virum i msn

Tror du ikke det er den "almindelige" med at der bliver send links fra din konto? Det er ikke virus i MSN, for den sender selv om man er offline. Men det er altid en god idé at lade eksperter kigge på din log alligevel.

ComboFix 08-12-09.02 - gitte 2008-12-10 13:26:16.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.996 [GMT 1:00]
Kører fra: c:\documents and settings\gitte\Skrivebord\Renseprogrammer\ComboFix.exe
* Dannede nyt systemgendannelsespunkt

[COLOR=RED][B]advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lodbc09.dll
c:\windows\winhelp.ini

.
(((((((((((((((((((((((((((((  Filer skabt fra 2008-11-10 til 2008-12-10  )))))))))))))))))))))))))))))))))))
.

2008-12-10 12:56 . 2008-12-10 12:56    <DIR>    d--------    c:\programmer\SUPERAntiSpyware
2008-12-10 12:56 . 2008-12-10 12:56    <DIR>    d--------    c:\documents and settings\gitte\Application Data\SUPERAntiSpyware.com
2008-12-10 12:56 . 2008-12-10 12:56    <DIR>    d--------    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-10 12:07 . 2008-12-10 12:07    <DIR>    d--------    c:\programmer\Malwarebytes' Anti-Malware
2008-12-10 12:07 . 2008-12-10 12:07    <DIR>    d--------    c:\documents and settings\gitte\Application Data\Malwarebytes
2008-12-10 12:07 . 2008-12-10 12:07    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 12:07 . 2008-12-03 19:54    38,496    --a------    c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 12:07 . 2008-12-03 19:54    15,504    --a------    c:\windows\system32\drivers\mbam.sys
2008-11-27 10:29 . 2008-12-01 10:32    <DIR>    d--------    C:\cit
2008-11-17 20:38 . 2008-11-17 20:38    123,952    --a------    c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-17 20:38 . 2008-11-17 20:15    91,520    --a------    c:\windows\system32\drivers\SysPlant.sys
2008-11-17 20:38 . 2008-11-17 20:38    60,800    --a------    c:\windows\system32\S32EVNT1.DLL
2008-11-17 20:38 . 2008-11-17 20:38    10,563    --a------    c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-17 20:38 . 2008-11-17 20:38    805    --a------    c:\windows\system32\drivers\SYMEVENT.INF
2008-11-17 20:27 . 2008-11-17 20:29    <DIR>    d--------    c:\windows\SxsCaPendDel
2008-11-13 14:58 . 2008-11-24 10:47    0    --a------    c:\documents and settings\gitte\temp.dat
2008-11-11 21:52 . 2008-10-24 12:21    455,296    ---------    c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 21:51 . 2008-09-04 18:17    1,106,944    ---------    c:\windows\system32\dllcache\msxml3.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 12:15    ---------    d-----w    c:\programmer\SPAMfighter
2008-12-10 11:55    ---------    d-----w    c:\programmer\Fælles filer\Wise Installation Wizard
2008-11-24 12:48    ---------    d-----w    c:\programmer\FICS
2008-11-17 19:49    ---------    d-----w    c:\documents and settings\All Users\Application Data\Symantec
2008-11-17 19:41    50,536    ----a-w    c:\windows\system32\drivers\WpsHelper.sys
2008-11-17 19:39    ---------    d-----w    c:\programmer\Fælles filer\Symantec Shared
2008-11-17 19:38    ---------    d-----w    c:\programmer\Symantec
2008-11-14 06:54    ---------    d-----w    c:\programmer\Fælles filer\Adobe
2008-10-27 08:10    89,088    ----a-w    c:\windows\system32\atl71.dll
2008-10-27 08:10    34,288    ----a-w    c:\windows\system32\cba.dll
2008-10-27 07:51    ---------    d-----w    c:\programmer\XLAB ISL Client Light
2008-10-24 11:21    455,296    ----a-w    c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13    202,776    ----a-w    c:\windows\system32\wuweb.dll
2008-10-16 13:13    202,776    ----a-w    c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13    1,809,944    ----a-w    c:\windows\system32\wuaueng.dll
2008-10-16 13:13    1,809,944    ----a-w    c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12    561,688    ----a-w    c:\windows\system32\wuapi.dll
2008-10-16 13:12    561,688    ----a-w    c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12    323,608    ----a-w    c:\windows\system32\wucltui.dll
