Hvis styresystemet er Windows XP, så prøv dette:
Indsæt din XP-cd i dit drev.
Gå i Start
Kør
Skriv: sfc /scannow
(husk mellemrum mellem sfc og /scannow)
OK

Er der nogle systemfiler, som ikke har det så godt, så bliver de repareret og mangler der nogle, så bliver de gendannet.

Hent denne fil, pak den ud og dobbeltklik på iereg.bat:
http://www.fbeej.ctrlaltdel.dk/Programmer/iereg.zip

Genstart.

Hej

Det er jo kanon. Det ser ud til og virke. Jeg får nogle gange 2 frjlmeldinger lige efter hinanden ang. explorer. Jeg skal lige ha dem skrevet ned så smider jeg dem her ind i tråden, måske du også kan hjælpe med det….

Tak for hjælpen for nu…. vender snart tilbage…

MVH
bjarnebf

Du skal være velkommen

Hej igen.

Det ser ud til at det ikke virker helt endnu. Der er stadigvæk nogle links jeg ikke kan åbne og jeg tror det er hyberlinks. Kan det passe.

MVH
bjarnebf

Kan du være lidt mere specifik?

Hej.

Ja jeg skal prøve. Hvis i gåt ind på dette link : http://news.softpedia.com/news/The-Intel-Chopper-by-OCC-Uber-Cool-Looks-Ultra-Technology-Makes-Even-Ghost-Rider-Drool-62654.shtml

så kan man klikke på motorcyklen for at forstørrer billedet men når jeg gør det så sker der ikke noget, eller det gør der jo. Den øverste blå bjælke, den med minimerer knappen skifter fra aktiv til inaktiv. Sådan tror jeg godt man ka sige…...

MVH
bjarnebf

Prøv at holde CTRL tasten nede mens du klikker på linket.

Hej.

Hvis jeg holder tasten nede så skifter bjælken ikke, men der åbnes en ny fane. På denne side er det intet, der står opretter forbindelse på fanebladet men der er ingen ting på siden.
MVH
bjarnebf

Hent Crapcleaner her:
http://www.filehippo.com/download_ccleaner/

Installer Crapcleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start Crapcleaner, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.

Genstart, se om det hjalp.

hej.
Crapcleaner… er det Ccleaner, for så har jeg den i forvejen og har gjordt såm du skrev men lige lidt hjalp det. Det link som du sendte med den sidste besked, altså det fra filehippo hvor jeg kan hente ccleaner kan jeg f.eks ikke åbne.

MVH
bjarnebf

Ja, det er Ccleaner.

Lad os lige få update på plads først:
Windows Update skal fixes, det gør du med dette fix -> http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip

1. Dobbeltklik det blå tandhjul.

2. Klik på knappen “Flush Softwaredistribution”

3. Sæt flueben i “Fix Windows update”

4. Klik på knappen GO i nederste venstre hjørne.

5. Lad den køre færdig.

6. Genstart maskinen.

7. Nu burde du kunne installere de opdateringer.

Hej.

Så ville den opdaterer, dejligt. Jeg kan stadigvæk ikke åbne de link i sender.

MVH
bjarnebf

Følg denne vejledning:
http://www.spywarefri.dk/forum/links/hjtanv.htm

Hejsa.

Her er logfilerne.

Først AVG :
————————————————————————————-
AVG Anti-Spyware - Scan Report
————————————————————————————-

+ Created at: 20:42:33 16-08-2007

+ Scan result:

C:\System Volume Information\_restore{56A2111C-E9AD-422C-BF68-98DAB3111247}\RP468\A0133067.dll -> Adware.Virtumonde : Ignored.
C:\System Volume Information\_restore{56A2111C-E9AD-422C-BF68-98DAB3111247}\RP468\A0133065.dll -> Trojan.Agent.abd : Cleaned with backup (quarantined).

