hijack this

Lånt fra Karise Larry

http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Mht.: Vista - HøjreMusseTast - "Kør som Administrator..."

Har ikke selv erfaring med hijackthis

ok tak for det kan du så finde ud af hvad jeg skal gøre med det eller er der nogle andre der kan det ???


her er min log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:08, on 23-08-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\the fox\Skrivebord\Ny mappe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foozir.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmer\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmer\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programmer\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programmer\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Configuring] rundll32.exe C:\WINDOWS\TEMP\558546.txt,M
O4 - HKUS\S-1-5-18\..\Run: [Configuring] rundll32.exe C:\WINDOWS\TEMP\558546.txt,M (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Configuring] rundll32.exe C:\WINDOWS\TEMP\558546.txt,M (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send via Meddelelse(&M)... - C:\Programmer\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: Sendt af Bluetooth - C:\Programmer\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmer\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Indstillinger til Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmer\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB9FC2D1-4BAC-4FBA-922C-F2FE94687B98}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Programmer\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Programmer\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8907 bytes

Jeg håber der er nogle andre der kigger med her, da jeg ikke har erfaring med Hijackthis.
Kigger dog lige med her.

ok så håber jeg også :D men tak for linket

Synes ikke umiddelbart der falder noget i øjnene, men det lader vi dem der er vant til at se disse logs at vurdere.
Hvilke problemer oplever du?
Har du forsøgt at scanne med Malwarebytes?

jeg har prøvet så mange scannings programmer som jeg kunne komme i tanke om men intet virker

men problemet er at når jeg starter min bærbar starter der også noget er hedder configrer eller noget i den stil og der køre en proces der hedder rundll32 som navn og den plejer ikke at være der

Prøv at gå i enhedshåndtering, og se om du har gule anmærkninger her. Rundll 32 er normalt en Windows værts process.
Hvad er det der skal konfigureres?
Har du forsøgt at kontrollere om disken har fejl?

det er når jeg bruger advanced windows care for at se de programmer der starter op er der en der hedder configere

og det vil jeg lige kigge på men hvordan ser man om disken har fejl ??

http://pctricks.dk/chkdsk-pa-vista-215.html
Denne guide er til Vista men fungerer på samme måde i Xp som du kører. Comuter i Vista er det samme som "denne computer" i din.
Kontrollen udføres kun efter en genstart af maskinen, da det er systemfiler den skal kontrollere. Og det kan den ikke medens Windows kører.

Lukker af for nu. Kommer på igen i morgen ved 16 tiden.

ok tak for nu så :D

Jeg synes da

ser "sjov" ud.

http://www.winvistatips.com/showlomcontrol-process-p11565.php
Er det mon den?

http://advanced-windowscare.software.informer.com/
Kan køre real time. Er det sat til det?

Godmorgen...

Velkommen til E. ...

Under alle omstændigheder så mangler en del
* WIndowsUpdate
* IE8 (+efterfølgende mange opdateringer)

Du har tilsyneladende 'leget' med BitComet på et tidspunkt ?

Der er også nogle andre 'mistænkelige' elementer (samt en del 'oprydning'; det senere)

---

Gennemfør denne 'pakke' ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

så har jeg gjort det hele og her er resultatet

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4469

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

24-08-2010 14:28:44
mbam-log-2010-08-24 (14-28-44).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|G:\|)
Objekter skannet: 286160
Tid gået: 2 time(e), 10 minut(ter), 2 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 48
Registreringsdatabaseværdier Inficeret: 4
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 3
Inficerede Filer: 67

