admin\Bluetooth Software
2008-06-29 20:14 . 2008-06-29 20:14    <DIR>    d--------    C:\Documents and Settings\Admin\Application Data\3M
2008-06-29 20:13 . 2008-06-29 20:13    <DIR>    d--h-----    C:\Documents and Settings\Admin\WLANProfiles
2008-06-29 20:13 . 2008-06-28 21:21    <DIR>    d--------    C:\Documents and Settings\Admin\Skrivebord
2008-06-29 20:13 . 2008-06-28 20:33    <DIR>    d--h-----    C:\Documents and Settings\Admin\Skabeloner
2008-06-29 20:13 . 2008-06-28 21:21    <DIR>    d--h-----    C:\Documents and Settings\Admin\Printere
2008-06-29 20:13 . 2008-06-28 21:21    <DIR>    dr-------    C:\Documents and Settings\Admin\Menuen Start
2008-06-29 20:13 . 2008-07-03 08:39    <DIR>    d--h-----    C:\Documents and Settings\Admin\Lokale indstillinger
2008-06-29 20:13 . 2008-06-29 20:13    <DIR>    dr-------    C:\Documents and Settings\Admin\Foretrukne
2008-06-29 20:13 . 2008-06-29 20:37    <DIR>    dr-------    C:\Documents and Settings\Admin\Dokumenter
2008-06-29 20:13 . 2008-06-29 20:13    <DIR>    d--------    C:\Documents and Settings\Admin\Application Data\Sonic
2008-06-29 20:13 . 2008-06-28 21:21    <DIR>    d--h-----    C:\Documents and Settings\Admin\Andre computere
2008-06-29 20:13 . 2008-06-29 20:14    <DIR>    d--------    C:\Documents and Settings\Admin
2008-06-29 19:24 . 2008-06-29 19:33    <DIR>    d--------    C:\Programmer\(GAME) [TRADE ONLY] Age Of Empires 2 (full game)
2008-06-29 19:23 . 2007-07-30 19:19    271,224    --a------    C:\WINDOWS\system32\mucltui.dll
2008-06-29 19:23 . 2007-07-30 19:18    30,072    --a------    C:\WINDOWS\system32\mucltui.dll.mui
2008-06-29 19:14 . 2008-04-13 20:40    43,904    --a------    C:\WINDOWS\system32\drivers\sbp2port.sys
2008-06-29 19:14 . 2008-04-13 20:40    43,904    --a--c---    C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-06-29 17:17 . 2008-06-29 17:17    <DIR>    d--------    C:\Programmer\Mpeg2Decoder
2008-06-29 17:16 . 2008-06-29 17:16    <DIR>    d--------    C:\Andre ting
2008-06-29 17:12 . 2008-06-29 17:12    36,335    --a------    C:\WINDOWS\formZ RR Defaults.380
2008-06-29 17:07 . 2008-06-29 17:12    <DIR>    d--------    C:\Programmer\formZ_RadioZity_3.8.0
2008-06-29 16:54 . 1999-12-17 10:13    86,016    --a------    C:\WINDOWS\unvise32.exe
2008-06-29 16:53 . 2008-06-29 16:53    <DIR>    d--------    C:\Programmer\MAXON
2008-06-29 16:48 . 2008-06-29 16:48    <DIR>    d--------    C:\Programmer\foto-stitcher
2008-06-29 16:48 . 2001-05-03 01:50    289,792    --a------    C:\Programmer\DivFix.exe
2008-06-29 16:38 . 2008-06-29 16:38    <DIR>    d--------    C:\Programmer\polob32
2008-06-29 16:38 . 2008-06-29 16:38    <DIR>    d--------    C:\Polob32
2008-06-29 16:38 . 1999-03-23 11:56    385,024    --a------    C:\WINDOWS\system32\Mp3play.ocx
2008-06-29 16:38 . 1997-10-12 11:33    302,080    --a------    C:\WINDOWS\unin0406.exe
2008-06-29 16:37 . 2008-06-29 16:37    <DIR>    d--------    C:\Documents and Settings\Adgang\WINDOWS
2008-06-29 16:35 . 2008-06-29 16:35    <DIR>    d--------    C:\Programmer\2BrightSparks
2008-06-29 16:10 . 2008-06-29 16:10    512    --a------    C:\drmHeader.bin
2008-06-29 15:14 . 2007-04-09 13:23    28,040    --a------    C:\WINDOWS\system32\mdimon.dll
2008-06-29 15:14 . 2008-06-29 15:14    376    --a------    C:\WINDOWS\ODBC.INI
2008-06-29 15:13 . 2008-06-29 15:13    <DIR>    d--------    C:\Programmer\Microsoft.NET
2008-06-29 15:12 . 2008-06-29 15:13    <DIR>    d--------    C:\WINDOWS\SHELLNEW
2008-06-29 15:09 . 2008-06-29 15:09    <DIR>    dr-h-----    C:\MSOCache
2008-06-29 15:07 . 2008-06-29 15:07    <DIR>    d--------    C:\Programmer\D-Tools
2008-06-29 13:30 . 2008-06-29 13:30    <DIR>    d--------    C:\Programmer\Autodesk
2008-06-29 13:29 . 2008-06-29 13:29    <DIR>    d--------    C:\Programmer\AnswerWorks 4.0
2008-06-29 13:28 .     <DIR>        C:\Programmer\Fælles filer\Autodesk Shared
