About:blank

Kør trin 2 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11
Genstart og hijackthis log(vejledning http://www.malwarecheck.dk/forum/viewtopic.php?t=9) samt loggen fra SuperAntiSpyware scanneren

Tak for tilbagemeldingen.
Trin 2 er Ewido Anti-spyware. - Er det den du gerne vil se loggen fra når den har scannet?

Min fejl..

Det er trin 1 superantispyware scanneren..

Ahh, okay. Den sætter jeg igang i stedet :-)

Og grunden til at jeg har lagt en vejledning til hijackthis er at det er en gammel version du har. linket er til en ny version

Helt iorden. Jeg arbejder på sagen

Dette er loggen fra HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:51, on 09-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helionfilm.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmer\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?157174de8ffc43aeba04cf773c43d315
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?157174de8ffc43aeba04cf773c43d315
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145690663500
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7719 bytes

Og dette er fra SuperAnti spyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/09/2007 at 07:19 PM

Application Version : 3.9.1008

Core Rules Database Version : 3321
Trace Rules Database Version: 1322

Scan type      : Complete Scan
Total Scan Time : 00:44:37

Memory items scanned      : 441
Memory threats detected  : 0
Registry items scanned    : 5077
Registry threats detected : 0
File items scanned        : 43640
File threats detected    : 37

Adware.Tracking Cookie
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@008.free-counter.co[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@bs.serving-sys[3].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@serving-sys[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@mtgnewmedia[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@windowsmedia[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@atdmt[3].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@revsci[3].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@track.adform[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@ad1.emediate[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@doubleclick[3].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@adtech[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@tribalfusion[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@edsa.122.2o7[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@2o7[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@e2.emediate[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@tradedoubler[3].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@mediaplex[3].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@eas4.emediate[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@008.free-counter.co[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@ad1.emediate[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@adtech[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@atdmt[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@bs.serving-sys[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@divx.adbureau[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@doubleclick[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@eas.apm.emediate[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@eboks.112.2o7[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@edsa.122.2o7[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@mediaplex[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@overture[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@perf.overture[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@revsci[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@sonyeurope.112.2o7[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@track.adform[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Cookies\kent falkenstrøm@tradedoubler[2].txt
    C:\Documents and Settings\Kent Falkenstrøm\Lokale indstillinger\Temp\Cookies\kent falkenstrøm@atdmt[1].txt
    C:\Documents and Settings\Kent Falkenstrøm\Lokale indstillinger\Temp\Cookies\kent falkenstrøm@revsci[2].txt

Ved ikke om du også skal bruge loggen fra rootlog?

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
09-10-2007 21:08:39,89

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 21:08:40
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583be5a17]
"001813965e36"=hex:06,6e,c4,23,79,a5,42,98,48,1c,d7,aa,ef,9e,ea,26
"080028d31632"=hex:97,c3,19,55,8c,3f,4f,40,6e,f0,e9,18,e9,57,f7,da
"000d44306658"=hex:f3,d1,1a,f5,6c,89,94,df,4b,cc,ff,30,8f,e0,95,37
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583be5a17]
"001813965e36"=hex:06,6e,c4,23,79,a5,42,98,48,1c,d7,aa,ef,9e,ea,26
"080028d31632"=hex:97,c3,19,55,8c,3f,4f,40,6e,f0,e9,18,e9,57,f7,da
"000d44306658"=hex:f3,d1,1a,f5,6c,89,94,df,4b,cc,ff,30,8f,e0,95,37

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

Eller RootChk var det jo den hed :-)

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

ComboFix 07-10-09.3 - Kent Falkenstr›m 2007-10-09 23:13:15.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.565 [GMT 2:00]
Running from: C:\Documents and Settings\Kent Falkenstr›m\Lokale indstillinger\Temporary Internet Files\Content.IE5\8ZYN25AH\ComboFix[1].exe
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-09-09 to 2007-10-09  )))))))))))))))))))))))))))))))
.