::Report end

Og så Rootchk i normal tilstand :
********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh
16-08-2007 20:46:41,20

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 20:46:41
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
“DisplayName”=“Alcohol 120”
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{843F18E1-10A9-64CF-9B10-E40835A06223}]
“iabonmpkihkoiimoml”=hex:6b,61,63,65,6f,6e,6f,69,6d,68,62,64,69,68,69,67,6b,6e,69,69,6c,..
“hadnhliebpddicgk”=hex:6b,61,63,65,6f,6e,6f,69,6d,68,62,64,69,68,69,67,6b,6e,69,69,6c,..
“hafcnafopckdhmil”=hex:61,61,00,7e
“hafcnafoeglkpelo”=hex:61,61,00,7e
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B578A50A-6819-A435-2A9C-A0BBE6817010}]
“hakocdoiilegcaej”=hex:6b,61,68,70,69,6f,69,69,6c,6d,70,69,64,6d,67,6a,6e,64,6d,62,6a,..
“iaaofpnnbelcliefig”=hex:6b,61,68,70,69,6f,69,69,6c,6d,70,69,64,6d,67,6a,6e,64,6d,62,6a,..

scanning hidden files ...
C:\WINDOWS\system32:lpr.exe 48640 bytes executable

hidden processes: 0
hidden files: 1

Og Combofix :
ComboFix 07-08-14.4 - “Ejer” 2007-08-16 20:50:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.627 [GMT 2:00]
* Created a new restore point

ADS removed - system32: deleted 48640 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((  Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\llnmp.ini

(((((((((((((((((((((((((  Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))