2008-06-29 13:28 . 2008-06-29 13:29    <DIR>    d--------    C:\Programmer\AutoCAD 2004
2008-06-29 13:28 . 2008-06-29 13:28    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-29 13:28 . 2008-06-29 13:36    <DIR>    d--------    C:\Documents and Settings\Adgang\Application Data\Autodesk
2008-06-29 12:26 . 2008-06-29 12:26    <DIR>    d--------    C:\Programmer\iTunes
2008-06-29 12:26 . 2008-06-29 12:26    <DIR>    d--------    C:\Programmer\iPod
2008-06-29 12:26 . 2008-06-29 12:26    <DIR>    d--------    C:\Documents and Settings\Adgang\Application Data\Apple Computer
2008-06-29 12:25 . 2008-06-29 12:25    <DIR>    d--------    C:\Programmer\QuickTime
2008-06-29 12:25 . 2008-06-29 12:25    <DIR>    d--------    C:\Programmer\Bonjour
2008-06-29 12:25 . 2008-06-29 12:26    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 12:24 . 2008-07-01 17:38    <DIR>    d----c---    C:\WINDOWS\system32\DRVSTORE
2008-06-29 12:24 .     <DIR>        C:\Programmer\Fælles filer\Apple
2008-06-29 12:24 . 2008-06-29 12:24    <DIR>    d--------    C:\Programmer\Apple Software Update
2008-06-29 12:24 . 2008-06-29 12:24    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Apple
2008-06-29 12:14 .     <DIR>        C:\Programmer\Fælles filer\Adobe AIR
2008-06-29 12:14 . 2008-06-29 12:14    <DIR>    d--------    C:\Programmer\Adobe Media Player
2008-06-29 11:48 . 2008-06-29 11:48    <DIR>    d--------    C:\Documents and Settings\Adgang\Application Data\Steinberg
2008-06-29 11:46 . 2008-06-29 11:46    <DIR>    d--------    C:\Programmer\Steinberg
2008-06-29 11:40 . 2008-06-29 11:40    <DIR>    d--------    C:\Program Files
2008-06-29 11:35 .     <DIR>        C:\Programmer\Fælles filer\Macromedia
2008-06-29 11:34 . 2008-07-02 23:01    <DIR>    d--------    C:\Programmer\Macromedia
2008-06-29 11:28 . 2008-06-29 11:28    <DIR>    d--------    C:\Programmer\3M
2008-06-29 11:28 . 2008-06-29 11:28    <DIR>    d--------    C:\Documents and Settings\Adgang\Application Data\3M
2008-06-29 11:10 . 2008-06-29 13:42    <DIR>    d--------    C:\Documents and Settings\Adgang\Application Data\DivX
2008-06-29 11:09 . 2008-06-29 11:09    <DIR>    d--------    C:\Programmer\DivX
2008-06-29 11:09 . 2008-05-23 00:22    129,784    ---------    C:\WINDOWS\system32\pxafs.dll
2008-06-29 11:09 . 2008-05-23 00:22    120,056    ---------    C:\WINDOWS\system32\pxcpyi64.exe
2008-06-29 11:09 . 2008-05-23 00:22    118,520    ---------    C:\WINDOWS\system32\pxinsi64.exe
2008-06-29 11:09 . 2008-05-23 00:22    9,464    ---------    C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-29 11:09 . 2008-05-23 00:22    9,336    ---------    C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-29 10:47 . 2008-06-29 10:47    <DIR>    d--------    C:\Documents and Settings\Adgang\Application Data\AdobeUM
2008-06-29 10:24 . 2008-04-14 18:05    221,184    --a------    C:\WINDOWS\system32\wmpns.dll
2008-06-29 10:21 . 2008-06-29 12:08    <DIR>    d--------    C:\WINDOWS\system32\Adobe
2008-06-29 10:21 . 2001-10-26 23:16    16,384    --a------    C:\WINDOWS\system32\FileOps.exe
2008-06-29 10:19 .     <DIR>        C:\Programmer\Fælles filer\Adobe
2008-06-29 10:09 . 2008-04-13 20:45    26,368    --a--c---    C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-29 10:02 . 2008-07-03 08:44    <DIR>    d--------    C:\Documents and Settings\Adgang\Application Data\OpenOffice.org2
