Hijack This

Afinstaller (Hvis de er der?)

* Google Software Updater
* Apple Mobile Device
* iPod-tjeneste (iPod Service)
* Bonjour-tjeneste (Bonjour Service)
* free-downloads.net Toolbar

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Bruger du dette [Autodesk] halløj ?

---------------------------------------

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

---------------------------------------

(Der er mere "fransk vask og strygning" 's oprydning - det bliver bagefter ovenstående...)

Ok jeg går igang om en halv times tid (konen skal lige bruge comp)

Nu har jeg fjernet de ting jeg kan undvære. Jeg fik ikke mulighed for at gemme en log fra malwarebytes, den sluttede med at genstarte computeren!

Her er ny Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:51, on 30-08-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Power DVD Player\PowerDVDPlayer.exe
C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmer\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Programmer\Google\Web Accelerator\googlewebaccclient.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Søren\Skrivebord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: free-downloads.net Toolbar - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Programmer\free-downloads.net\tbfre1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Programmer\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmer\free-downloads.net\tbfre1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Programmer\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmer\free-downloads.net\tbfre1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] //~nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] //~c:\programmer\adobe\photoshop elements 6.0\apdproxy.exe
O4 - HKLM\..\Run: [Cmaudio] //~rundll32 cmicnfg.cpl,cmictrlwnd
O4 - HKLM\..\Run: [NvCplDaemon] //~rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
O4 - HKLM\..\Run: [HP Software Update] //~c:\programmer\hp\hp software update\hpwuschd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] //~c:\programmer\java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] //~rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] //~c:\documents and settings\søren\lokale indstillinger\application data\google\update\googleupdate.exe /c
O4 - HKCU\..\Run: [Power DVD Player] "C:\Programmer\Power DVD Player\PowerDVDPlayer.exe" hmw
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.pashnit.com/product/superbrace.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Programmer\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O22 - SharedTaskScheduler: Fences - {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - C:\Programmer\Stardock\Fences\DesktopDock.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c985c626949da4) (gupdate1c985c626949da4) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmer\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10681 bytes

Åbn MalwareBytes programmet - Fanen Logs - der kan du finde logfilen/teksten - den vil jeg gerne se/læse ...

PS: Bruger du denne [free-downloads.net Toolbar] ting ?

Undskyld den lange ventetid, men jeg har haft problemer med mit netværk. Når jeg åbner logs er der stadig intet at se! free downloads vil jeg meget gerne slippe af med, men kan ikke fjerne den!

Så er der alligevel en log!

Malwarebytes' Anti-Malware 1.40
Database version: 2725
Windows 5.1.2600 Service Pack 3

03-09-2009 15:40:48
mbam-log-2009-09-03 (15-40-43).txt

Skan type: Fuldstændig skanning (C:\|F:\|)
Objekter skannet: 274256
Tid tilbagelagt: 1 hour(s), 23 minute(s), 52 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 3
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 10
Inficerede Filer: 20

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\RegSweep (Rogue.RegSweep) -> No action taken.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programmer\regsweep\(default) (Rogue.RegSweep) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programmer\regsweep\microsoft.vc80.mfc\(default) (Rogue.RegSweep) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programmer\regsweep\microsoft.vc80.crt\(default) (Rogue.RegSweep) -> No action taken.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Documents and Settings\Søren\Application Data\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Registry Backups (Rogue.RegSweep) -> No action taken.
C:\Programmer\Hot Internet offers (Trojan.Downloader) -> No action taken.
C:\Programmer\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Programmer\RegSweep (Rogue.RegSweep) -> No action taken.
C:\Programmer\RegSweep\Microsoft.VC80.CRT (Rogue.RegSweep) -> No action taken.
C:\Programmer\RegSweep\Microsoft.VC80.MFC (Rogue.RegSweep) -> No action taken.

Inficerede Filer:
C:\Documents and Settings\Søren\Application Data\RegistrySmart\Log\2007 Nov 04 - 03_19_41 PM_671.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegistrySmart\Log\2007 Nov 04 - 03_19_45 PM_375.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegistrySmart\Log\2007 Nov 04 - 03_50_08 PM_578.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegistrySmart\Log\2007 Nov 04 - 03_50_11 PM_703.log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_00_10 PM_937.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_00_17 PM_656.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_28_19 PM_828.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_28_26 PM_937.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_32_33 PM_140.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_32_37 PM_656.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_47_51 PM_937.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_47_57 PM_281.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_58_34 PM_484.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_58_39 PM_250.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 05 - 05_12_24 AM_062.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 05 - 05_12_28 AM_437.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\Søren\Application Data\RegSweep\Registry Backups\2007-11-04_17-19-40.reg (Rogue.RegSweep) -> No action taken.
C:\Programmer\RegistrySmart\RegistrySmart.url (Rogue.RegistrySmart) -> No action taken.
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart) -> No action taken.
C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job (Rogue.RegSweep) -> No action taken.

Hvad tror du at -> No action taken i MalwareBytes loggen betyder ?

Du 'glemte' denne vigtige detalje -> ...Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte"
Så det er en OMMER mht Malwarebytes Scanning...

(Foreløbig set er der jo også en hel del...)