2007-08-16 20:48 51,200—a———C:\WINDOWS\nircmd.exe
2007-08-16 18:12 786,432—ah——- C:\DOCUME~1\ADMINI~1.HJE\NTUSER.DAT
2007-08-16 18:12 <DIR> dr———- C:\DOCUME~1\ADMINI~1.HJE\Menuen Start
2007-08-16 18:12 <DIR> d—h——- C:\DOCUME~1\ADMINI~1.HJE\Skabeloner
2007-08-16 18:12 <DIR> d—h——- C:\DOCUME~1\ADMINI~1.HJE\Printere
2007-08-16 18:12 <DIR> d—h——- C:\DOCUME~1\ADMINI~1.HJE\Lokale indstillinger
2007-08-16 18:12 <DIR> d—h——- C:\DOCUME~1\ADMINI~1.HJE\Andre computere
2007-08-16 18:12 <DIR> d————C:\DOCUME~1\ADMINI~1.HJE\Skrivebord
2007-08-16 18:12 <DIR> d————C:\DOCUME~1\ADMINI~1.HJE\Foretrukne
2007-08-16 18:12 <DIR> d————C:\DOCUME~1\ADMINI~1.HJE\Dokumenter
2007-08-15 20:21 <DIR> d————C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-15 16:32 15,840—a———C:\WINDOWS\system32\Machnm1.exe
2007-08-13 23:11 90,568—a———C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-08-13 23:11 61,440—a———C:\WINDOWS\system32\VM31bSTI.dll
2007-08-13 23:11 53,248—a———C:\WINDOWS\StillCap.exe
2007-08-13 23:11 49,152—a———C:\WINDOWS\amcap.exe
2007-08-13 23:11 40,960—a———C:\WINDOWS\VM_STI.EXE
2007-08-13 23:11 307,200—a———C:\WINDOWS\vidcap32.Exe
2007-08-13 23:11 24,576—a———C:\WINDOWS\RunSetup.dll
2007-08-13 23:11 147,456—a———C:\WINDOWS\VMCap.exe
2007-08-13 22:18 1,261,568————- C:\WINDOWS\NuNinst.exe
2007-08-13 22:17 86,752————- C:\WINDOWS\system32\drivers\incdfs.sys
2007-08-13 22:17 5,264————- C:\WINDOWS\system32\drivers\incdrec.sys
2007-08-13 22:17 28,432————- C:\WINDOWS\system32\drivers\incdpass.sys
2007-08-13 22:17 <DIR> d————C:\WINDOWS\InCD
2007-08-13 06:30 127,034 -r———- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-08-12 20:36 <DIR> d————C:\Programmer\Realtek AC97
2007-08-12 20:33 <DIR> d————C:\WINDOWS\EffectResources
2007-08-12 19:16 38,912—a———C:\WINDOWS\system32\drivers\AmdK8.sys
2007-08-12 16:00 <DIR> d————C:\DOCUME~1\Ejer\APPLIC~1\ExtraFilm
2007-08-12 14:33 <DIR> d————C:\Programmer\Canon
2007-08-12 10:59 <DIR> d————C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-08-08 23:17 <DIR> d————C:\DOCUME~1\Ejer\APPLIC~1\VSRevoGroup
2007-08-08 18:32 <DIR> d————C:\APPS
2007-08-03 08:56 <DIR> d————C:\DOCUME~1\Ejer\APPLIC~1\Logitech
2007-08-03 08:56 <DIR> d————C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\LogiShrd
2007-08-03 08:55 <DIR> d————C:\Programmer\F‘lles filer\LogiShrd
2007-08-03 08:54 56,080—a———C:\WINDOWS\KHALMNPR.Exe
2007-08-03 08:54 36,112—a———C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-08-03 08:54 34,832—a———C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-08-03 08:54 1,419,024—a———C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-08-03 08:54 <DIR> d————C:\Programmer\F‘lles filer\Logitech
2007-08-03 08:54 <DIR> d————C:\DOCUME~1\Ejer\APPLIC~1\InstallShield
2007-08-03 08:54 <DIR> d————C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logitech
2007-08-02 11:00 118,784 -r———- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2007-08-01 16:17 <DIR> d————C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PC Drivers Headquarters
2007-07-29 13:06 <DIR> d————C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PhotoCare
2007-07-27 01:06 524,288—a———C:\WINDOWS\system32\DivXsm.exe
2007-07-27 01:06 144,704—a———C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 01:03 823,296—a———C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 01:03 823,296—a———C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 01:03 802,816—a———C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 01:03 740,442—a———C:\WINDOWS\system32\DivX.dll
2007-07-27 01:03 53,248—a———C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 01:03 344,064—a———C:\WINDOWS\system32\dpus11.dll
2007-07-27 01:03 294,912—a———C:\WINDOWS\system32\dpu10.dll
2007-07-27 01:03 12,288—a———C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-21 00:46 <DIR> d————C:\Programmer\Google
2007-07-20 21:01 356,352—a———C:\WINDOWS\system32\NVUNINST.EXE
2007-07-20 20:54 9,728—a———C:\WINDOWS\system32\ALi55prp.dll
2007-07-20 20:54 63,488—a———C:\WINDOWS\system32\drivers\ALi55WDM.sys
2007-07-20 20:53 28,672—a———C:\WINDOWS\system32\drivers\ULILAN51.SYS
2007-07-19 08:58 3,583,488——-c—- C:\WINDOWS\system32\dllcache\mshtml.dll