2008-06-29 09:58 . 2008-04-23 09:20    6,066,176    -----c---    C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-29 09:58 . 2007-04-17 11:32    2,455,488    -----c---    C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-29 09:58 . 2007-03-08 07:09    1,015,808    -----c---    C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-29 09:58 . 2008-04-23 09:20    459,264    -----c---    C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-29 09:58 . 2008-04-23 09:20    383,488    -----c---    C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-29 09:58 . 2008-04-23 09:20    267,776    -----c---    C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-29 09:58 . 2008-04-23 09:20    63,488    -----c---    C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-29 09:58 . 2008-04-23 09:20    52,224    -----c---    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-29 09:58 . 2008-04-22 09:39    13,824    -----c---    C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-29 02:14 . 2008-06-29 02:14    <DIR>    d--------    C:\Programmer\Alwil Software
2008-06-29 02:11 . 2008-06-29 02:11    <DIR>    d--------    C:\Programmer\OpenOffice.org 2.4
2008-06-29 01:53 . 2008-06-29 01:53    0    --a------    C:\WINDOWS\nsreg.dat
2008-06-29 01:32 . 2008-06-29 01:32    <DIR>    d--------    C:\WINDOWS\Sun
2008-06-29 01:31 . 2008-06-29 01:31    <DIR>    d--------    C:\Programmer\Java
2008-06-29 01:31 . 2008-06-29 02:47    <DIR>    d--------    C:\Programmer\Google
2008-06-29 01:31 . 2008-03-25 02:37    69,632    --a------    C:\WINDOWS\system32\javacpl.cpl
2008-06-29 01:30 .     <DIR>        C:\Programmer\Fælles filer\Java
2008-06-29 01:13 . 2008-06-14 19:35    272,256    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-29 01:12 . 2008-05-08 16:02    203,136    -----c---    C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-29 01:04 . 2008-06-29 09:59    <DIR>    d--------    C:\WINDOWS\system32\da-dk
2008-06-29 01:04 . 2008-06-29 01:04    <DIR>    d--------    C:\WINDOWS\system32\da
2008-06-29 01:04 . 2008-06-29 01:04    <DIR>    d--------    C:\WINDOWS\l2schemas
2008-06-29 00:49 . 2008-04-14 18:04    13,463,552    --a--c---    C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-29 00:20 . 2008-06-29 00:20    <DIR>    d--------    C:\Documents and Settings\LocalService\Menuen Start
2008-06-29 00:14 . 2008-06-29 00:14    <DIR>    d--------    C:\WINDOWS\ServicePackFiles
2008-06-28 21:46 . 2008-06-29 09:58    <DIR>    d--h-----    C:\WINDOWS\$hf_mig$
2008-06-28 21:46 . 2007-08-10 08:14    26,488    --a------    C:\WINDOWS\system32\spupdsvc.exe
2008-06-28 21:45 . 2008-06-29 01:04    <DIR>    d--------    C:\WINDOWS\system32\bits
2008-06-28 21:43 . 2007-07-30 19:19    549,720    --a------    C:\WINDOWS\system32\wuapi.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 21:05    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-06-29 14:54    224,074    ----a-w    C:\Programmer\setuplog.txt
2008-06-29 08:18    ---------    d-----w    C:\Programmer\Fælles filer\InstallShield
2008-06-28 18:41    ---------    d-----w    C:\Programmer\microsoft frontpage
2008-06-28 18:36    ---------    d-----w    C:\Programmer\Onlinetjenester
2008-06-28 18:35    ---------    d-----w    C:\Programmer\Fælles filer\Tjenester
2008-06-14 17:35    272,256    ------w    C:\WINDOWS\system32\drivers\bthport.sys
2008-05-22 22:22    43,528    ------w    C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-08 14:02    203,136    ----a-w    C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 16:06    32,866    ------w    C:\WINDOWS\slrundll.exe
2008-04-14 16:06    284,672    ----a-w    C:\WINDOWS\winhlp32.exe
2008-04-14 16:06    151,040    ----a-w    C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
2008-04-14 16:06    150,528    ----a-w    C:\WINDOWS\regedit.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:05 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-29 02:01 171448]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-02 22:28 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-30 11:15 335872]
"Apoint"="C:\Programmer\Apoint\Apoint.exe" [2003-08-20 20:24 151552]
"PRONoMgr.exe"="C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 17:32 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04 114741]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"DAEMON Tools-1033"="C:\Programmer\D-Tools\daemon.exe" [2003-10-02 02:20 81920]

