Gennemgang af HijackThis Logfil

Jeg håber virkelig at I kan være mig behjælpelig, så jeg kan undgå at reetablere, med de besværligheder dette også giver.

www.Killdisk.com er nu til enhver tid det bedste til at fjerne snavs *S*

-------------

Joooo - Der er en del 'sjove' elementer i din Log!

Ta' lige en genstart mere og derefter så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Velkommen til Eksperten.dk
Generelt -> http://expfaq.dk/

Karise Larry
Jeg har nu fundet frem til følgende log-filer

ComboFix 08-05-24.1 - emil 2008-05-25 22:15:09.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.951 [GMT 2:00]
Running from: C:\Documents and Settings\emil\Skrivebord\Eksperten\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Programmer\PlayMP3z
C:\Programmer\PlayMP3z\uninstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BM8f29ef09.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\fslulfxx.ini
C:\WINDOWS\system32\hrugwlpb.ini
C:\WINDOWS\system32\igbdajgf.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nkijndno.ini
C:\WINDOWS\system32\nofkvkyl.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rjuqaiqk.ini
C:\WINDOWS\system32\TCdNTBeg.ini
C:\WINDOWS\system32\TCdNTBeg.ini2

.
(((((((((((((((((((((((((  Files Created from 2008-04-25 to 2008-05-25  )))))))))))))))))))))))))))))))
.

2008-05-25 21:01 . 2008-05-25 21:01    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-05-25 21:01 . 2008-05-25 21:01    <DIR>    d--------    C:\Documents and Settings\emil\Application Data\SUPERAntiSpyware.com
2008-05-25 21:01 . 2008-05-25 21:01    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 20:52 . 2008-05-25 20:52    <DIR>    d--------    C:\Programmer\CCleaner
2008-05-25 19:43 . 2008-05-25 19:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 19:41 . 2008-05-25 19:41    <DIR>    d--------    C:\Programmer\LSoft Technologies
2008-05-25 17:19 . 2008-05-25 17:20    <DIR>    d--------    C:\Programmer\Spybot - Search & Destroy
2008-05-25 17:19 . 2008-05-25 17:55    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-23 23:23 . 2008-05-23 23:23    268    --ah-----    C:\sqmdata08.sqm
2008-05-23 23:23 . 2008-05-23 23:23    244    --ah-----    C:\sqmnoopt08.sqm
2008-05-23 07:42 . 2008-05-23 07:42    268    --ah-----    C:\sqmdata07.sqm
2008-05-23 07:42 . 2008-05-23 07:42    244    --ah-----    C:\sqmnoopt07.sqm
2008-05-22 22:11 . 2008-05-22 22:11    268    --ah-----    C:\sqmdata06.sqm
2008-05-22 22:11 . 2008-05-22 22:11    244    --ah-----    C:\sqmnoopt06.sqm
2008-05-22 18:03 . 2008-05-22 18:03    268    --ah-----    C:\sqmdata05.sqm
2008-05-22 18:03 . 2008-05-22 18:03    244    --ah-----    C:\sqmnoopt05.sqm
2008-05-21 22:18 . 2008-05-21 22:18    268    --ah-----    C:\sqmdata04.sqm
2008-05-21 22:18 . 2008-05-21 22:18    244    --ah-----    C:\sqmnoopt04.sqm
2008-05-17 14:03 . 2008-05-17 14:03    0    --ah-----    C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-17 14:03 . 2008-05-17 14:03    0    --ah-----    C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-05-17 13:55 . 2008-05-17 13:55    <DIR>    dr-h-----    C:\Documents and Settings\emil\Application Data\SecuROM
2008-05-17 13:55 . 2008-05-17 13:55    107,888    --a------    C:\WINDOWS\system32\CmdLineExt.dll
2008-05-17 13:48 . 2008-05-17 13:48    <DIR>    d--------    C:\Programmer\Aspyr
2008-05-17 13:33 . 2007-07-19 18:14    3,727,720    --a------    C:\WINDOWS\system32\d3dx9_35.dll
2008-05-17 13:33 . 2007-04-04 18:53    81,768    --a------    C:\WINDOWS\system32\xinput1_3.dll
2008-05-09 17:22 . 2008-05-09 17:22    <DIR>    d--------    C:\Programmer\GameSpy
2008-05-08 21:38 . 2008-05-08 21:38    22,328    --a------    C:\Documents and Settings\emil\Application Data\PnkBstrK.sys
2008-05-08 20:45 . 2008-05-09 16:08    <DIR>    d--------    C:\Documents and Settings\emil\Application Data\IGN_DLM
2008-05-07 16:26 . 2008-05-07 16:26    268    --ah-----    C:\sqmdata03.sqm
2008-05-07 16:26 . 2008-05-07 16:26    244    --ah-----    C:\sqmnoopt03.sqm
2008-05-06 20:11 . 2008-05-06 20:11    268    --ah-----    C:\sqmdata02.sqm
2008-05-06 20:11 . 2008-05-06 20:11    244    --ah-----    C:\sqmnoopt02.sqm
2008-05-06 16:21 . 2005-05-26 15:34    2,297,552    --a------    C:\WINDOWS\system32\d3dx9_26.dll
2008-05-06 15:25 . 2008-05-09 16:18    <DIR>    d--------    C:\Programmer\Electronic Arts
2008-05-06 07:28 . 2008-05-06 07:28    268    --ah-----    C:\sqmdata01.sqm
2008-05-06 07:28 . 2008-05-06 07:28    244    --ah-----    C:\sqmnoopt01.sqm
2008-05-05 19:36 . 2008-05-05 19:36    268    --ah-----    C:\sqmdata00.sqm
2008-05-05 19:36 . 2008-05-05 19:36    244    --ah-----    C:\sqmnoopt00.sqm