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-100005000004} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178f3fb-2560-458f-bdee-631e2fe0dfe4} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{150ea8e7-a97c-4816-ad02-4865eef8c5ff} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49cf52d7-8d58-4e22-a874-aad721f5b523} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1daefcb9-06c8-47c6-8f20-3fb54b244daa} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{849b9523-785f-4014-9caf-079fb4a74c61} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7672baf-e9a3-49b6-86b2-c81719a18a4c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\adtools, inc. (Adware.AdTools) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslAgent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\xprepairpro2006 (Rogue.XPRepairPro2007) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\xprepairpro2007 (Rogue.XPRepairPro2007) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\systemcheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
C:\Programmer\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\GIR0NF9S\0[1].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Programmer\Ubisoft\Related Designs\ANNO 1404\Anno1404_Crack.exe (Trojan.Bancos) -> Quarantined and deleted successfully.
C:\Programmer\Digital Protection\dig.db (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Programmer\Digital Protection\splash.mp3 (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Programmer\Digital Protection\virus.mp3 (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Foretrukne\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\a.txt (Worm.Traces) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winSystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winSystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.


her er hijackthis resultatet

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:46, on 24-08-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmer\Packard Bell\Packard Bell Software

Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\the fox\Skrivebord\Ny mappe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.foozir.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.foozir.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

= Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Programmer\Fælles

filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} -

C:\Programmer\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-

5B79BFDFEA60} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53

-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-

8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-

F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-

794CA7E3FB53} - C:\Programmer\Google\Google Gears\Internet

Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-

EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -

C:\Programmer\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-

E176D497299E} - C:\Programmer\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6

\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Configuring] rundll32.exe

C:\WINDOWS\TEMP\534375.txt,M
O4 - HKUS\S-1-5-18\..\Run: [Configuring] rundll32.exe

C:\WINDOWS\TEMP\534375.txt,M (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Configuring] rundll32.exe

C:\WINDOWS\TEMP\534375.txt,M (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet -

res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet -

res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet -

res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send via Meddelelse(&M)... -

C:\Programmer\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: Sendt af Bluetooth - C:\Programmer\IVT

Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-

B25EAC5965F5} - C:\Programmer\Google\Google Gears\Internet

Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Indstillinger til Gears - {09C04DA7-5B76-

4EBC-BBEE-B25EAC5965F5} - C:\Programmer\Google\Google Gears\Internet

Explorer\0.5.36.0\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-

661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-

C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB}

- (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-

479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-

057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-

82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7}

(CPlayFirstChocolatierControl Object) -

http://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.

cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl

Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction

Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB9FC2D1-4BAC-4FBA-922C-

F2FE94687B98}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Programmer\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-

07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32

\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. -

C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Programmer\IVT

Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Programmer\IVT

Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Programmer\IVT

Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. -

C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32

\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE)

- UASSOFT.COM - C:\Programmer\Trust\Trust R-Series

Mouse\KMWDSrv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner -

C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. -

C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell

Services - C:\Programmer\Packard Bell\Packard Bell Software

Suite\PowerSave\HDPBSSS.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner -

C:\Programmer\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner -

C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8702 bytes

Hold da helt 'fest' !
MalwareBytes fik en del at se til der ?

---

Du gennemfører lige 100% WindowsUpdate; incl IE8 + efterfølgende opdateringer...

Derefter en frisk log fra HiJackThis; DU skal IKKE selv sætte extra linieskift i teksten!!!

---

Der er lidt efterfølgende oprydning at se til...

ok med fare for at lyde utrolig dum men hvordan laver man det ??

Der er en 'knap' et sted i din [Start] menu som hedder [WindowsUpdate] !!!

http://www.it-service.sdu.dk/esbjerg/update/pics/1.jpg
derefter
http://images.fyens.dk/21/183121_320_700_0_0_0_0.jpg

Vælg [Brugerdefineret]
(Vente vente vente...)

Makér alle - Instalér...
(Vente vente vente...) - følg evt. guide...

Genstart

Start den (sansynligvis) nye IE8 og følg den første guide...

ja den fandt jeg godt men når jeg starter (windows update) åbner den i IE og så kommer der bare det her

http://i653.photobucket.com/albums/uu255/niclas64/IE.jpg

... det skal selvfølgelige være med [Internet Explorer] og ikke [Firefox] !!!

Knappen [WindowsUpdate] kan du også finde i IE's menu et sted ...