2007-10-09 23:11    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-09 21:03    401,720    --a------    C:\Programmer\HJTrenamed.exe
2007-10-09 18:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-09 18:26    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-10-08 16:10    <DIR>    d--------    C:\Programmer\UltraVNC
2007-10-08 16:10    12,800    --a------    C:\WINDOWS\system32\vncdrv.dll
2007-10-08 16:10    6,016    --a------    C:\WINDOWS\system32\drivers\vnccom.SYS
2007-10-08 16:10    5,760    --a------    C:\WINDOWS\system32\vnchelp.dll
2007-10-08 16:10    4,736    --a------    C:\WINDOWS\system32\drivers\vncdrv.sys
2007-10-04 05:59    <DIR>    d--------    C:\FAKTURA MAPPE
2007-09-30 13:20    <DIR>    d--------    C:\Programmer\Nvu
2007-09-30 12:56    <DIR>    d--------    C:\Programmer\BlueVoda Website Builder
2007-09-30 01:23    <DIR>    d--------    C:\Programmer\Lavasoft
2007-09-30 01:23    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-19 16:20    <DIR>    d--------    C:\Programmer\Joost
2007-09-16 18:00    <DIR>    d--------    C:\divx
2007-09-16 17:38    129,784    ---------    C:\WINDOWS\system32\pxafs.dll
2007-09-16 17:38    120,056    ---------    C:\WINDOWS\system32\pxcpyi64.exe
2007-09-16 17:38    118,520    ---------    C:\WINDOWS\system32\pxinsi64.exe
2007-09-16 17:38    9,464    ---------    C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-09-16 17:38    9,336    ---------    C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-09-15 15:17    271,224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-09-15 15:17    207,736    --a------    C:\WINDOWS\system32\muweb.dll
2007-09-14 14:47    <DIR>    d--------    C:\Programmer\Windows Live Toolbar
2007-09-14 14:47    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-12 17:12    <DIR>    d--------    C:\EVENT DVD APRIL 2007

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 19:21    5,767,168    ---ha-w    C:\Documents and Settings\Kent Falkenstrøm\NTUSER.DAT
2007-10-09 19:04    7,720    ----a-w    C:\Programmer\hijackthis.log
2007-10-09 16:26    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-09-30 10:56    737,280    ----a-w    C:\WINDOWS\iun6002.exe
2007-09-22 13:59    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-22 10:27    ---------    d-----w    C:\Programmer\DVDlabPro1.53
2007-09-16 15:38    ---------    d-----w    C:\Programmer\DivX
2007-09-14 12:44    ---------    d-----w    C:\Programmer\MSN Messenger
2007-08-21 00:26    81,920    ----a-w    C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26    196,608    ----a-w    C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33    524,288    ----a-w    C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33    43,528    ------w    C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-15 22:33    3,596,288    ----a-w    C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33    200,704    ----a-w    C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33    144,704    ----a-w    C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-15 22:33    1,044,480    ----a-w    C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31    593,920    ----a-w    C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31    57,344    ----a-w    C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31    53,248    ----a-w    C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31    344,064    ----a-w    C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31    294,912    ----a-w    C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31    294,912    ----a-w    C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30    823,296    ----a-w    C:\WINDOWS\system32\divx_xx0c.dll
2007-08-15 22:30    823,296    ----a-w    C:\WINDOWS\system32\divx_xx07.dll
2007-08-15 22:30    802,816    ----a-w    C:\WINDOWS\system32\divx_xx11.dll
2007-08-15 22:30    740,442    ----a-w    C:\WINDOWS\system32\DivX.dll
2007-08-15 22:30    12,288    ----a-w    C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 17:19    92,504    ----a-w    C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19    549,720    ----a-w    C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19    53,080    ----a-w    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19    43,352    ----a-w    C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19    325,976    ----a-w    C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19    203,096    ----a-w    C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19    1,712,984    ----a-w    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18    33,624    ----a-w    C:\WINDOWS\system32\wups.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 16:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 15:23]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^SATARaid.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\SATARaid.lnk
backup=C:\WINDOWS\pss\SATARaid.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kent Falkenstrøm^Menuen Start^Programmer^Start^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kent Falkenstrøm\Menuen Start\Programmer\Start\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kent Falkenstrøm^Menuen Start^Programmer^Start^SpywareGuard.lnk]
path=C:\Documents and Settings\Kent Falkenstrøm\Menuen Start\Programmer\Start\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSDVCRAgent]
C:\Programmer\ASUS\ASUS Digital VCR\Schedule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZSKY150]
C:\Programmer\EZSKY150\EZSKY150.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programmer\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
~"C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
"C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys
R0 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3124r5.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Programmer\Symantec\Norton Ghost 2003\ghpciscan.sys
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE27bus.sys
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS);C:\WINDOWS\system32\DRIVERS\se27nd5.sys
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE27obex.sys
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM);C:\WINDOWS\system32\DRIVERS\se27unic.sys
S3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 20:47:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 23:15:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]
"ImagePath"="\"C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe\""
.
Completion time: 2007-10-09 23:16:45
.
    --- E O F ---
Det var noget af en smørre :-)

Ja, det var en ordenlig godnat læsning*S*

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------
File::
C:\WINDOWS\iun6002.exe
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind sammen med en ny hijackthis log

Det klarer jeg lige når jeg kommer hjem fra job i eftermiddag. Den er ikke sådan at få bug med :-)

Nej, men den overgiver sig før vi overgiver os, det er helt sikkert..