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 20:14    ---------    d-----w    C:\Documents and Settings\emil\Application Data\Skype
2008-05-25 19:00    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-05-25 17:48    ---------    d-----w    C:\Documents and Settings\emil\Application Data\skypePM
2008-05-25 14:53    ---------    d-----w    C:\Programmer\BrowsingEnhancer
2008-05-24 20:43    ---------    d-----w    C:\Programmer\Warcraft III
2008-05-06 13:25    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-04-27 19:07    ---------    d-----w    C:\Programmer\World of Warcraft
2008-04-21 15:43    ---------    d-----w    C:\Documents and Settings\emil\Application Data\LimeWire
2008-04-12 21:40    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-04-12 21:37    ---------    d-----w    C:\Programmer\Kiwee Toolbar2
2008-03-25 19:58    ---------    d-----w    C:\Programmer\FBrowsingAdvisor
2008-03-25 19:58    ---------    d-----w    C:\Programmer\FBrowserAdvisor
2008-03-20 08:09    1,845,248    ----a-w    C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58    826,368    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-02-03 12:58    32    ----a-w    C:\Documents and Settings\All Users\Application Data\ezsid.dat
2001-03-28 10:02    122,880    ----a-w    C:\WINDOWS\inf\Agfa\Message.exe
.

------- Sigcheck -------

2004-08-27 14:00  14336  46fe2ed518fdfbfd289f014a3078575c    C:\WINDOWS\system32\svchost.exe
2004-08-27 14:00  14336  46fe2ed518fdfbfd289f014a3078575c    C:\WINDOWS\system32\dllcache\svchost.exe

2005-03-02 20:20  577024  b0c3b7a16fc7779566843e9ee1912649    C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51  578048  5b48d00db4c1d0c3d3af83a984a13020    C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-27 14:00  577024  b9730010e7364f87234d23ce0e05f0c3    C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:18  577024  0c1cdb3d46e1eaadf16269fa7dfaf490    C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:38  577536  4e3d092a2600b8888f1874e7c9a7e0b7    C:\WINDOWS\system32\user32.dll
2007-03-08 17:38  577536  4e3d092a2600b8888f1874e7c9a7e0b7    C:\WINDOWS\system32\dllcache\user32.dll

2004-08-27 14:00  82944  3c83a9029bc93e4cdcf7975decfdae5d    C:\WINDOWS\system32\ws2_32.dll
2004-08-27 14:00  82944  3c83a9029bc93e4cdcf7975decfdae5d    C:\WINDOWS\system32\dllcache\ws2_32.dll