((((((((((((((((((((((((((((((((((((((((  Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-15 20:09————- d————C:\DOCUME~1\Ejer\APPLIC~1\Skype
2007-08-14 00:48————- d————C:\Programmer\SUPERAntiSpyware
2007-08-13 20:39————- d————C:\Programmer\ExPLabs.com
2007-08-12 20:33————- d—h——- C:\Programmer\InstallShield Installation Information
2007-08-12 20:33————- d————C:\Programmer\Vimicro
2007-08-12 18:26————- d————C:\Programmer\AMD
2007-08-09 19:06————- d————C:\Programmer\IE7pro
2007-08-09 19:04————- d————C:\Programmer\NCH Swift Sound
2007-08-09 19:04————- d————C:\DOCUME~1\Ejer\APPLIC~1\NCH Swift Sound
2007-08-09 18:55————- d————C:\Programmer\Microsoft Picture It! 7
2007-08-08 21:58————- d————C:\DOCUME~1\Ejer\APPLIC~1\Vso
2007-08-06 03:07————- d————C:\Programmer\Blubster
2007-08-03 10:18————- d————C:\Programmer\MSN Messenger
2007-08-03 08:55 0—ah——- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-08-03 08:55 0—ah——- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-08-03 08:55 0—ah——- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2007-07-27 01:06 43528————- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-27 01:06 3596288—a———C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 01:06 200704—a———C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 129784————- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056————- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520————- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 01:06 1044480—a———C:\WINDOWS\system32\libdivx.dll
2007-07-27 01:03 81920—a———C:\WINDOWS\system32\dpl100.dll
2007-07-27 01:03 593920—a———C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57344—a———C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 294912—a———C:\WINDOWS\system32\dpu11.dll
2007-07-27 01:03 196608—a———C:\WINDOWS\system32\dtu100.dll
2007-07-23 19:41 190—a———C:\CONFIG.SYS
2007-07-23 19:41 132—a———C:\AUTOEXEC.BAT
2007-07-21 07:21 21808—a———C:\WINDOWS\system32\drivers\Aldebaran.sys
2007-07-21 07:21 16855—a———C:\WINDOWS\system32\drivers\Achernar.sys
2007-07-20 22:00 1480—a———C:\WINDOWS\system32\tmp.reg
2007-07-20 21:26————- d————C:\DOCUME~1\Ejer\APPLIC~1\CallingID
2007-07-20 21:15 108144—a———C:\WINDOWS\system32\CmdLineExt.dll
2007-07-15 20:48————- d————C:\DOCUME~1\Ejer\APPLIC~1\SMSSender
2007-07-14 09:24————- d————C:\Programmer\MSECache
2007-07-13 22:12————- d————C:\Programmer\Skype
2007-07-13 17:23————- d————C:\DOCUME~1\Ejer\APPLIC~1\SummaSummarum
2007-07-13 01:31 765952——-c—- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-12 20:04————- d————C:\Programmer\Microsoft SMS Sender
2007-07-12 20:02————- d————C:\DOCUME~1\Ejer\APPLIC~1\Windows Desktop Search
2007-07-12 20:01————- d————C:\Programmer\Windows Desktop Search
2007-07-11 21:31 118784—a———C:\WINDOWS\system32\MSSTDFMT.DLL
2007-07-09 18:46 557128—a———C:\WINDOWS\system32\dao360.dll
2007-07-08 17:53————- d————C:\Programmer\MSBuild
2007-07-08 17:48————- d————C:\Programmer\Microsoft Visual Studio 8
2007-07-08 17:38————- d————C:\Programmer\Alcohol Soft
2007-07-08 17:36————- d————C:\Programmer\Microsoft Works
2007-07-06 19:42————- d————C:\DOCUME~1\Ejer\APPLIC~1\Talkback
2007-07-06 19:41————- d————C:\DOCUME~1\Ejer\APPLIC~1\Thunderbird
2007-07-06 19:07————- d————C:\DOCUME~1\Ejer\APPLIC~1\Webcam Saver
2007-06-30 16:55 21840—a———C:\WINDOWS\system32\SIntfNT.dll
2007-06-30 16:55 17212—a———C:\WINDOWS\system32\SIntf32.dll
2007-06-30 16:55 12067—a———C:\WINDOWS\system32\SIntf16.dll
2007-06-29 01:54 356352—a———C:\WINDOWS\system32\nvudisp.exe
2007-06-29 00:43 8466432—a———C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920—a———C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920—a———C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664—a———C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328—a———C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-29 00:43 6729728—a———C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112—a———C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624—a———C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872—a———C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944—a———C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752—a———C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056—a———C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368—a———C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984—a———C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376—a———C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376—a———C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448—a———C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384—a———C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464—a———C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856—a———C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000—a———C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200—a———C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720—a———C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912—a———C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640—a———C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624—a———C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376—a———C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416—a———C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936—a———C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112—a———C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716—a———C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560—a———C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456—a———C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392—a———C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784—a———C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152—a———C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904—a———C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772—a———C:\WINDOWS\system32\nvucode.bin
2007-06-27 16:05 823808——-c—- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:05 671232——-c—- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:05 6058496——-c—- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:05 52224——-c—- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:05 477696——-c—- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:05 459264——-c—- C:\WINDOWS\system32\dllcache\msfeeds.dll