Lyder rigtig godt :-)

Her så det nye log fra ComboFix

ComboFix 07-10-09.3 - Kent Falkenstr›m 2007-10-10 16:25:45.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.645 [GMT 2:00]
Running from: C:\Download\ComboFix\ComboFix.exe
Command switches used :: C:\Download\ComboFix\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\iun6002.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\iun6002.exe

.
(((((((((((((((((((((((((  Files Created from 2007-09-10 to 2007-10-10  )))))))))))))))))))))))))))))))
.

2007-10-09 23:11    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-09 21:03    401,720    --a------    C:\Programmer\HJTrenamed.exe
2007-10-09 18:27    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-09 18:26    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-10-08 16:10    <DIR>    d--------    C:\Programmer\UltraVNC
2007-10-08 16:10    12,800    --a------    C:\WINDOWS\system32\vncdrv.dll
2007-10-08 16:10    6,016    --a------    C:\WINDOWS\system32\drivers\vnccom.SYS
2007-10-08 16:10    5,760    --a------    C:\WINDOWS\system32\vnchelp.dll
2007-10-08 16:10    4,736    --a------    C:\WINDOWS\system32\drivers\vncdrv.sys
2007-10-04 05:59    <DIR>    d--------    C:\FAKTURA MAPPE
2007-09-30 13:20    <DIR>    d--------    C:\Programmer\Nvu
2007-09-30 12:56    <DIR>    d--------    C:\Programmer\BlueVoda Website Builder
2007-09-30 01:23    <DIR>    d--------    C:\Programmer\Lavasoft
2007-09-30 01:23    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-19 16:20    <DIR>    d--------    C:\Programmer\Joost
2007-09-16 18:00    <DIR>    d--------    C:\divx
2007-09-16 17:38    129,784    ---------    C:\WINDOWS\system32\pxafs.dll
2007-09-16 17:38    120,056    ---------    C:\WINDOWS\system32\pxcpyi64.exe
2007-09-16 17:38    118,520    ---------    C:\WINDOWS\system32\pxinsi64.exe
2007-09-16 17:38    9,464    ---------    C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-09-16 17:38    9,336    ---------    C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-09-15 15:17    271,224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-09-15 15:17    207,736    --a------    C:\WINDOWS\system32\muweb.dll
2007-09-14 14:47    <DIR>    d--------    C:\Programmer\Windows Live Toolbar
2007-09-14 14:47    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-12 17:12    <DIR>    d--------    C:\EVENT DVD APRIL 2007

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 04:18    5,767,168    ---ha-w    C:\Documents and Settings\Kent Falkenstrøm\NTUSER.DAT
2007-10-09 19:04    7,720    ----a-w    C:\Programmer\hijackthis.log
2007-10-09 16:26    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-09-22 13:59    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-22 10:27    ---------    d-----w    C:\Programmer\DVDlabPro1.53
2007-09-16 15:38    ---------    d-----w    C:\Programmer\DivX
2007-09-14 12:44    ---------    d-----w    C:\Programmer\MSN Messenger
2007-08-21 00:26    81,920    ----a-w    C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26    196,608    ----a-w    C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33    524,288    ----a-w    C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33    43,528    ------w    C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-15 22:33    3,596,288    ----a-w    C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33    200,704    ----a-w    C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33    144,704    ----a-w    C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-15 22:33    1,044,480    ----a-w    C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31    593,920    ----a-w    C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31    57,344    ----a-w    C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31    53,248    ----a-w    C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31    344,064    ----a-w    C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31    294,912    ----a-w    C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31    294,912    ----a-w    C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30    823,296    ----a-w    C:\WINDOWS\system32\divx_xx0c.dll
2007-08-15 22:30    823,296    ----a-w    C:\WINDOWS\system32\divx_xx07.dll
2007-08-15 22:30    802,816    ----a-w    C:\WINDOWS\system32\divx_xx11.dll
2007-08-15 22:30    740,442    ----a-w    C:\WINDOWS\system32\DivX.dll
2007-08-15 22:30    12,288    ----a-w    C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 17:19    92,504    ----a-w    C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19    549,720    ----a-w    C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19    53,080    ----a-w    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19    43,352    ----a-w    C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19    325,976    ----a-w    C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19    203,096    ----a-w    C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19    1,712,984    ----a-w    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18    33,624    ----a-w    C:\WINDOWS\system32\wups.dll
.