2008-10-16 13:12    323,608    ----a-w    c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09    92,696    ----a-w    c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09    92,696    ----a-w    c:\windows\system32\cdm.dll
2008-10-16 13:09    51,224    ----a-w    c:\windows\system32\wuauclt.exe
2008-10-16 13:09    51,224    ----a-w    c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09    43,544    ----a-w    c:\windows\system32\wups2.dll
2008-10-16 13:08    34,328    ----a-w    c:\windows\system32\wups.dll
2008-10-16 13:08    34,328    ----a-w    c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06    268,648    ----a-w    c:\windows\system32\mucltui.dll
2008-10-16 13:06    208,744    ----a-w    c:\windows\system32\muweb.dll
2008-10-15 16:37    337,408    ------w    c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:12    6,066,176    ------w    c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43    1,286,152    ----a-w    c:\windows\system32\msxml4.dll
2008-09-15 15:27    1,846,400    ----a-w    c:\windows\system32\win32k.sys
2008-09-15 15:27    1,846,400    ------w    c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14    1,307,648    ------w    c:\windows\system32\msxml6.dll
2008-09-10 01:14    1,307,648    ------w    c:\windows\system32\dllcache\msxml6.dll
2007-11-09 12:30    71,704    ----a-w    c:\documents and settings\gitte\Application Data\GDIPFONTCACHEV1.DAT
2005-11-15 06:30    71,712    ----a-w    c:\documents and settings\birgit\Application Data\GDIPFONTCACHEV1.DAT
2005-10-18 09:26    913,920    ----a-w    c:\documents and settings\birgit\348_gotomypc.exe
2008-08-05 08:11    32,768    --sha-w    c:\windows\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008080520080806\index.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programmer\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-07-06 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-07-06 11:44    1164600    --a------    c:\programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-07-06 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-25 68856]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"LemmingsRevolutionSetup.exe"="c:\downlo~1\LEMMIN~1.EXE" [2008-10-15 0]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"Smapp"="c:\programmer\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\programmer\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"SunJavaUpdateSched"="c:\programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"SetecCertUtil"="c:\programmer\SetWeb\SetWeb.exe" [2004-06-17 704512]
"SweetIM"="c:\programmer\SweetIM\Messenger\SweetIM.exe" [2008-07-06 111928]
"SPAMfighter Agent"="c:\programmer\SPAMfighter\SFAgent.exe" [2008-07-29 321672]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ccApp"="c:\programmer\Fælles filer\Symantec Shared\ccApp.exe" [2008-11-17 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - c:\programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-13 113664]
Windows-pc-s›gning.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Canon\\Color Network ScanGear\\SgTool.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;\??\c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\programmer\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 51440]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\programmer\SPAMfighter\sfus.exe [2008-07-29 184968]
R3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2006-08-23 52026]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\programmer\Fælles filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-17 99376]
R3 SASENUM;SASENUM;\??\c:\programmer\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-11-17 23888]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [1998-06-10 95744]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - TOMME GENVEJE FJERNET - - - -

SafeBoot-Symantec Antvirus


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {AA56B454-EC6E-4887-9A70-D9FA209FC191} = 192.168.10.10

c:\windows\KingComIE.dll - O16 -: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1}
hxxp://sat1.king.de/ctl/kingcomie.cab
c:\windows\Downloaded Program Files\KingComIE.inf