2004-08-27 14:00  502272  713ad65b9ff9cee0a43181b442d846eb    C:\WINDOWS\system32\winlogon.exe
2004-08-27 14:00  502272  713ad65b9ff9cee0a43181b442d846eb    C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-27 14:00  182912  558635d3af1c7546d26067d5d9b6959e    C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-27 14:00  182912  558635d3af1c7546d26067d5d9b6959e    C:\WINDOWS\system32\drivers\ndis.sys

2004-08-27 14:00  29056  4448006b6bc60e6c027932cfc38d6855    C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-27 14:00  29056  4448006b6bc60e6c027932cfc38d6855    C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 20:13  2059520  610527b58729660ec06ecc71302e9490    C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08  2061952  08c79da378870aa75dc87f322ab69cca    C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-27 14:00  2059392  5bdf130809cbd5cba13ab87bc7f579f0    C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08  2059392  5804d7bee5d970d98eaaf2c4fec49606    C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:03  2060160  02d2e03fcc2d45c5facd5cd5d32700c8    C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:03  2060160  02d2e03fcc2d45c5facd5cd5d32700c8    C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:03  2060160  02d2e03fcc2d45c5facd5cd5d32700c8    C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 20:13  2182144  1a7cb4ea702393225b2a21e610d3d91a    C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08  2184704  e4733821bb00d6d3581e07fb3f58abbe    C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-27 14:00  2183552  f75d4f2cce1d9f2150fe45ec5ea91ac0    C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09  2181888  52a559a71e7547645d283ff3f84200b9    C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:03  2182912  e6aaf110a1330e11e9745cf540fba81b    C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:03  2182912  e6aaf110a1330e11e9745cf540fba81b    C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:03  2182912  e6aaf110a1330e11e9745cf540fba81b    C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2004-08-27 14:00  108032  55bbe54a196b1a9f99ec2e01f4ac1215    C:\WINDOWS\system32\services.exe
2004-08-27 14:00  108032  55bbe54a196b1a9f99ec2e01f4ac1215    C:\WINDOWS\system32\dllcache\services.exe

2004-08-27 14:00  13312  9086126fb5fd15ceb387121506400244    C:\WINDOWS\system32\lsass.exe
2004-08-27 14:00  13312  9086126fb5fd15ceb387121506400244    C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-27 14:00  15360  8289923e26d00213080e3e3d7e219f4c    C:\WINDOWS\system32\ctfmon.exe
2004-08-27 14:00  15360  8289923e26d00213080e3e3d7e219f4c    C:\WINDOWS\system32\dllcache\ctfmon.exe
.
(((((((((((((((((((((((((((((  snapshot@2008-05-25_22.10.11.15  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 20:07:12    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-05-25 20:13:11    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-05-25 20:13:36    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Programmer\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Programmer\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll [2008-04-03 10:52 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"Steam"="c:\programmer\valve\steam\steam.exe" [2008-03-28 08:04 1271032]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 21:07 86016]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 14:03 188416]
"zBrowser Launcher"="C:\Programmer\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2003-07-07 10:50 1916928]
"zzzHPSETUP"="D:\Setup.exe" [ ]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2004-08-27 04:01 1450096]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"KiweeHook"="C:\Programmer\Kiwee Toolbar2\1.5.131\kwtbaim.exe" [2008-04-03 10:51 56456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-19 10:57:33 113664]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
NaturalColorLoad.lnk - C:\Programmer\SEC\Natural Color\NaturalColorLoad.exe [2005-10-19 11:31:42 155715]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrpmli]
awtrpmli.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Programmer\\LimeWire\\LimeWire.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\World of Warcraft\\BackgroundDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Support.com\\TDCKabel\\hcenter.exe"=
"C:\\Programmer\\Support.com\\bin\\tgcmd.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 11:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 09:50:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-05-25 19:35:04 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 22:16:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-25 22:17:30
ComboFix-quarantined-files.txt  2008-05-25 20:17:27

Pre-Run: 60,789,620,736 byte ledig
Post-Run: 60,778,557,440 byte ledig

223    --- E O F ---    2008-05-24 22:34:56


Hijackthislogfilen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:59, on 25-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\SEC\Natural Color\NaturalColorLoad.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\emil\Skrivebord\Eksperten\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Programmer\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Programmer\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Programmer\Kiwee Toolbar2\1.5.131\kwtbaim.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtrpmli - awtrpmli.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9351 bytes

SuperAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/25/2008 at 09:55 PM

Application Version : 4.0.1154

Core Rules Database Version : 3468
Trace Rules Database Version: 1459

Scan type      : Complete Scan
Total Scan Time : 00:43:27

Memory items scanned      : 451
Memory threats detected  : 0
Registry items scanned    : 5659
Registry threats detected : 8
File items scanned        : 28005
File threats detected    : 61

Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
    HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
    HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}\InprocServer32
    HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\AWTRPMLI.DLL
    HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}

Adware.Tracking Cookie
    C:\Documents and Settings\emil\Cookies\emil@2o7[2].txt
    C:\Documents and Settings\emil\Cookies\emil@date.ventivmedia[1].txt
    C:\Documents and Settings\emil\Cookies\emil@ads.dailyrush[1].txt
    C:\Documents and Settings\emil\Cookies\emil@cassava[1].txt
    C:\Documents and Settings\emil\Cookies\emil@specificclick[2].txt
    C:\Documents and Settings\emil\Cookies\emil@server.cpmstar[1].txt
    C:\Documents and Settings\emil\Cookies\emil@atdmt[1].txt
    C:\Documents and Settings\emil\Cookies\emil@azjmp[1].txt
    C:\Documents and Settings\emil\Cookies\emil@clicksor[1].txt
    C:\Documents and Settings\emil\Cookies\emil@adserver.adservinginternational[1].txt
    C:\Documents and Settings\emil\Cookies\emil@mediatraffic[1].txt
    C:\Documents and Settings\emil\Cookies\emil@tribalfusion[2].txt
    C:\Documents and Settings\emil\Cookies\emil@adfair[2].txt
    C:\Documents and Settings\emil\Cookies\emil@track.adform[1].txt
    C:\Documents and Settings\emil\Cookies\emil@CADXMR5X.txt
    C:\Documents and Settings\emil\Cookies\emil@smileycentral[1].txt
    C:\Documents and Settings\emil\Cookies\emil@eas.apm.emediate[1].txt
    C:\Documents and Settings\emil\Cookies\emil@ads.zam[2].txt
    C:\Documents and Settings\emil\Cookies\emil@ad.bolddk[2].txt
    C:\Documents and Settings\emil\Cookies\emil@ad.zanox[3].txt
    C:\Documents and Settings\emil\Cookies\emil@ad1.emediate[2].txt
    C:\Documents and Settings\emil\Cookies\emil@ads.vlaze[1].txt
    C:\Documents and Settings\emil\Cookies\emil@bold.adservinginternational[1].txt
    C:\Documents and Settings\emil\Cookies\emil@ad.zanox[1].txt
    C:\Documents and Settings\emil\Cookies\emil@windowsmedia[1].txt
    C:\Documents and Settings\emil\Cookies\emil@qxl.adservinginternational[2].txt
    C:\Documents and Settings\emil\Cookies\emil@banners.battleon[2].txt
    C:\Documents and Settings\emil\Cookies\emil@ads2.jubii[1].txt
    C:\Documents and Settings\emil\Cookies\emil@mediamac.comon[2].txt
    C:\Documents and Settings\emil\Cookies\emil@videoegg.adbureau[2].txt
    C:\Documents and Settings\emil\Cookies\emil@click-new-download[2].txt
    C:\Documents and Settings\emil\Cookies\emil@indextools[2].txt
    C:\Documents and Settings\emil\Cookies\emil@pacificpoker[2].txt
    C:\Documents and Settings\emil\Cookies\emil@adserver.incgamers[2].txt
    C:\Documents and Settings\emil\Cookies\emil@mediaprovider.adservinginternational[2].txt
    C:\Documents and Settings\emil\Cookies\emil@adnetserver[1].txt
    C:\Documents and Settings\emil\Cookies\emil@adserver.banneradministration[1].txt
    C:\Documents and Settings\emil\Cookies\emil@www.googleadservices[1].txt
    C:\Documents and Settings\emil\Cookies\emil@partypoker[1].txt
    C:\Documents and Settings\emil\Cookies\emil@www.googleadservices[2].txt
    C:\Documents and Settings\emil\Cookies\emil@msnportal.112.2o7[1].txt
    C:\Documents and Settings\emil\Cookies\emil@www.zanox-affiliate[2].txt
    C:\Documents and Settings\emil\Cookies\emil@cgm.adbureau[1].txt
    C:\Documents and Settings\emil\Cookies\emil@adopt.specificclick[1].txt
    C:\Documents and Settings\emil\Cookies\emil@2o7[1].txt
    C:\Documents and Settings\emil\Cookies\emil@adtech[1].txt
    C:\Documents and Settings\emil\Cookies\emil@banner.goldenpalacepoker[2].txt
    C:\Documents and Settings\emil\Cookies\emil@banners2.battleon[1].txt
    C:\Documents and Settings\emil\Cookies\emil@bp.specificclick[1].txt
    C:\Documents and Settings\emil\Cookies\emil@doubleclick[1].txt
    C:\Documents and Settings\emil\Cookies\emil@eas4.emediate[1].txt
    C:\Documents and Settings\emil\Cookies\emil@insightexpressai[1].txt
    C:\Documents and Settings\emil\Cookies\emil@prospect.adbureau[1].txt
    C:\Documents and Settings\emil\Cookies\emil@qxl.banneradministration[1].txt
    C:\Documents and Settings\emil\Cookies\emil@revsci[1].txt
    C:\Documents and Settings\emil\Cookies\emil@tracking.vindicosuite[1].txt
    C:\Documents and Settings\emil\Cookies\emil@xiti[1].txt