(((((((((((((((((((((((((((((((((((((  Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-29 00:43]
“avgnt”=“C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe” [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-26 18:53]
“ccleaner”=“F:\Programmer\CCleaner\ccleaner.exe” [2007-07-13 11:10]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
“IETI”=C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Documents and Settings\Ejer\Menuen Start\Programmer\Start\
SpywareGuard.lnk - F:\Programmer\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 name]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoSharedDocuments”=00000000
“MaxRecentDocs”=11 (0xb)
“GreyMSIAds”=1 (0x1)
“NoTrayItemsDisplay”=00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 17:45 77824]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-06-03 10:36 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
“Notification Packages”=  scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=”“

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“LDM”=F:\Programmer\logitec\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“SunJavaUpdateSched”=“C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe”

R0 Achernar;Achernar - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Achernar.sys
R0 aliidex;aliidex;C:\WINDOWS\system32\drivers\aliidex.sys
R0 aliperf;aliperf;C:\WINDOWS\system32\drivers\aliperf.sys
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys
R1 avgio;avgio;\??\C:\Programmer\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\C:\WINDOWS\system32\Drivers\Aldebaran.sys
R3 avgntflt;avgntflt;\??\C:\Programmer\AntiVir PersonalEdition Classic\avgntflt.sys
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS
R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S3 SABProcEnum;SABProcEnum;\??\C:\Programmer\Internet Explorer\SABProcEnum.sys
S3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Programmer\Fælles filer\LightScribe\LSRunOnce.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7F67F8DD-D049-BFA7-4E4F-8F317C66F7EE}]
C:\WINDOWS\system32:lpr.exe

Contents of the ‘Scheduled Tasks’ folder
2007-06-18 19:54:07 C:\WINDOWS\Tasks\1-Click Maintenance.job - F:\Programmer\Tune up utillities\SystemOptimizer.exe
2007-08-16 18:47:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programmer\Windows Defender\MpCmdRun.exe
2007-08-16 06:45:09 C:\WINDOWS\Tasks\User_Feed_Synchronization-{96B31354-DF1C-412C-B83B-008501CA8D54}.job - C:\WINDOWS\system32\msfeedssync.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 20:54:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]
“ImagePath”=”\“F:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe\”“

Completion time: 2007-08-16 20:55:09
C:\ComboFix-quarantined-files.txt ... 2007-08-16 20:54

—- E O F—-

og en frisk HJT :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:01:33, on 16-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Programmer\SpywareGuard\sgmain.exe
F:\Programmer\SpywareGuard\sgbhp.exe
F:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
f:\Programmer\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - f:\Programmer\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] “C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] “F:\Programmer\CCleaner\ccleaner.exe” /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOKAL TJENESTE’)
O4 - HKUS\S-1-5-19\..\Run: [Ordbogen.com] C:\Programmer\CoolSystems\ordbogen.com\ordbogen.exe (User ‘LOKAL TJENESTE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETVÆRKSTJENESTE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User ‘Default user’)
O4 - Startup: SpywareGuard.lnk = F:\Programmer\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Add; to IncrediMail Style Box - F:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: Download Link Using Mega Manager… - f:\Programmer\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://F:\PUBLIS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport; to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IE7pro\IE7pro.dll
O9 - Extra ‘Tools’ menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PUBLIS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} -
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) -
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) -
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {2540AD2D-1F26-4968-9B71-20552B244420} (ASPInterface Class) -
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} -
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) -
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) -
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) -
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) -
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) -
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} -
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Programmer\logitec\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - F:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

—
End of file - 9266 bytes

MVH
bjarnebf

Bortset fra fildeling, som sikkert er årsagen til dine problemer, ser der fornuftigt ud.
Der er dog noget jeg er usikker på, det har jeg bedt Ejvindh om at kigge på.

Har det hjulpet?