(((((((((((((((((((((((((((((  snapshot@2007-10-09_23.15.48,50  )))))))))))))))))))))))))))))))))))))))))
.
----a-w            14,560 2007-03-06 01:10:55  C:\WINDOWS\SoftwareDistribution\Download\3469968981637981346391b6df19c63e\spmsg.dll
----a-w          214,752 2007-03-06 01:11:00  C:\WINDOWS\SoftwareDistribution\Download\3469968981637981346391b6df19c63e\spuninst.exe
----a-w          683,520 2007-08-21 06:17:41  C:\WINDOWS\SoftwareDistribution\Download\3469968981637981346391b6df19c63e\sp2gdr\inetcomm.dll
----a-w          683,520 2007-08-21 06:26:05  C:\WINDOWS\SoftwareDistribution\Download\3469968981637981346391b6df19c63e\sp2qfe\inetcomm.dll
----a-w            22,752 2007-03-06 01:10:53  C:\WINDOWS\SoftwareDistribution\Download\3469968981637981346391b6df19c63e\update\spcustom.dll
----a-w          721,120 2007-03-06 01:11:17  C:\WINDOWS\SoftwareDistribution\Download\3469968981637981346391b6df19c63e\update\update.exe
----a-w          383,200 2007-03-06 01:12:08  C:\WINDOWS\SoftwareDistribution\Download\3469968981637981346391b6df19c63e\update\updspapi.dll
----a-w            14,560 2007-03-06 01:10:55  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\spmsg.dll
----a-w          214,752 2007-03-06 01:11:00  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\spuninst.exe
----a-w        1,022,976 2007-08-22 13:14:05  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\browseui.dll
----a-w          151,552 2007-08-22 13:14:05  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\cdfview.dll
----a-w        1,056,256 2007-08-22 13:14:06  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\danim.dll
----a-w          357,888 2007-08-22 13:14:07  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\dxtmsft.dll
----a-w          205,312 2007-08-22 13:14:07  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\dxtrans.dll
----a-w            55,808 2007-08-22 13:14:07  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\extmgr.dll
----a-w            18,432 2007-08-21 10:30:45  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\iedw.exe
----a-w          251,392 2007-08-22 13:14:07  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\iepeers.dll
----a-w            96,768 2007-08-22 13:14:08  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\inseng.dll
----a-w            16,384 2007-08-22 13:14:08  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\jsproxy.dll
----a-w        3,079,168 2007-08-22 13:14:11  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\mshtml.dll
----a-w          449,024 2007-08-22 13:14:11  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\mshtmled.dll
----a-w          146,432 2007-08-22 13:14:12  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\msrating.dll
----a-w          532,480 2007-08-22 13:14:12  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\mstime.dll
----a-w            39,424 2007-08-22 13:14:13  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\pngfilt.dll
----a-w        1,494,528 2007-08-22 13:14:15  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\shdocvw.dll
----a-w          474,112 2007-08-22 13:14:16  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\shlwapi.dll
----a-w          118,272 2007-08-21 10:53:20  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\spru0406.dll
----a-w          617,472 2007-08-22 13:14:17  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\urlmon.dll
----a-w          660,480 2007-08-22 13:14:18  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2gdr\wininet.dll
----a-w        1,022,976 2007-08-22 12:57:23  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\browseui.dll
----a-w          151,552 2007-08-22 12:57:23  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\cdfview.dll
----a-w        1,056,256 2007-08-22 12:57:23  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\danim.dll
----a-w          357,888 2007-08-22 12:57:23  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\dxtmsft.dll
----a-w          205,824 2007-08-22 12:57:23  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\dxtrans.dll
----a-w            55,808 2007-08-22 12:57:23  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\extmgr.dll
----a-w            18,432 2007-08-21 10:19:39  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\iedw.exe
----a-w          251,904 2007-08-22 12:57:23  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\iepeers.dll
----a-w            96,768 2007-08-22 12:57:23  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\inseng.dll
----a-w            16,384 2007-08-22 12:57:23  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\jsproxy.dll
----a-w        3,085,824 2007-08-22 12:57:24  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\mshtml.dll
----a-w          449,024 2007-08-22 12:57:24  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\mshtmled.dll
----a-w          146,432 2007-08-22 12:57:24  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\msrating.dll
----a-w          532,480 2007-08-22 12:57:24  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\mstime.dll
----a-w            39,424 2007-08-22 12:57:24  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\pngfilt.dll
----a-w        1,498,112 2007-08-22 12:57:25  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\shdocvw.dll
----a-w          474,112 2007-08-22 12:57:25  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\shlwapi.dll