C:\Documents and Settings\Adgang\Menuen Start\Programmer\Start\
OpenOffice.org 2.4.lnk - C:\Programmer\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 15:18:42 393216]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - C:\Programmer\Dell\Bluetooth Software\BTTray.exe [2003-07-02 18:57:54 393277]
Post-it© Software Notes Lite.lnk - C:\Programmer\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54 2080768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-07-02 22:28 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 07:03 110592 C:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlnu32]
2008-07-01 22:50 32256 C:\WINDOWS\system32\winlnu32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ      scecli scecli scecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\(GAME) [TRADE ONLY] Age Of Empires 2 (full game)\\empires2.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=

R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 03:16]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 14:37]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 NAL;Nal Service ;C:\WINDOWS\System32\Drivers\iqvw32.sys [2002-11-22 20:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-29 10:24:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-StorageGuard - C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
HKLM-Run-4cdf9232 - C:\WINDOWS\system32\cttdguol.dll
HKLM-Run-BM4feca1ae - C:\WINDOWS\system32\hvargoon.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 08:43:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\winlnu32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Programmer\Apoint\ApntEx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.bin
C:\Programmer\Dell\Bluetooth Software\BTStackServer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-07-03  8:48:44 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-03 06:48:35

Pre-Run: 31,172,866,048 byte ledig
Post-Run: 31,102,021,632 byte ledig

273    --- E O F ---    2008-06-28 23:18:52


Jeg håber, at du kan hjælpe mig?

De bedste hilsner
Anders

Måske kunne jeg også vente i laaaang tid *S*

-----------------------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\system32\cttdguol.dll
C:\WINDOWS\system32\hvargoon.dll
C:\WINDOWS\SYSTEM32\winlnu32.dll

Folders to delete:
~~~~~~~~~~~~~~~~~~

--- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: {35b856fe-52c7-bc48-2274-4f473c4d9aeb} - {bea9d4c3-74f4-4722-84cb-7c25ef658b53} - C:\WINDOWS\system32\yrwsay.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [4cdf9232] rundll32.exe "C:\WINDOWS\system32\cttdguol.dll",b
O4 - HKLM\..\Run: [BM4feca1ae] Rundll32.exe "C:\WINDOWS\system32\hvargoon.dll",s
O20 - Winlogon Notify: winlnu32 - C:\WINDOWS\SYSTEM32\winlnu32.dll

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.


Ta' en tur med CCleaner som du allerede har...

Sådan :)

Først her fra Avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\WINDOWS\system32\cttdguol.dll" not found!
Deletion of file "C:\WINDOWS\system32\cttdguol.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\WINDOWS\system32\hvargoon.dll" not found!
Deletion of file "C:\WINDOWS\system32\hvargoon.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\SYSTEM32\winlnu32.dll" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Derefter Kørte jeg HiJackThis, men der var nogle stykker, som ikke var der mere:
O2 - BHO: {35b856fe-52c7-bc48-2274-4f473c4d9aeb} - {bea9d4c3-74f4-4722-84cb-7c25ef658b53} - C:\WINDOWS\system32\yrwsay.dll
O4 - HKLM\..\Run: [4cdf9232] rundll32.exe "C:\WINDOWS\system32\cttdguol.dll",b
O4 - HKLM\..\Run: [BM4feca1ae] Rundll32.exe "C:\WINDOWS\system32\hvargoon.dll",s
Derimod er der nogle af dem, hvor der står ’no file’ – de skal vel fjernes?
Loggen er som følger:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:15, on 03-07-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Dell\Bluetooth Software\BTTray.exe
C:\Programmer\3M\PSNLite\PsnLite.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.exe
C:\Programmer\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Adgang\Skrivebord\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmer\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programmer\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1214683815690
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214682182246
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214682663589
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1214695901526&h=5f9b1df7dc52f068094c18a0b6962aa2/&filename=jinstall-6u6-windows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Programmer\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe

--
End of file - 7339 bytes

Jeg ved godt, at jeg ikke altid har været hurtig, men jeg tror nu altid, at jeg har svaret, hvis der er nogen, der har rykket for en afslutning på et af mine spørgsmål.

Jeg er virkelig glad for, at du vil hjælpe og jeg skal nok prøve at oppe mig lidt selv.

Nøøøj - det var hurtigt svaret *S*

Sidste 'fix' ->

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Hvordan kører PC'en så nu ?

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.

--------------

Og så vil jeg lige så hurtigt sige tak for hjælpen!!!! :)

FEDT!

Den drøner der ud af nu!

MANGE TAK FOR DET!

Takker for P.