c:\windows\system32\Tabctl32.ocx - c:\windows\system32\Mscomctl.ocx
c:\windows\system32\Msmask32.ocx
c:\windows\system32\MSVBVM60.DLL
c:\windows\system32\Oleaut32.dll
c:\windows\system32\OLEPRO32.DLL
c:\windows\system32\ASYCFILT.DLL
c:\windows\system32\STDOLE2.TLB
c:\windows\system32\COMCAT.DLL
c:\windows\Downloaded Program Files\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.1\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.2\dataloen.ocx
c:\programmer\Toolpack-finance\system\MSCOMCTL.OCX
c:\windows\Downloaded Program Files\CONFLICT.3\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.4\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.5\dataloen.ocx
c:\windows\Downloaded Program Files\CONFLICT.6\dataloen.ocx
O16 -: {C07E5288-22FB-11D7-962E-0004AC77C761}
hxxp://activex.dataloen.dk/controls/Dataloen3332.CAB
c:\windows\Downloaded Program Files\CONFLICT.6\dataloen.INF

O16 -: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 13:29:50
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll
og denne logfil
:
c:\windows\system32\WININET.dll
.
Gennemført tid: 2008-12-10 13:31:22
ComboFix-quarantined-files.txt  2008-12-10 12:31:18

Pre-Kørsel: 62.984.679.424 byte ledig
Post-Kørsel: 63,109,230,592 byte ledig

207    --- E O F ---    2008-11-12 17:04:03

hvis det er den "almindelige" hvad gør jeg så

har du prøvet at køre Malwarebytes' Anti-Malware, det er sku effetivt, hent det her:

http://www.spywarefri.dk/downloads1/mbam-setup.exe

Man kan ikke gøre noget ved det, tror jeg. Jeg får links fra 2-3 konti, også selv om de er offline.

Hent Malwarebytes' Anti-Malware som tiger_dk skriver husk at opdatere den
foretag fuld system skanning og send loggen herind sammen med en ny hjt log.

Hent den her:
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Bemærk Hijackthis skal gemmes på computeren og ikke køres fra nettet

... eller skift dit live password...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

Flot karise - ekko - larry ;)

Hej Tiger.dk
nu har jeg en logfil klar til gennemsyn

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:06, on 12-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\win32app\nsr\bin\nsrd.exe
C:\win32app\nsr\bin\nsrexecd.exe
C:\Programmer\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\win32app\nsr\bin\portmap.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
C:\win32app\nsr\bin\nsrmmdbd.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\win32app\nsr\bin\nsrindexd.exe
C:\win32app\nsr\bin\nsrmmd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\HPQ\IAM\bin\asghost.exe
C:\Programmer\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmer\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\win32app\nsr\bin\savegrp.exe
C:\win32app\nsr\bin\nsrexec.exe
C:\win32app\nsr\bin\save.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\win32app\nsr\bin\nsrmmd.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\gitte\Skrivebord\rensning\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmer\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmer\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmer\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-21-1214223685-2315652286-578277483-1165\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmer\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www4.king.com/ctl/kingcomie.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse.com/realarcade-webgames/zuma/popcaploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = klintholm.local
O17 - HKLM\Software\..\Telephony: DomainName = klintholm.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B5F9137-1B4A-4008-8132-C1AEA2CC743D}: NameServer = 192.168.10.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = klintholm.local
O20 - Winlogon Notify: OneCard - C:\Programmer\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NetWorker Backup and Recover Server (nsrd) - Unknown owner - C:\win32app\nsr\bin\nsrd (file missing)
O23 - Service: NetWorker Remote Exec Service (nsrexecd) - Unknown owner - C:\win32app\nsr\bin\nsrexecd (file missing)
O23 - Service: OracleAgent80 - oracle - C:\orant\agentbin\DBSNMP.EXE
O23 - Service: OracleDataGatherer - Unknown owner - C:\orant\bin\vppdc.exe
O23 - Service: OracleExtprocAgent - Unknown owner - C:\orant\BIN\EXTPROCT.EXE
O23 - Service: OracleNamesService80 - Unknown owner - C:\orant\BIN\NAMES80.EXE
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\orant\bin\oracle80.exe
O23 - Service: OracleStartORCL - Oracle Corporation - (no file)
O23 - Service: OracleTNSListener80 - Unknown owner - C:\orant\BIN\TNSLSNR80.EXE
O23 - Service: OracleWebAssistant - Oracle Corporation - C:\orant\bin\OWASTsvr.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programmer\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Storage Management Portmapper (portmap) - Unknown owner - C:\win32app\nsr\bin\portmap (file missing)

--
End of file - 13127 bytes
Håber du kan hjælpe mig

Malwarebytes' Anti-Malware loggen?