---

Så er der jo straks nogle der vil sige/skrive at "Jeg bruger kun Firefox, så behøver jeg ikke at tænke over IE, som jeg jp aldrig bruger!!" - MEN banditterne ude i (internet)verden bruger netop IKKE opdaterede IE's til at 'angribe' dig/din PC... Er oplevet mange gange...

ok men jeg kan slet ikke åbne IE men nu prøver jeg lige at hente IE8 med firefox og ser om jeg så kan åbne det

...kan slet ikke åbne IE ... ???

IE8 manuelt -> http://www.microsoft.com/downloads/details.aspx?displaylang=da&FamilyID=341c2ad5-8c3d-4347-8c03-08cdecd8852b

nej når jeg prøver at åbne det normalt kommer der her bare frem

http://i653.photobucket.com/albums/uu255/niclas64/IE2.jpg

og jeg er igang med at hente det

...kan slet ikke åbne IE ... ??? - vi snakker altså om
http://users.skynet.be/fb348003/Images/informatique/IE.JPG knappen !?!

jep men nu kan jeg godt efter jeg hentede 8'eren :)
så nu prøver jeg lige (windows update)

der var ikke nogle opdateringer på nuværende tidspunkt skulle jeg så lave en ny hijackthis ???

det er den nye hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:41, on 24-08-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\Programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\the fox\Skrivebord\Ny mappe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmer\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmer\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programmer\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programmer\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Configuring] rundll32.exe C:\WINDOWS\TEMP\501000.txt,M
O4 - HKUS\S-1-5-18\..\Run: [Configuring] rundll32.exe C:\WINDOWS\TEMP\501000.txt,M (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Configuring] rundll32.exe C:\WINDOWS\TEMP\501000.txt,M (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send via Meddelelse(&M)... - C:\Programmer\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: Sendt af Bluetooth - C:\Programmer\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmer\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Indstillinger til Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmer\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://games.bigfishgames.com/en_chocolatier/online/ChocolatierWeb.1.0.0.13.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB9FC2D1-4BAC-4FBA-922C-F2FE94687B98}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programmer\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmer\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Programmer\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Programmer\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9032 bytes

Se - det var jo lidt bedre - der er lidt mere 'snavs' / oprydning ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O4 - HKCU\..\Run: [Configuring] rundll32.exe C:\WINDOWS\TEMP\501000.txt,M
O4 - HKUS\S-1-5-18\..\Run: [Configuring] rundll32.exe C:\WINDOWS\TEMP\501000.txt,M (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Configuring] rundll32.exe C:\WINDOWS\TEMP\501000.txt,M (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

Genstart normalt...

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?

juhuu tak nu køre den bedre tak for hjælpen og det der meget irriterende "rundll32" forsvandt :D super mange tak

Sidste oprydning' ->

Klik på Start->Kør skriv Services.msc

Find Tjenesten (Hvis den er der)

* Desktop (Service_Desktop)

stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

Genstart normalt...

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmer\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programmer\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programmer\HyperCam Toolbar\tbcore3.dll

O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Programmer\Free-Soft\Virtual Desktop\Desktop.exe (file missing)

Genstart normalt...

------------------------------------------------------------------------

Ta' en oprydning med CCleaner...

Opret nyt SYSTEMGENDANNELSESPUNKT

CCleaner - værktøjer - systemgendannelse - Fjern alle

Defragmentering...

---


NB: DU skal ikke selv lægge [svar]; er 'reserveret' til (til løsninger og pointgivning) ...

JEG har hermed lagt et [svar]...

http://www.eksperten.dk/faq#faq-3-4

ok så har jeg gjordt det hele mange tak der var lige nogle af dem du sagde jeg skulle fjerne som ikke var der men det betyder vel ikke noget det er dem her jeg taler om :

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Programmer\Free-Soft\Virtual Desktop\Desktop.exe (file missing)

ok jeg er ny herinde men det skal jeg nok huske :D og jeg acceptere bare dit svar nu så mange tak for hjælpen :D

(Du er velkommen en anden gang...)

mange tak :D