Rogue.TrustedAntiVirus
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run#SBI [ C:\Documents and Settings\emil\Lokale indstillinger\Temporary Internet Files\Content.IE5\YBCLIA9U\install_sbd_en[1].exe ]

Adware.Vundo Variant/Rel
    HKLM\SOFTWARE\Microsoft\FCOVM
    HKLM\SOFTWARE\Microsoft\RemoveRP

Adware.Accoona
    C:\PROGRAMMER\FILESUBMIT\HEIDIKLUMSS2004.EXE\ATOOLBAR400005.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{9A32ABEB-6140-4245-8108-A454F22AD94D}\RP370\A0300557.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{9A32ABEB-6140-4245-8108-A454F22AD94D}\RP370\A0300563.EXE


Jeg håber I finder en løsning til mig.

Afinstaller

* Kiwee Toolbar2
* Limewire
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Programmer\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Programmer\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Programmer\Kiwee Toolbar2\1.5.131\kwtbaim.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - Winlogon Notify: awtrpmli - awtrpmli.dll (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe

Genstart normalt, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Hej Karise Larry

Så er jeg klar med en frisk log, som jeg vil være mere en glad hvis du vil kigge på. Det var ikke alle de af dig beskrevne filer, der var i min sidste log via hijackthis, men det går jeg udfra er ok.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:13, on 26-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\emil\Skrivebord\Eksperten\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7998 bytes

BINGO...

Du bør lige 'fixe' denne linie i iackThis ->
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Genstart normalt... behøver ikke at se mere ...

Hvordan kører PC'en så nu ?

Tusind tak for hjælpen, det ser ud til at virke. Pc'en kører ihvertfald upåklageligt nu.

Hvordan giver jeg dig point, for det har du virkelig fortjent, for gode og hurtige svar :-))

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Tja - du har tihvertifald AFVIST mit [svar] og [Accepteret] dit eget ???

Du har nok generelt misfortået det lidt ?

http://expfaq.dk/behandling_af_svar#behandling_af_svar

Har nu gennemført dine sidste råd. Endnu engang tak for hjælpen. Da jeg er ny bruger må du endelig til, hvis jeg skal gøre mere mht disse point.

Ellers tak for denne gang.

Mht "Point" til mig ->
http://expfaq.dk/giv_flere_point#giv_flere_point ->

"Metoden er forholdsvis simpel. Opret et nyt spørgsmål i samme kategori som det oprindelige spørgsmål og kald det "Point til [brugernavn]" hvor du erstatter [brugernavn] med navnet på den bruger du ønsker skal have point. Husk at skrive et link til spørgsmålet hvor du normalt skriver en længere beskrivelse af dit problem."

Point er her:

http://www.eksperten.dk/spm/832999