----a-w          359,936 2007-08-21 10:50:44  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\spru0406.dll
----a-w          620,032 2007-08-22 12:57:25  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\urlmon.dll
----a-w          667,136 2007-08-22 12:57:26  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\sp2qfe\wininet.dll
----a-w            22,752 2007-03-06 01:10:53  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\update\spcustom.dll
----a-w          721,120 2007-03-06 01:11:17  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\update\update.exe
----a-w          383,200 2007-03-06 01:12:08  C:\WINDOWS\SoftwareDistribution\Download\c066cf6e1b8ee6f0e19c3625c63520bd\update\updspapi.dll
----a-w            14,560 2005-10-12 23:10:49  C:\WINDOWS\SoftwareDistribution\Download\e452665eb2abffc827e7c4aa87008129\spmsg.dll
----a-w          214,752 2005-10-12 23:10:49  C:\WINDOWS\SoftwareDistribution\Download\e452665eb2abffc827e7c4aa87008129\spuninst.exe
----a-w          584,192 2007-07-09 13:11:49  C:\WINDOWS\SoftwareDistribution\Download\e452665eb2abffc827e7c4aa87008129\SP2GDR\rpcrt4.dll
----a-w          118,272 2007-06-12 21:53:14  C:\WINDOWS\SoftwareDistribution\Download\e452665eb2abffc827e7c4aa87008129\SP2GDR\spru0406.dll
----a-w          582,656 2007-07-09 13:19:29  C:\WINDOWS\SoftwareDistribution\Download\e452665eb2abffc827e7c4aa87008129\SP2QFE\rpcrt4.dll
----a-w          359,936 2007-06-18 22:24:36  C:\WINDOWS\SoftwareDistribution\Download\e452665eb2abffc827e7c4aa87008129\SP2QFE\spru0406.dll
----a-w            22,752 2005-10-12 23:10:48  C:\WINDOWS\SoftwareDistribution\Download\e452665eb2abffc827e7c4aa87008129\update\spcustom.dll
----a-w          721,120 2005-10-12 23:10:51  C:\WINDOWS\SoftwareDistribution\Download\e452665eb2abffc827e7c4aa87008129\update\update.exe
----a-w          383,200 2005-10-12 23:10:56  C:\WINDOWS\SoftwareDistribution\Download\e452665eb2abffc827e7c4aa87008129\update\updspapi.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-20 16:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 15:23]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^SATARaid.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\SATARaid.lnk
backup=C:\WINDOWS\pss\SATARaid.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kent Falkenstrøm^Menuen Start^Programmer^Start^Adobe Gamma.lnk]
path=C:\Documents and Settings\Kent Falkenstrøm\Menuen Start\Programmer\Start\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kent Falkenstrøm^Menuen Start^Programmer^Start^SpywareGuard.lnk]
path=C:\Documents and Settings\Kent Falkenstrøm\Menuen Start\Programmer\Start\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSDVCRAgent]
C:\Programmer\ASUS\ASUS Digital VCR\Schedule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZSKY150]
C:\Programmer\EZSKY150\EZSKY150.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programmer\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
~"C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Programmer\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVR SchSvr]
"C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys
R0 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3124r5.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Programmer\Symantec\Norton Ghost 2003\ghpciscan.sys
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
R2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys
R2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS
R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE27bus.sys
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS);C:\WINDOWS\system32\DRIVERS\se27nd5.sys
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE27obex.sys
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM);C:\WINDOWS\system32\DRIVERS\se27unic.sys
S3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-10 03:47:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 16:27:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]
"ImagePath"="\"C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe\""
.
Completion time: 2007-10-10 16:27:56
C:\ComboFix-quarantined-files.txt ... 2007-10-10 16:27
C:\ComboFix2.txt ... 2007-10-09 23:16
.
    --- E O F ---

Og den nye fra HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:17, on 10-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.helionfilm.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmer\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmer\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?157174de8ffc43aeba04cf773c43d315
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?157174de8ffc43aeba04cf773c43d315
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145690663500
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7719 bytes

Er din about:blank forsvundet??

Nej desværre. Den viser sig stadig, når jeg lukker et vindue ned i IE.

Gå i tilføj/fjern i kontrolpanelet og slet SweetIM

Tag et scan med www.arlet.dk/ccleaner.htm

genstart og se om det hjalp

Så er den simpelthen væk :-) Hvor er det bare super skønt. Er SweetIM kendt for at lave kaos? 1000 tak for hjælpen. Skal du bruge en sidste log, for at sikre at alt er væk?

Ja, det er ikke det bedste program..

Skal ikke se mere..

Helt iorden. Tak igen. Min maskine er også blevet så dejlig hurtig igen, så det er rigtig skønt :-)