HiJack tror jeg det hed

Citat: Hent Malwarebytes' Anti-Malware som tiger_dk skriver husk at opdatere den
foretag fuld system skanning og send loggen herind sammen med en ny hjt log.

Hent den her:
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Bemærk Hijackthis skal gemmes på computeren og ikke køres fra nettet

så er en her
Malwarebytes' Anti-Malware 1.31
Database version: 1492
Windows 5.1.2600 Service Pack 3

12-12-2008 16:59:57
mbam-log-2008-12-12 (16-59-57).txt

Skan type: Fuldstændig skanning (C:\|E:\|)
Objekter skannet: 138080
Tid tilbagelagt: 53 minute(s), 22 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 10
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

og så den anden
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:07, on 12-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\win32app\nsr\bin\nsrd.exe
C:\win32app\nsr\bin\nsrexecd.exe
C:\Programmer\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\win32app\nsr\bin\portmap.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
C:\win32app\nsr\bin\nsrmmdbd.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\win32app\nsr\bin\nsrindexd.exe
C:\win32app\nsr\bin\nsrmmd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\HPQ\IAM\bin\asghost.exe
C:\Programmer\ProtectTools\Embedded Security Software\PSDrt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe
C:\Programmer\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmer\SweetIM\Messenger\SweetIM.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\gitte\Skrivebord\rensning\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmer\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programmer\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programmer\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Programmer\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Programmer\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www4.king.com/ctl/kingcomie.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = klintholm.local
O17 - HKLM\Software\..\Telephony: DomainName = klintholm.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B5F9137-1B4A-4008-8132-C1AEA2CC743D}: NameServer = 192.168.10.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = klintholm.local
O20 - Winlogon Notify: OneCard - C:\Programmer\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NetWorker Backup and Recover Server (nsrd) - Unknown owner - C:\win32app\nsr\bin\nsrd (file missing)
O23 - Service: NetWorker Remote Exec Service (nsrexecd) - Unknown owner - C:\win32app\nsr\bin\nsrexecd (file missing)
O23 - Service: OracleAgent80 - oracle - C:\orant\agentbin\DBSNMP.EXE
O23 - Service: OracleDataGatherer - Unknown owner - C:\orant\bin\vppdc.exe
O23 - Service: OracleExtprocAgent - Unknown owner - C:\orant\BIN\EXTPROCT.EXE
O23 - Service: OracleNamesService80 - Unknown owner - C:\orant\BIN\NAMES80.EXE
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\orant\bin\oracle80.exe
O23 - Service: OracleStartORCL - Oracle Corporation - (no file)
O23 - Service: OracleTNSListener80 - Unknown owner - C:\orant\BIN\TNSLSNR80.EXE
O23 - Service: OracleWebAssistant - Oracle Corporation - C:\orant\bin\OWASTsvr.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programmer\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Storage Management Portmapper (portmap) - Unknown owner - C:\win32app\nsr\bin\portmap (file missing)

--
End of file - 12516 bytes

Start hijackthis, klik på 'do a system scan only' og marker følgende linier

O23 - Service: NetWorker Backup and Recover Server (nsrd) - Unknown owner - C:\win32app\nsr\bin\nsrd (file missing)
O23 - Service: NetWorker Remote Exec Service (nsrexecd) - Unknown owner - C:\win32app\nsr\bin\nsrexecd (file missing)
O23 - Service: Storage Management Portmapper (portmap) - Unknown owner - C:\win32app\nsr\bin\portmap (file missing)

Luk alle andre vinduer og klik 'fix checked'

hvad ser der når jeg gør det??

Du fjernder det fra Pc´en for det skal ikke være der.