Malwarebytes' Anti-Malware 1.40
Database version: 2725
Windows 5.1.2600 Service Pack 3

04-09-2009 11:05:13
mbam-log-2009-09-04 (11-05-13).txt

Skan type: Fuldstændig skanning (C:\|D:\|F:\|G:\|)
Objekter skannet: 423671
Tid tilbagelagt: 3 hour(s), 59 minute(s), 47 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 3
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 10
Inficerede Filer: 20

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CURRENT_USER\SOFTWARE\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programmer\regsweep\(default) (Rogue.RegSweep) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programmer\regsweep\microsoft.vc80.mfc\(default) (Rogue.RegSweep) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programmer\regsweep\microsoft.vc80.crt\(default) (Rogue.RegSweep) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Documents and Settings\Søren\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Registry Backups (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Programmer\Hot Internet offers (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programmer\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Programmer\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Programmer\RegSweep\Microsoft.VC80.CRT (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Programmer\RegSweep\Microsoft.VC80.MFC (Rogue.RegSweep) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Documents and Settings\Søren\Application Data\RegistrySmart\Log\2007 Nov 04 - 03_19_41 PM_671.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegistrySmart\Log\2007 Nov 04 - 03_19_45 PM_375.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegistrySmart\Log\2007 Nov 04 - 03_50_08 PM_578.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegistrySmart\Log\2007 Nov 04 - 03_50_11 PM_703.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_00_10 PM_937.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_00_17 PM_656.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_28_19 PM_828.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_28_26 PM_937.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_32_33 PM_140.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_32_37 PM_656.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_47_51 PM_937.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_47_57 PM_281.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_58_34 PM_484.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 04 - 08_58_39 PM_250.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 05 - 05_12_24 AM_062.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Log\2007 Nov 05 - 05_12_28 AM_437.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Søren\Application Data\RegSweep\Registry Backups\2007-11-04_17-19-40.reg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Programmer\RegistrySmart\RegistrySmart.url (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job (Rogue.RegSweep) -> Quarantined and deleted successfully.

Godt nok...

... sammen med en frisk log fra HiJackThis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:40:45, on 05-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Programmer\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Spyware Terminator\sp_rsser.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Programmer\Power DVD Player\PowerDVDPlayer.exe
C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmer\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Programmer\Stardock\Impulse\Now\ImpulseNow.exe
C:\Programmer\Google\Web Accelerator\googlewebaccclient.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Linksys\Linksys Surveillance Utility\Monitor.exe
C:\Programmer\Linksys\Linksys Surveillance Utility\Recorder.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Søren\Skrivebord\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: free-downloads.net Toolbar - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Programmer\free-downloads.net\tbfre1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Programmer\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmer\free-downloads.net\tbfre1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Programmer\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmer\free-downloads.net\tbfre1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] //~nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Photo Downloader] //~c:\programmer\adobe\photoshop elements 6.0\apdproxy.exe
O4 - HKLM\..\Run: [Cmaudio] //~rundll32 cmicnfg.cpl,cmictrlwnd
O4 - HKLM\..\Run: [NvCplDaemon] //~rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
O4 - HKLM\..\Run: [HP Software Update] //~c:\programmer\hp\hp software update\hpwuschd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] //~c:\programmer\java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] //~rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recorder.exe] [INSTALLDIR]Recorder.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] //~c:\documents and settings\søren\lokale indstillinger\application data\google\update\googleupdate.exe /c
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Programmer\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Power DVD Player] "C:\Programmer\Power DVD Player\PowerDVDPlayer.exe" hmw
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.pashnit.com/product/superbrace.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ImpulseNow.lnk = C:\Programmer\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Programmer\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Programmer\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Programmer\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Programmer\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c985c626949da4) (gupdate1c985c626949da4) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmer\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmer\Spyware Terminator\sp_rsser.exe

--
End of file - 12374 bytes

Mest 'oprydning' ->

Afinstaller (Hvis de er der?)

* Google Software Updater
* Apple Mobile Device
* iPod-tjeneste (iPod Service)
* Bonjour-tjeneste (Bonjour Service)

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341

R3 - URLSearchHook: free-downloads.net Toolbar - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Programmer\free-downloads.net\tbfre1.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Programmer\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmer\free-downloads.net\tbfre1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Programmer\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programmer\free-downloads.net\tbfre1.dll

O4 - HKLM\..\Run: [Adobe Photo Downloader] //~c:\programmer\adobe\photoshop elements 6.0\apdproxy.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recorder.exe] [INSTALLDIR]Recorder.exe
O4 - HKCU\..\Run: [Google Update] //~c:\documents and settings\søren\lokale indstillinger\application data\google\update\googleupdate.exe /c
O4 - HKCU\..\Run: [Power DVD Player] "C:\Programmer\Power DVD Player\PowerDVDPlayer.exe" hmw

O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Programmer\Google\Web Accelerator\GoogleWebAccWarden.exe

Genstart normalt...

------------------------------------------------------------------------

Ta' en oprydning med førnævnte CCleaner...

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

Jeg tror sgu den er i orden! Hvordan giver jeg point? (Jeg har lige opdaget at jeg selv har taget point i en anden tråd)

Man skal ikke 'tro' man skal 'vide' *S*

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...

--------------

http://www.eksperten.dk/faq#faq-5